Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Jen pro kontrolu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Bartis111
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 01 bře 2021 22:38

Jen pro kontrolu

#1 Příspěvek od Bartis111 »

Dobrý večer,

posílám log z počítače syna, můžete se na to prosím mrknout? Stahuje samé hacky kraviny, nešly mu spustit některé programy, adwcleaner v příloze. Jestli to je na pohlavek, prosím napište mi.
AdwCleaner[C01].zip
(1.74 KiB) Staženo 51 x
děkuji :)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by tomasek (administrator) on DESKTOP-3JV1PF5 (01-03-2021 22:42:00)
Running from C:\Users\tomasek\Downloads
Loaded Profiles: tomasek
Platform: Windows 10 Home Version 2004 19041.804 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe
(Apps Delivered Ltd -> Traditional Ceryhe) [File not signed] [File is in use] C:\Program Files (x86)\TraditionalCeryhe\TraditionalCeryhe.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(AutoIt Consulting Ltd -> AutoIt Team) C:\Users\tomasek\AppData\Local\Disk\AutoIt3\AutoIt3_x64.exe
(Digital Communications Inc -> Сorp DCom) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusClient.exe
(Digital Communications Inc -> Сorp DCom) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe
(Digital Communications Inc -> Сorp DCom) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe
(Globalhop Ltd TOO -> ) C:\Users\tomasek\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <12>
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(libMPVPlayer) [File not signed] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\plugins\libMPVPlayer\libMPVPlayer.exe
(livelySubProcess) [File not signed] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\plugins\subproc\livelySubProcess.exe
(livelywpf) [File not signed] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\livelywpf.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(MAGIX Software GmbH -> MAGIX Software GmbH) C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2021\PCMaintainService.exe
(MAGIX Software GmbH -> MAGIX) C:\Program Files\Common Files\MAGIX Services\Update Notifier\QMxNetworkSync.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\tomasek\Downloads\adwcleaner_8.1.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\tomasek\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2101.15643.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TeraByte, Inc. -> TeraByte, Inc.) C:\Program Files (x86)\TeraByte Drive Image Backup and Restore Suite\tbinotify.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-12-27] (Adobe Inc. -> )
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [livelywpf] => C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\livelywpf.exe [195072 2021-01-11] (livelywpf) [File not signed]
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [QMxNetworkSync] => C:\Program Files\Common Files\MAGIX Services\Update Notifier\QMxNetworkSync.exe [858360 2019-08-13] (MAGIX Software GmbH -> MAGIX)
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [Taskbar system] => C:\Users\tomasek\AppData\Local\Programs\Taskbar system\TaskbarSystem.exe [918040 2021-01-13] (Globalhop Ltd TOO -> )
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\tomasek\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-02-28] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-29] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TBI Notify.lnk [2021-02-19]
ShortcutTarget: TBI Notify.lnk -> C:\Program Files (x86)\TeraByte Drive Image Backup and Restore Suite\tbinotify.exe (TeraByte, Inc. -> TeraByte, Inc.)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2D09A541-D6DA-4F28-AE58-21DFCE0D4BE2} - System32\Tasks\bookingDesktopAppUpdateTaskMachineCore => C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2021-02-19] (bookingDesktopApp.) [File not signed]
Task: {35B78D87-9B76-423F-AB9A-0AFB5BF9DA0D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {495325BD-0611-494E-9CF3-51D52F2F63DC} - System32\Tasks\bookingDesktopAppUpdateTaskMachineUA => C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2021-02-19] (bookingDesktopApp.) [File not signed]
Task: {663C9786-8A08-415B-91B7-F169D84501ED} - System32\Tasks\MAGIX PC Check & Tuning 2021 (PCMaintainService.exe) => C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2021\PCMaintainService.exe [1757768 2019-12-19] (MAGIX Software GmbH -> MAGIX Software GmbH)
Task: {7AFBBC1A-0209-45A7-8070-2A62AAC36390} - System32\Tasks\Services\Diagnostic => C:\Users\tomasek\AppData\Local\Disk\AutoIt3\AutoIt3_x64.exe [1013928 2018-03-15] (AutoIt Consulting Ltd -> AutoIt Team) -> "C:\Users\tomasek\AppData\Local\Disk\AutoIt3\Settings.au3"
Task: {906EDE40-59F8-4C14-834C-89D14BB6370B} - System32\Tasks\Opera scheduled Autoupdate 1609853199 => C:\Users\tomasek\AppData\Local\Programs\Opera\launcher.exe [1793664 2021-02-26] (Opera Software AS -> Opera Software)
Task: {A75569C4-2F10-46D4-8045-2443C262575E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B928C857-D17A-430D-B8A8-A7883FC4E004} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {C7FA0B56-F5F0-4454-B1E8-AA8DECAE64F2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E409927A-C556-409B-919B-D6402429B072} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-3JV1PF5-tomasek => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {EAC192D3-8990-493A-A6F6-A87549247548} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EB0DDDC7-E0AE-4BB2-B108-8B4027950C95} - System32\Tasks\MAGIX PC Check & Tuning 2021 => C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2021\PCCT.exe [2486856 2019-12-19] (MAGIX Software GmbH -> MAGIX Software GmbH)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\MAGIX PC Check & Tuning 2021 (PCMaintainService.exe).job => C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2021\PCMaintainService.exe C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2021\DESKTOP-3JV1PF5\tomasek5MAGIX PC Check & Tuning 2021 (PCMaintainService.exe
Task: C:\Windows\Tasks\MAGIX PC Check & Tuning 2021.job => C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2021\PCCT.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{42d5e22c-9575-4454-8a68-21d1a84a4acf}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-01]
Edge Notifications: Default -> hxxps://linkvertise.com
Edge Extension: (Outlook) - C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-12-27]
Edge Extension: (Microsoft Protect) - C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch [2021-02-20]
Edge Extension: (Word) - C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-12-27]
Edge Extension: (Excel) - C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-12-27]
Edge Extension: (Multi Find) - C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mkofacajmfbednlblgglmpbidklocddm [2021-02-18]
Edge Extension: (PowerPoint) - C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-12-27]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2021-01-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2021-01-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2021-01-01] (Adobe Systems Incorporated -> )
FF Plugin-x32: @bookingdesktopapp.com/bookingDesktopApp Update;version=3 -> C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\npbookingDesktopAppUpdate3.dll [2021-02-19] (bookingDesktopApp.) [File not signed]
FF Plugin-x32: @bookingdesktopapp.com/bookingDesktopApp Update;version=9 -> C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\npbookingDesktopAppUpdate3.dll [2021-02-19] (bookingDesktopApp.) [File not signed]

Chrome:
=======
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default [2021-03-01]
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=E210CZ91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Extension: (Prezentace) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-24]
CHR Extension: (Dokumenty) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-24]
CHR Extension: (Disk Google) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-24]
CHR Extension: (YouTube) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-24]
CHR Extension: (Tabulky) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-24]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-02-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-24]
CHR Extension: (Search Manager) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnplhahbcoldbildffdchneaepapccbn [2021-02-19]
CHR Extension: (Grammarly for Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-02-23]
CHR Extension: (Swift Select) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\molponhobmbbinjnghgafbfampcgamln [2021-02-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-24]
CHR Extension: (Chrome Media Router) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [gnplhahbcoldbildffdchneaepapccbn]

Opera:
=======
OPR Profile: C:\Users\tomasek\AppData\Roaming\Opera Software\Opera Stable [2021-01-05]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.cz/complete/search?client=op ... utEncoding}

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"SAntivirusIC" => service was unlocked. <==== ATTENTION
"TraditionalCeryhe" => service was unlocked. <==== ATTENTION

S3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8477080 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
S2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [621728 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
S2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [351848 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-01-30] (BattlEye Innovations e.K. -> )
S2 bookingdesktopapp; C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2021-02-19] (bookingDesktopApp.) [File not signed]
S3 bookingdesktopappm; C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2021-02-19] (bookingDesktopApp.) [File not signed]
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10897296 2021-01-14] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-01] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [959752 2021-02-12] (McAfee, LLC -> McAfee, LLC)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S3 Rockstar Service; D:\GTAV\Launcher\RockstarService.exe [1631360 2020-12-02] (Rockstar Games, Inc. -> Rockstar Games)
R2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe [6939968 2021-02-18] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
R2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [628544 2021-02-18] (Digital Communications Inc -> Сorp DCom) <==== ATTENTION
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 TraditionalCeryhe; C:\Program Files (x86)\TraditionalCeryhe\TraditionalCeryhe.exe [6032368 2018-05-04] (Apps Delivered Ltd -> Traditional Ceryhe) [File not signed] [File is in use]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [36792 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [208672 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [332880 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [247888 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [97360 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [16832 2021-01-05] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42424 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [176384 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [522480 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [108928 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84496 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851256 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469472 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216984 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326064 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-24] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
S3 HWiNFO_155; C:\Users\tomasek\AppData\Local\Temp\HWiNFO64A_155.SYS [64008 2021-02-04] (Martin Malik - REALiX -> REALiX(tm)) <==== ATTENTION
R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\73248\driver_cpu_temperature\logi_core_temp.sys [25448 2021-01-14] (Logitech Inc. -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [38136 2020-12-30] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [26672 2020-12-30] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66808 2020-12-30] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220616 2021-03-01] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-03-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-03-01] (Malwarebytes Inc -> Malwarebytes)
R0 phylock; C:\Windows\System32\drivers\phylock.sys [37488 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> TeraByte, Inc.)
R1 ProtectIt; C:\Windows\System32\drivers\ProtectIt.sys [17472 2018-01-09] (Microsoft Windows Hardware Compatibility Publisher -> TeraByte, Inc.)
R1 TASANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [85504 2021-02-18] (Digital Communications Inc -> Corp DCom) <==== ATTENTION
S3 TBIMount; C:\Windows\System32\drivers\tbimount.sys [146936 2019-04-25] (Microsoft Windows Hardware Compatibility Publisher -> TeraByte, Inc.)
R3 VBAudioVMVAIOMME; C:\Windows\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2021-01-01] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VOICEMOD_Driver; C:\Windows\system32\drivers\vmdrv.sys [48136 2021-01-13] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49552 2021-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [419040 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
S3 HWiNFO_152; \??\C:\Users\tomasek\AppData\Local\Temp\HWiNFO64A_152.SYS [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-01 22:42 - 2021-03-01 22:42 - 000025642 _____ C:\Users\tomasek\Downloads\FRST.txt
2021-03-01 22:41 - 2021-03-01 22:42 - 000000000 ____D C:\FRST
2021-03-01 22:40 - 2021-03-01 22:40 - 002301440 _____ (Farbar) C:\Users\tomasek\Downloads\FRST64.exe
2021-03-01 22:33 - 2021-03-01 22:33 - 000220616 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-03-01 22:32 - 2021-03-01 22:32 - 000220392 _____ (AVAST Software) C:\Users\tomasek\Downloads\avast_free_antivirus_setup_online.exe
2021-03-01 21:09 - 2021-03-01 21:09 - 000000000 ____D C:\Users\tomasek\AppData\Local\mbam
2021-03-01 21:08 - 2021-03-01 21:08 - 002084016 _____ (Malwarebytes) C:\Users\tomasek\Downloads\MBSetup.exe
2021-03-01 21:08 - 2021-03-01 21:08 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-03-01 21:08 - 2021-03-01 21:08 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-03-01 21:08 - 2021-03-01 21:08 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-03-01 21:08 - 2021-03-01 21:08 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-03-01 21:08 - 2021-03-01 21:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-03-01 21:08 - 2021-03-01 21:08 - 000000000 ____D C:\Program Files\Malwarebytes
2021-03-01 20:15 - 2021-03-01 20:15 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\santivirusclient
2021-03-01 19:16 - 2021-03-01 20:14 - 000000000 ____D C:\AdwCleaner
2021-03-01 19:16 - 2021-03-01 19:16 - 008463216 _____ (Malwarebytes) C:\Users\tomasek\Downloads\adwcleaner_8.1.exe
2021-02-28 19:25 - 2021-02-28 19:25 - 000002378 _____ C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-02-28 19:25 - 2021-02-28 19:25 - 000002370 _____ C:\Users\tomasek\Desktop\Microsoft Teams.lnk
2021-02-28 19:25 - 2021-02-28 19:25 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Teams
2021-02-25 10:42 - 2021-02-25 10:42 - 009573547 _____ C:\Users\tomasek\Downloads\TGX_V3.0.9.zip
2021-02-24 21:04 - 2021-02-24 21:04 - 018066536 _____ C:\Users\tomasek\Downloads\[GD] _Mountain King_ by Xyle (Daily level) _ Geometry Dash 2.113.mp4
2021-02-24 15:53 - 2021-02-24 15:53 - 000000026 _____ C:\Users\tomasek\Downloads\Oxygen U - Linkvertise.txt
2021-02-24 14:51 - 2021-02-24 14:52 - 000000000 ____D C:\Users\tomasek\AppData\Local\Coco_Z2
2021-02-24 12:18 - 2021-02-24 12:18 - 080521728 _____ C:\Users\tomasek\Downloads\LITTLE NIGHTMARES 2 Thin Man Boss Fight 4K ULTRA HD.mp4
2021-02-24 12:03 - 2021-02-24 12:03 - 013395845 _____ C:\Users\tomasek\Downloads\The Simpsons - Travel into the future couch gag.mp4
2021-02-24 12:01 - 2021-02-24 12:01 - 000845580 _____ C:\Users\tomasek\Downloads\GREEN SCREEN GLITCH EFFECT.mp4
2021-02-24 11:26 - 2021-02-24 11:26 - 004764414 _____ C:\Users\tomasek\Downloads\Green Screen Lightning And Thunder Video Effect.mp4
2021-02-24 11:23 - 2021-02-24 11:23 - 000391686 _____ C:\Users\tomasek\Downloads\Greenscreen Portal Like Effect HD.mp4
2021-02-23 18:52 - 2021-02-23 18:52 - 001024432 _____ C:\Users\tomasek\Downloads\filmora-idco_setup_full1901 (2).exe
2021-02-23 18:37 - 2021-02-23 18:37 - 012590829 _____ C:\Users\tomasek\Downloads\5_39pm - A Tornado of starlings.mp4
2021-02-23 17:17 - 2021-02-27 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sp Disk Cleaner
2021-02-23 17:17 - 2021-02-23 17:17 - 000000000 ____D C:\Program Files (x86)\Sp
2021-02-23 10:40 - 2021-02-23 10:40 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\CreamAPI
2021-02-23 10:38 - 2021-02-23 10:39 - 058504632 _____ C:\Users\tomasek\Downloads\Among.Us.v2020.12.9s_Adrian29.rar
2021-02-23 10:18 - 2021-02-23 10:21 - 000000000 ____D C:\Users\tomasek\krnl
2021-02-22 19:07 - 2021-02-23 11:28 - 2257350816 _____ C:\Users\tomasek\AppData\Roaming\2.txt
2021-02-22 19:07 - 2021-02-23 09:38 - 1570849912 _____ C:\Users\tomasek\AppData\Roaming\3.txt
2021-02-22 19:07 - 2021-02-22 19:16 - 3240346760 _____ C:\Users\tomasek\AppData\Roaming\10.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ C:\Users\tomasek\AppData\Roaming\9.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ C:\Users\tomasek\AppData\Roaming\8.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ C:\Users\tomasek\AppData\Roaming\7.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ C:\Users\tomasek\AppData\Roaming\6.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ C:\Users\tomasek\AppData\Roaming\5.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ C:\Users\tomasek\AppData\Roaming\4.txt
2021-02-22 15:31 - 2021-02-26 21:35 - 000001447 _____ C:\Users\tomasek\Desktop\Roblox Studio.lnk
2021-02-22 15:31 - 2021-02-26 21:35 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-02-22 15:31 - 2021-02-25 10:43 - 000001427 _____ C:\Users\tomasek\Desktop\Roblox Player.lnk
2021-02-22 15:15 - 2021-02-27 16:04 - 000000000 ____D C:\Program Files (x86)\Xydia
2021-02-22 15:15 - 2021-02-23 18:12 - 000001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xydia.lnk
2021-02-22 15:15 - 2021-02-22 15:15 - 000000000 ____D C:\Users\tomasek\AppData\Local\Xyba_Studios
2021-02-20 19:58 - 2021-02-24 14:44 - 000000037 _____ C:\Users\tomasek\AppData\Local\link.txt
2021-02-20 19:30 - 2021-02-21 12:56 - 008908335 _____ C:\Users\tomasek\Downloads\Zeus 0.2.32.zip
2021-02-20 17:39 - 2021-02-20 19:22 - 000000000 ____D C:\Users\tomasek\Downloads\bin
2021-02-20 17:11 - 2021-02-24 15:59 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\WinHost
2021-02-20 16:00 - 2021-02-20 16:00 - 008658973 _____ C:\Users\tomasek\Downloads\video (3).mkv
2021-02-20 08:41 - 2021-02-20 09:04 - 000000209 _____ C:\Users\tomasek\AppData\Roaming\jjv5conf.json
2021-02-20 08:41 - 2021-02-20 09:04 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\jjsploitv5
2021-02-20 08:41 - 2021-02-20 09:03 - 000000000 ____D C:\Users\tomasek\AppData\Local\jjsploitv5-updater
2021-02-20 08:41 - 2021-02-20 08:41 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\JJSploit v5
2021-02-20 08:06 - 2021-02-20 08:06 - 000000000 ____D C:\Skisploit
2021-02-20 07:45 - 2021-02-20 07:45 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\booking-nativefier-9f4f54
2021-02-20 07:45 - 2021-02-20 07:45 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Booking
2021-02-20 00:36 - 2021-02-20 00:36 - 000000000 ____D C:\Windows\system32\Tasks\Services
2021-02-20 00:35 - 2021-02-20 00:35 - 000000000 __SHD C:\Users\tomasek\AppData\Local\Disk
2021-02-20 00:35 - 2021-02-20 00:35 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Real
2021-02-20 00:35 - 2021-02-20 00:35 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Bazertu
2021-02-20 00:34 - 2021-02-22 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sk Disk Cleaner
2021-02-20 00:34 - 2021-02-20 00:34 - 000000012 _____ C:\ProgramData\kaosdma.txt
2021-02-20 00:34 - 2021-02-20 00:34 - 000000000 ____D C:\Program Files (x86)\Sk
2021-02-19 22:52 - 2021-02-19 22:52 - 000000035 _____ C:\Users\tomasek\Downloads\SxWhitelist.txt
2021-02-19 22:40 - 2021-02-19 22:40 - 000000000 ____D C:\Users\tomasek\Documents\My Backups
2021-02-19 22:40 - 2021-02-19 22:40 - 000000000 ____D C:\ProgramData\TBIView
2021-02-19 22:40 - 2021-02-19 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraByte Drive Image Backup and Restore Suite
2021-02-19 22:40 - 2021-02-19 22:40 - 000000000 ____D C:\Program Files (x86)\TeraByte Drive Image Backup and Restore Suite
2021-02-19 22:40 - 2019-04-25 19:11 - 000146936 _____ (TeraByte, Inc.) C:\Windows\system32\Drivers\TBIMount.sys
2021-02-19 22:40 - 2018-01-09 17:44 - 000017472 _____ (TeraByte, Inc.) C:\Windows\system32\Drivers\ProtectIt.sys
2021-02-19 22:40 - 2017-04-01 15:30 - 000081880 _____ C:\Windows\tbicd2hd.exe
2021-02-19 22:40 - 2016-08-24 23:01 - 000037488 _____ (TeraByte, Inc.) C:\Windows\system32\Drivers\phylock.sys
2021-02-19 21:58 - 2021-01-19 16:00 - 001691648 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7z.dll
2021-02-19 21:58 - 2021-01-19 16:00 - 000881664 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7zFM.exe
2021-02-19 21:58 - 2021-01-19 16:00 - 000595968 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7zG.exe
2021-02-19 21:58 - 2021-01-19 16:00 - 000483840 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7z.exe
2021-02-19 21:58 - 2021-01-19 16:00 - 000209408 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7z.sfx
2021-02-19 21:58 - 2021-01-19 16:00 - 000189952 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7zCon.sfx
2021-02-19 21:58 - 2021-01-19 16:00 - 000077312 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7-zip.dll
2021-02-19 21:58 - 2021-01-19 16:00 - 000052224 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7-zip32.dll
2021-02-19 21:58 - 2021-01-19 16:00 - 000014848 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\Uninstall.exe
2021-02-19 21:58 - 2021-01-19 14:51 - 000001696 _____ C:\Users\tomasek\Downloads\readme.txt
2021-02-19 21:58 - 2021-01-19 14:49 - 000051254 _____ C:\Users\tomasek\Downloads\History.txt
2021-02-19 21:58 - 2021-01-17 17:00 - 000108436 _____ C:\Users\tomasek\Downloads\7-zip.chm
2021-02-19 21:58 - 2021-01-17 16:12 - 000003990 _____ C:\Users\tomasek\Downloads\License.txt
2021-02-19 21:58 - 2018-01-28 10:00 - 000000366 _____ C:\Users\tomasek\Downloads\descript.ion
2021-02-19 21:26 - 2021-02-19 21:26 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\FinlinSploit
2021-02-19 21:08 - 2021-02-19 21:08 - 000003548 _____ C:\Windows\system32\Tasks\bookingDesktopAppUpdateTaskMachineUA
2021-02-19 21:08 - 2021-02-19 21:08 - 000003424 _____ C:\Windows\system32\Tasks\bookingDesktopAppUpdateTaskMachineCore
2021-02-19 21:08 - 2021-02-19 21:08 - 000003268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.lnk
2021-02-19 21:08 - 2021-02-19 21:08 - 000000000 ____D C:\Program Files (x86)\bookingDesktopApp
2021-02-19 21:07 - 2021-02-19 21:08 - 000000000 ____D C:\Program Files (x86)\Booking
2021-02-19 20:57 - 2021-02-19 20:57 - 000000000 ____D C:\Program Files (x86)\DabihKeennesscdvSetup
2021-02-18 19:34 - 2021-02-18 19:34 - 007220768 _____ C:\Users\tomasek\Downloads\§cGlitc§9h [16x].zip
2021-02-18 12:51 - 2021-02-18 12:51 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taskbar system
2021-02-18 12:51 - 2021-02-18 12:51 - 000000000 ____D C:\Users\tomasek\AppData\Local\TaskbarSystem
2021-02-18 12:51 - 2021-02-18 12:51 - 000000000 ____D C:\ProgramData\SAntivirus
2021-02-18 12:51 - 2021-02-18 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
2021-02-18 12:51 - 2021-02-18 12:51 - 000000000 ____D C:\ProgramData\IdleBuddy
2021-02-18 12:51 - 2021-02-18 12:51 - 000000000 ____D C:\Program Files (x86)\IBuddy
2021-02-18 12:51 - 2021-02-18 12:51 - 000000000 ____D C:\Program Files (x86)\Digital Communications
2021-02-18 12:50 - 2021-02-19 21:56 - 000016438 _____ C:\Users\tomasek\AppData\Local\partner.bmp
2021-02-18 12:50 - 2021-02-18 12:51 - 000000000 ____D C:\Program Files (x86)\TraditionalCeryhe
2021-02-18 12:50 - 2021-02-18 12:50 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\PumoriRealm
2021-02-17 19:17 - 2021-02-17 19:17 - 000000000 ___HD C:\Users\tomasek\.Wurst encryption
2021-02-17 19:16 - 2021-02-17 19:16 - 000686157 _____ C:\Users\tomasek\Downloads\fabric-api-0.28.5+1.15.jar
2021-02-17 19:11 - 2021-02-17 19:11 - 000308924 _____ C:\Users\tomasek\Downloads\fabric-installer-0.6.1.51.jar
2021-02-17 18:14 - 2021-02-17 18:14 - 971727141 _____ C:\Users\tomasek\Downloads\512x Pulchra Revisited 1.13+.rar
2021-02-17 14:28 - 2021-02-17 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Sharpen AI
2021-02-17 14:27 - 2021-02-17 14:27 - 000002183 _____ C:\Users\tomasek\Desktop\Topaz Sharpen AI.lnk
2021-02-17 13:55 - 2021-02-17 14:28 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Topaz Labs LLC
2021-02-17 13:55 - 2021-02-17 14:28 - 000000000 ____D C:\Users\tomasek\AppData\Local\Topaz Labs LLC
2021-02-17 13:55 - 2021-02-17 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Gigapixel AI
2021-02-17 13:54 - 2021-02-17 14:28 - 000000000 ____D C:\ProgramData\Topaz Labs LLC
2021-02-17 13:54 - 2021-02-17 14:27 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Topaz Labs LLC
2021-02-17 13:54 - 2021-02-17 14:27 - 000000000 ____D C:\Program Files\Topaz Labs LLC
2021-02-17 13:54 - 2021-02-17 13:54 - 032757736 _____ (Topaz Labs LLC) C:\Users\tomasek\Downloads\TopazSharpenAI-Online-Installer.exe
2021-02-17 13:46 - 2021-02-17 13:46 - 029778664 _____ (Topaz Labs LLC) C:\Users\tomasek\Downloads\TopazGigapixelAI-Online-Installer.exe
2021-02-15 16:56 - 2021-02-15 17:27 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\CitizenFX
2021-02-15 16:55 - 2021-02-15 21:08 - 000000000 ____D C:\Users\tomasek\AppData\Local\DigitalEntitlements
2021-02-15 16:54 - 2021-02-16 10:45 - 000000000 ____D C:\Users\tomasek\AppData\Local\FiveM
2021-02-15 16:54 - 2021-02-15 17:49 - 000002142 _____ C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM.lnk
2021-02-15 16:54 - 2021-02-15 16:54 - 005539552 _____ (Cfx.re) C:\Users\tomasek\Downloads\FiveM.exe
2021-02-15 16:54 - 2021-02-15 16:54 - 000002134 _____ C:\Users\tomasek\Desktop\FiveM.lnk
2021-02-15 12:56 - 2021-02-15 12:56 - 005376627 _____ C:\Users\tomasek\Downloads\bandicam 2021-02-15 11-13-11-116.mp4
2021-02-15 11:01 - 2021-02-15 11:01 - 010615724 _____ C:\Users\tomasek\Downloads\Ĉ̴͉͇̝͉̃̊̇̓̉̑͂̾̕R̷͖͍̘͉̺̬̱̂̀̿Ù̵̧̧̞̙̯̻̍͑̚ͅN̵̡̛̺̝̲̣̥͓̒͂́͊͋͑͘̕ͅC̶̡̩͈̭̼̙͓͉̽̏Ȟ̷̨̲̲͎̚.mp4
2021-02-14 20:58 - 2021-02-14 20:58 - 017269612 _____ C:\Users\tomasek\Downloads\lucka VS já.mp4
2021-02-14 20:11 - 2021-02-14 20:11 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-02-14 20:11 - 2021-02-14 20:11 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-02-14 20:11 - 2021-02-14 20:11 - 001314112 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-02-14 20:11 - 2021-02-14 20:11 - 000231232 _____ C:\Windows\system32\containerdevicemanagement.dll
2021-02-14 20:11 - 2021-02-14 20:11 - 000010892 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-02-11 11:27 - 2021-02-11 11:27 - 000005918 _____ C:\Users\tomasek\Downloads\MotionBlurOnly.zip
2021-02-11 11:09 - 2021-02-11 11:09 - 000056820 _____ C:\Users\tomasek\Downloads\Patrix_1.16_models.zip
2021-02-11 11:08 - 2021-02-11 11:08 - 043351573 _____ C:\Users\tomasek\Downloads\Patrix_1.16_32x_basic.zip
2021-02-11 11:08 - 2021-02-11 11:08 - 002360612 _____ C:\Users\tomasek\Downloads\Patrix_1.16_32x_bonus.zip
2021-02-11 11:07 - 2021-02-11 11:08 - 006633452 _____ C:\Users\tomasek\Downloads\Patrix_1.16_32x_addon.zip
2021-02-09 21:23 - 2021-02-17 14:45 - 000000784 _____ C:\Users\tomasek\Desktop\Stažené soubory – zástupce.lnk
2021-02-09 20:17 - 2021-02-09 20:18 - 335086998 _____ C:\Users\tomasek\Downloads\Učím youtubery parkour #2 _ Wedry.mp4
2021-02-09 19:54 - 2021-02-09 19:54 - 045509412 _____ C:\Users\tomasek\Downloads\Chuchel #1.mp4
2021-02-09 17:04 - 2021-02-09 17:04 - 000000758 _____ C:\Users\tomasek\Downloads\Plocha – zástupce.lnk
2021-02-09 16:05 - 2021-02-09 16:05 - 000389633 _____ C:\Users\tomasek\Downloads\Inertia Client Installer.jar
2021-02-09 13:43 - 2021-02-09 13:44 - 015116066 _____ C:\Users\tomasek\Downloads\Moon (1).rar
2021-02-09 13:00 - 2021-02-09 13:00 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Goldberg SteamEmu Saves
2021-02-09 13:00 - 2021-02-09 13:00 - 000000000 ____D C:\Users\tomasek\AppData\LocalLow\Innersloth
2021-02-09 12:58 - 2021-02-09 12:59 - 109920864 _____ C:\Users\tomasek\Downloads\AMONG US (v2020.12.9s) @MaStEr F.zip
2021-02-09 12:57 - 2021-02-09 12:57 - 000000000 ____D C:\Users\tomasek\AppData\Local\Alizer
2021-02-07 19:59 - 2021-02-07 19:59 - 001245104 _____ C:\Users\tomasek\Downloads\filmorapro_setup_full4622 (1).exe
2021-02-07 19:58 - 2021-02-07 19:58 - 001113520 _____ C:\Users\tomasek\Downloads\filmora_setup_full846 (1).exe
2021-02-07 19:48 - 2021-02-07 19:48 - 004325374 _____ C:\Users\tomasek\Downloads\mimiko.wfpproj
2021-02-07 19:22 - 2021-02-07 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare FilmoraPro
2021-02-07 19:22 - 2021-02-07 19:22 - 000001246 _____ C:\Users\tomasek\Desktop\Wondershare FilmoraPro.lnk
2021-02-07 19:21 - 2021-02-07 19:21 - 001245104 _____ C:\Users\tomasek\Downloads\filmorapro_setup_full4622.exe
2021-02-07 18:56 - 2021-02-07 18:56 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2020.lnk
2021-02-07 18:40 - 2021-02-07 18:40 - 015991240 _____ C:\Users\tomasek\Downloads\mimi.mp4
2021-02-07 17:54 - 2021-02-07 17:54 - 003242191 _____ C:\Users\tomasek\Downloads\Fire Green Screen (2).mp4
2021-02-07 17:42 - 2021-02-07 17:42 - 201547282 _____ C:\Users\tomasek\Downloads\Rounded Neon Multicolored lines Background Looped Animation HD _ Free Version.mp4
2021-02-06 17:31 - 2021-02-06 17:31 - 102372728 _____ C:\Users\tomasek\Downloads\FilmoraX.zip
2021-02-06 17:22 - 2021-02-06 17:22 - 001113520 _____ C:\Users\tomasek\Downloads\filmora_setup_full846.exe
2021-02-06 17:12 - 2021-02-06 17:16 - 297860020 _____ C:\Users\tomasek\Downloads\_Getintopc.com_Wondershare_Filmora_v10.0.0.94x64_Multilingual.rar
2021-02-05 18:39 - 2021-02-05 18:39 - 004402258 _____ C:\Users\tomasek\Downloads\SEUS_PTGI_HRR_Test_2.1.zip
2021-02-05 17:05 - 2021-02-05 17:07 - 680987520 _____ C:\Users\tomasek\Downloads\LEGENDARY RT Textures RT8 1024x (1.16.5) (1).zip
2021-02-05 16:28 - 2021-02-05 16:29 - 032297616 _____ C:\Users\tomasek\Downloads\moderne house 123.rar
2021-02-05 16:16 - 2021-02-05 16:16 - 039037283 _____ C:\Users\tomasek\Downloads\Modern Mountain House.zip
2021-02-05 15:47 - 2021-02-05 16:00 - 000000000 ____D C:\Users\tomasek\AppData\Local\MusicMaker
2021-02-05 15:46 - 2021-02-27 13:08 - 000000000 ___RD C:\Users\tomasek\Documents\MAGIX
2021-02-05 15:46 - 2021-02-27 13:08 - 000000000 ____D C:\ProgramData\MAGIX
2021-02-05 15:46 - 2021-02-27 13:08 - 000000000 ____D C:\Program Files (x86)\MAGIX
2021-02-05 15:46 - 2021-02-10 21:15 - 000000574 _____ C:\Windows\Tasks\MAGIX PC Check & Tuning 2021 (PCMaintainService.exe).job
2021-02-05 15:46 - 2021-02-10 21:15 - 000000422 _____ C:\Windows\Tasks\MAGIX PC Check & Tuning 2021.job
2021-02-05 15:46 - 2021-02-05 15:46 - 000003128 _____ C:\Windows\system32\Tasks\MAGIX PC Check & Tuning 2021 (PCMaintainService.exe)
2021-02-05 15:46 - 2021-02-05 15:46 - 000002928 _____ C:\Windows\system32\Tasks\MAGIX PC Check & Tuning 2021
2021-02-05 15:46 - 2021-02-05 15:46 - 000000000 ____D C:\Users\tomasek\AppData\Local\QMxNetworkSync
2021-02-05 15:46 - 2021-02-05 15:46 - 000000000 ____D C:\ProgramData\simplitec
2021-02-05 15:46 - 2021-02-05 15:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\System optimization
2021-02-05 15:46 - 2021-02-05 15:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2021-02-05 15:46 - 2021-02-05 15:46 - 000000000 ____D C:\Program Files\MAGIX
2021-02-05 15:46 - 2021-02-05 15:46 - 000000000 ____D C:\Program Files\Common Files\MAGIX Services
2021-02-05 15:42 - 2021-02-27 13:08 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\MAGIX
2021-02-05 15:42 - 2021-02-05 15:42 - 000000000 ____D C:\Users\tomasek\Documents\MAGIX Downloads
2021-02-04 13:30 - 2021-02-04 13:30 - 004309452 _____ C:\Users\tomasek\Downloads\worldedit-forge-mc1.16.3-7.2.2-dist.jar
2021-02-03 22:14 - 2021-02-03 22:14 - 000000000 ____D C:\ProgramData\Intel
2021-02-03 22:13 - 2021-03-01 22:33 - 000000000 ____D C:\Intel
2021-02-03 22:13 - 2021-02-10 21:09 - 000000000 __SHD C:\Users\tomasek\IntelGraphicsProfiles
2021-02-03 22:13 - 2021-02-04 11:04 - 000000000 ____D C:\Users\tomasek\AppData\Local\Intel
2021-02-03 22:13 - 2021-02-03 22:13 - 000000000 ____D C:\Users\tomasek\AppData\LocalLow\Intel
2021-02-03 22:12 - 2021-02-03 22:12 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2021-02-03 21:06 - 2021-02-03 21:06 - 010699190 _____ C:\Users\tomasek\Downloads\R16 Textures 512x (umsoea).zip
2021-02-03 20:57 - 2021-02-03 20:57 - 008442059 _____ C:\Users\tomasek\Downloads\R17 Textures 512x (umsoea).zip
2021-02-03 20:39 - 2021-02-03 20:39 - 011282168 _____ C:\Users\tomasek\Downloads\! # §l§3Notro §l§5Fade (1).zip
2021-02-03 17:41 - 2021-02-03 17:41 - 003681747 _____ C:\Users\tomasek\Downloads\EXTRACT-JAR-INTO-MODS-FOLDER-for-1.12.2.zip
2021-02-03 15:27 - 2021-02-03 15:27 - 223713938 _____ C:\Users\tomasek\Downloads\miejojo512 v1.16.zip
2021-02-02 17:52 - 2021-02-06 10:58 - 000000004 _____ C:\ProgramData\rc.dat
2021-02-02 17:51 - 2021-02-06 10:58 - 000000004 _____ C:\ProgramData\lock.dat
2021-02-02 17:51 - 2021-02-05 10:28 - 000000100 _____ C:\ProgramData\lir.bats
2021-02-02 17:51 - 2021-02-02 17:51 - 000000008 _____ C:\ProgramData\ts.dat
2021-02-02 17:50 - 2021-02-06 10:49 - 000000000 ____D C:\ProgramData\TranslateService
2021-02-02 17:12 - 2021-02-10 21:16 - 000000000 ____D C:\Users\tomasek\AppData\Local\Secure File Deleter 6
2021-02-02 17:12 - 2021-02-10 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure File Deleter 6
2021-02-02 17:12 - 2021-02-02 17:13 - 000000000 ____D C:\GX Action Backup
2021-02-02 17:12 - 2014-04-03 20:22 - 000645592 _____ C:\Windows\SysWOW64\sqlite3.dll
2021-02-02 17:11 - 2021-01-19 16:33 - 008870184 ___RH (Glarysoft Ltd) C:\Users\tomasek\Desktop\tesetup.exe
2021-02-02 16:41 - 2021-02-02 16:41 - 003663753 _____ C:\Users\tomasek\Downloads\[1.12.2] Ultimate Immersion by Hunger_Legend.rar
2021-02-02 16:02 - 2021-02-02 16:04 - 680987520 _____ C:\Users\tomasek\Downloads\LEGENDARY RT Textures RT8 1024x (1.16.5).zip
2021-02-01 18:13 - 2021-02-04 19:04 - 000006410 _____ C:\Users\tomasek\Downloads\OCCT.config.json
2021-02-01 18:10 - 2021-02-01 18:10 - 018012912 _____ (OCCT - Ocbase - Adrien Mercier) C:\Users\tomasek\Downloads\OCCT7.3.0.exe
2021-02-01 18:09 - 2021-02-01 18:13 - 259708359 _____ (Unigine Corp. ) C:\Users\tomasek\Downloads\Unigine_Heaven-4.0.exe
2021-02-01 16:28 - 2021-02-01 16:28 - 282502470 _____ C:\Users\tomasek\Downloads\People.Playground.v1.13.1.rar
2021-01-31 14:50 - 2021-02-20 16:01 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\HandBrake
2021-01-31 14:49 - 2021-01-31 14:50 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2021-01-31 14:49 - 2021-01-31 14:50 - 000000000 ____D C:\Program Files\HandBrake
2021-01-31 14:49 - 2021-01-31 14:49 - 013534240 _____ C:\Users\tomasek\Downloads\HandBrake-1.3.3-x86_64-Win_GUI.exe
2021-01-31 14:49 - 2021-01-31 14:49 - 000000865 _____ C:\Users\tomasek\Desktop\HandBrake.lnk
2021-01-31 14:31 - 2021-01-31 14:31 - 015690862 _____ C:\Users\tomasek\Downloads\video (2).mkv
2021-01-31 14:23 - 2021-01-31 14:23 - 000150502 _____ C:\Users\tomasek\Downloads\Lucky blocky (mod) 1#.mp4.crdownload
2021-01-31 14:23 - 2021-01-31 14:23 - 000150502 _____ C:\Users\tomasek\Downloads\Lucky blocky (mod) 1#.mp4 (1).crdownload
2021-01-31 13:24 - 2021-01-31 13:24 - 001697661 _____ C:\Users\tomasek\Downloads\Lightning strike green screen.mp4
2021-01-31 13:21 - 2021-01-31 13:21 - 001161215 _____ C:\Users\tomasek\Downloads\Green Screen Lightning and Thunder Effect.mp4
2021-01-31 13:20 - 2021-01-31 13:20 - 027507576 _____ C:\Users\tomasek\Downloads\Lighting & Thunder Storm Green Screen Effects __ YTschool..mp4
2021-01-31 13:16 - 2021-01-31 13:16 - 000393344 _____ C:\Users\tomasek\Downloads\Green Screen Vs Text Style Effect.mp4
2021-01-31 11:17 - 2021-01-31 11:17 - 000001339 _____ C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lively Wallpaper.lnk
2021-01-31 11:17 - 2021-01-31 11:17 - 000001331 _____ C:\Users\tomasek\Desktop\Lively Wallpaper.lnk
2021-01-31 11:16 - 2021-01-31 11:17 - 193255194 _____ (rocksdanister ) C:\Users\tomasek\lively_setup_x86_full_v1180.exe
2021-01-31 11:16 - 2021-01-31 11:16 - 003544104 _____ C:\Users\tomasek\Downloads\video (1).mkv
2021-01-30 19:13 - 2021-01-30 19:13 - 000000345 _____ C:\Users\tomasek\Desktop\ARK Survival Evolved.url

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-01 22:38 - 2019-12-07 15:41 - 000682184 _____ C:\Windows\system32\perfh005.dat
2021-03-01 22:38 - 2019-12-07 15:41 - 000137000 _____ C:\Windows\system32\perfc005.dat
2021-03-01 22:38 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-03-01 22:38 - 2019-12-07 08:12 - 001605602 _____ C:\Windows\system32\PerfStringBackup.INI
2021-03-01 22:34 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-01 22:33 - 2020-12-16 15:48 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2021-03-01 22:33 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-03-01 22:33 - 2019-12-07 08:07 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-01 22:33 - 2019-12-07 08:07 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-03-01 22:31 - 2020-12-25 17:58 - 000000000 ____D C:\Program Files (x86)\BandiMPEG1
2021-03-01 22:24 - 2020-12-26 22:45 - 000000000 ____D C:\Program Files (x86)\Bandicam.v4.1.3 ( CZ HanzyKisik )
2021-03-01 22:23 - 2019-12-07 08:07 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-03-01 21:08 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-03-01 20:48 - 2021-01-21 09:44 - 000004216 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0087AB00-A545-4531-AFE1-404CF38D4D3A}
2021-03-01 20:29 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-03-01 19:37 - 2020-12-24 20:47 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\audacity
2021-03-01 15:44 - 2020-12-24 20:26 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\.minecraft
2021-03-01 15:34 - 2020-12-16 15:57 - 000000000 ____D C:\Users\tomasek\AppData\Local\D3DSCache
2021-03-01 13:18 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-01 11:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-02-28 19:36 - 2019-12-07 08:10 - 000000000 ____D C:\Users\tomasek\AppData\Local\ConnectedDevicesPlatform
2021-02-28 19:25 - 2020-12-25 12:43 - 000000000 ____D C:\Users\tomasek\AppData\Local\SquirrelTemp
2021-02-28 17:33 - 2019-12-07 08:10 - 000000000 ____D C:\Users\tomasek
2021-02-28 12:56 - 2019-12-07 08:07 - 000483896 _____ C:\Windows\system32\FNTCACHE.DAT
2021-02-28 09:52 - 2020-12-27 10:51 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-27 16:10 - 2021-01-16 10:30 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-27 13:08 - 2020-12-17 10:20 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-27 12:14 - 2019-12-07 08:12 - 000003384 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2880034797-3857021402-3440946435-1001
2021-02-27 12:14 - 2019-12-07 08:12 - 000000000 ___RD C:\Users\tomasek\OneDrive
2021-02-27 12:14 - 2019-12-07 08:10 - 000002371 _____ C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-26 21:35 - 2021-01-17 20:14 - 000000256 _____ C:\Users\tomasek\AppData\LocalLow\rbxcsettings.rbx
2021-02-26 21:35 - 2021-01-17 20:14 - 000000000 ____D C:\Users\tomasek\AppData\Local\Roblox
2021-02-26 13:35 - 2021-01-05 14:26 - 000004226 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1609853199
2021-02-26 13:35 - 2021-01-05 14:26 - 000001415 _____ C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2021-02-26 11:27 - 2020-12-25 12:43 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\discord
2021-02-24 21:51 - 2021-01-07 14:28 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2021-02-24 15:30 - 2021-01-05 14:19 - 000000000 ____D C:\Users\tomasek\AppData\Local\GeometryDash
2021-02-24 15:05 - 2020-12-30 20:52 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\.tlauncher
2021-02-24 11:08 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2021-02-23 18:54 - 2021-01-07 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-02-23 18:53 - 2021-01-07 14:28 - 000000000 ____D C:\Program Files\Wondershare
2021-02-23 18:44 - 2020-12-16 15:57 - 000000000 ____D C:\Users\tomasek\AppData\Local\AMD
2021-02-22 11:17 - 2021-01-24 10:56 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-20 17:01 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\NDF
2021-02-19 17:33 - 2020-12-25 13:26 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\lunarclient
2021-02-18 15:18 - 2021-01-22 14:57 - 000000000 ____D C:\Users\tomasek\AppData\Local\Voicemod
2021-02-18 15:14 - 2021-01-22 14:56 - 000000000 ____D C:\ProgramData\Voicemod
2021-02-17 13:54 - 2019-12-07 08:10 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Adobe
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Keywords
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Keywords
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-15 08:14 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2021-02-14 21:05 - 2020-12-24 20:26 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-02-14 20:13 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-02-14 20:08 - 2020-12-26 22:30 - 000000000 ____D C:\Windows\system32\MRT
2021-02-14 20:07 - 2020-12-26 20:37 - 130141752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-02-12 10:00 - 2019-12-07 08:07 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-02-08 20:07 - 2020-12-27 10:50 - 000003584 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-08 20:07 - 2020-12-27 10:50 - 000003460 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-07 19:22 - 2021-01-15 15:28 - 000000000 ____D C:\Users\tomasek\AppData\Local\cache
2021-02-07 19:22 - 2021-01-07 14:30 - 000000000 ____D C:\ProgramData\Wondershare
2021-02-07 19:22 - 2021-01-07 14:29 - 000000000 ____D C:\Users\tomasek\AppData\Local\Wondershare
2021-02-07 19:22 - 2021-01-07 14:28 - 000000000 ____D C:\Users\tomasek\Documents\Wondershare
2021-02-07 18:56 - 2020-12-26 22:37 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-02-07 18:56 - 2020-12-26 22:37 - 000000000 ____D C:\Program Files\Adobe
2021-02-07 17:07 - 2021-01-22 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voicemod Desktop
2021-02-07 17:07 - 2021-01-22 14:56 - 000000000 ____D C:\Program Files\Voicemod Desktop
2021-02-07 17:05 - 2021-01-01 19:17 - 000000000 ____D C:\Users\tomasek\Documents\Audacity
2021-02-05 20:04 - 2021-01-24 10:56 - 000734016 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2021-02-05 20:03 - 2021-01-24 10:56 - 000470848 _____ (Microsoft Corporation) C:\Windows\system32\QualityUpdateAssistant.dll
2021-02-05 15:47 - 2021-01-12 17:49 - 000000000 ____D C:\Users\tomasek\Documents\Image-Line
2021-02-05 15:40 - 2020-12-26 22:40 - 000000000 ____D C:\Users\tomasek\Documents\Adobe
2021-02-03 22:13 - 2019-12-07 08:10 - 000000000 ____D C:\Users\tomasek\AppData\Local\Publishers
2021-02-03 22:13 - 2019-12-07 08:10 - 000000000 ____D C:\Users\tomasek\AppData\Local\Packages
2021-02-03 22:13 - 2019-12-07 08:10 - 000000000 ____D C:\ProgramData\Packages
2021-02-01 18:16 - 2020-12-16 15:57 - 001065984 _____ C:\Users\tomasek\AppData\Local\file__0.localstorage
2021-02-01 18:07 - 2020-12-26 01:26 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\HD Tune Pro
2021-01-31 14:44 - 2020-12-30 11:50 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\LGHUB
2021-01-31 14:44 - 2020-12-30 11:50 - 000000000 ____D C:\Users\tomasek\AppData\Local\LGHUB

==================== Files in the root of some directories ========

2021-02-02 17:51 - 2021-02-06 10:58 - 000000004 _____ () C:\ProgramData\lock.dat
2021-02-02 17:52 - 2021-02-06 10:58 - 000000004 _____ () C:\ProgramData\rc.dat
2021-02-02 17:51 - 2021-02-02 17:51 - 000000008 _____ () C:\ProgramData\ts.dat
2021-01-31 11:16 - 2021-01-31 11:17 - 193255194 _____ (rocksdanister ) C:\Users\tomasek\lively_setup_x86_full_v1180.exe
2021-02-22 19:07 - 2021-02-22 19:16 - 3240346760 _____ () C:\Users\tomasek\AppData\Roaming\10.txt
2021-02-22 19:07 - 2021-02-23 11:28 - 2257350816 _____ () C:\Users\tomasek\AppData\Roaming\2.txt
2021-02-22 19:07 - 2021-02-23 09:38 - 1570849912 _____ () C:\Users\tomasek\AppData\Roaming\3.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\4.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\5.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\6.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\7.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\8.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\9.txt
2020-12-30 17:38 - 2020-12-30 17:38 - 000000000 _____ () C:\Users\tomasek\AppData\Roaming\90e410a49ea95c18085aaf88ebbf8100.tmp
2021-02-20 08:41 - 2021-02-20 09:04 - 000000209 _____ () C:\Users\tomasek\AppData\Roaming\jjv5conf.json
2021-01-03 13:28 - 2021-01-03 13:28 - 000000015 _____ () C:\Users\tomasek\AppData\Roaming\obs-virtualcam.txt
2020-12-16 15:57 - 2021-02-01 18:16 - 001065984 _____ () C:\Users\tomasek\AppData\Local\file__0.localstorage
2021-02-20 19:58 - 2021-02-24 14:44 - 000000037 _____ () C:\Users\tomasek\AppData\Local\link.txt
2021-02-18 12:50 - 2021-02-19 21:56 - 000016438 _____ () C:\Users\tomasek\AppData\Local\partner.bmp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Jen pro kontrolu

#2 Příspěvek od Rudy »

Zdravím!
Poprosím ještě o log Addition. Měl by být v C:\Users\tomasek\Downloads v souboru addition.txt. Pak ručně dočistíme.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Bartis111
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 01 bře 2021 22:38

Re: Jen pro kontrolu

#3 Příspěvek od Bartis111 »

Dobrý večer ,

omlouvám se že odepisuji tak pozdě ,malý dostalseřváno protože hned den poté instaloval další hack , teď jsem ho omilostnil
nový frst

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by tomasek (administrator) on DESKTOP-3JV1PF5 (08-03-2021 22:07:17)
Running from C:\Users\tomasek\Downloads
Loaded Profiles: tomasek
Platform: Windows 10 Home Version 2004 19041.804 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(AutoIt Consulting Ltd -> AutoIt Team) C:\Users\tomasek\AppData\Local\Disk\AutoIt3\AutoIt3_x64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(livelySubProcess) [File not signed] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\plugins\subproc\livelySubProcess.exe
(livelywpf) [File not signed] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\livelywpf.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(MAGIX Software GmbH -> MAGIX Software GmbH) C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2021\PCMaintainService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> ) C:\Program Files (x86)\Microsoft\Edge\Application\89.0.774.45\identity_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\tomasek\AppData\Local\Microsoft\Teams\current\Teams.exe <8>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2102.8653.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe
(mpv) [File not signed] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\plugins\mpv\mpv.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TeraByte, Inc. -> TeraByte, Inc.) C:\Program Files (x86)\TeraByte Drive Image Backup and Restore Suite\tbinotify.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-12-27] (Adobe Inc. -> )
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [livelywpf] => C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\livelywpf.exe [195072 2021-03-04] (livelywpf) [File not signed]
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [MicrosoftEdgeAutoLaunch_FEDCB2297AD66856CC60E0F59DC00DA6] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\tomasek\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-02-28] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-29] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TBI Notify.lnk [2021-02-19]
ShortcutTarget: TBI Notify.lnk -> C:\Program Files (x86)\TeraByte Drive Image Backup and Restore Suite\tbinotify.exe (TeraByte, Inc. -> TeraByte, Inc.)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2D09A541-D6DA-4F28-AE58-21DFCE0D4BE2} - System32\Tasks\bookingDesktopAppUpdateTaskMachineCore => C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2021-02-19] (bookingDesktopApp.) [File not signed]
Task: {495325BD-0611-494E-9CF3-51D52F2F63DC} - System32\Tasks\bookingDesktopAppUpdateTaskMachineUA => C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2021-02-19] (bookingDesktopApp.) [File not signed]
Task: {663C9786-8A08-415B-91B7-F169D84501ED} - System32\Tasks\MAGIX PC Check & Tuning 2021 (PCMaintainService.exe) => C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2021\PCMaintainService.exe [1757768 2019-12-19] (MAGIX Software GmbH -> MAGIX Software GmbH)
Task: {6E1B0656-2AA9-4AB9-B2A8-CE8ED4E414EB} - System32\Tasks\Opera scheduled Autoupdate 1609853199 => C:\Users\tomasek\AppData\Local\Programs\Opera\launcher.exe [1793688 2021-03-04] (Opera Software AS -> Opera Software)
Task: {73F0C005-6B86-4C97-AC2A-881AE78A0E9E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7AFBBC1A-0209-45A7-8070-2A62AAC36390} - System32\Tasks\Services\Diagnostic => C:\Users\tomasek\AppData\Local\Disk\AutoIt3\AutoIt3_x64.exe [1013928 2018-03-15] (AutoIt Consulting Ltd -> AutoIt Team) -> "C:\Users\tomasek\AppData\Local\Disk\AutoIt3\Settings.au3"
Task: {A100A747-C57F-4F8D-AC8B-9A0A19347809} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B928C857-D17A-430D-B8A8-A7883FC4E004} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {E409927A-C556-409B-919B-D6402429B072} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-3JV1PF5-tomasek => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {EB0DDDC7-E0AE-4BB2-B108-8B4027950C95} - System32\Tasks\MAGIX PC Check & Tuning 2021 => C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2021\PCCT.exe [2486856 2019-12-19] (MAGIX Software GmbH -> MAGIX Software GmbH)
Task: {F0006865-B6A5-4DCB-B40B-E3F49E2C9F6F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F744BC77-6304-4DAF-9359-CEEAC029ADF6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\MAGIX PC Check & Tuning 2021 (PCMaintainService.exe).job => C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2021\PCMaintainService.exe C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2021\DESKTOP-3JV1PF5\tomasek5MAGIX PC Check & Tuning 2021 (PCMaintainService.exe
Task: C:\Windows\Tasks\MAGIX PC Check & Tuning 2021.job => C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2021\PCCT.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{42d5e22c-9575-4454-8a68-21d1a84a4acf}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-08]
Edge Notifications: Default -> hxxps://linkvertise.com
Edge Extension: (Outlook) - C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-12-27]
Edge Extension: (Microsoft Protect) - C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch [2021-02-20]
Edge Extension: (Word) - C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-12-27]
Edge Extension: (Excel) - C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-12-27]
Edge Extension: (Multi Find) - C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mkofacajmfbednlblgglmpbidklocddm [2021-02-18]
Edge Extension: (PowerPoint) - C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-12-27]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2021-01-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2021-01-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2021-01-01] (Adobe Systems Incorporated -> )
FF Plugin-x32: @bookingdesktopapp.com/bookingDesktopApp Update;version=3 -> C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\npbookingDesktopAppUpdate3.dll [2021-02-19] (bookingDesktopApp.) [File not signed]
FF Plugin-x32: @bookingdesktopapp.com/bookingDesktopApp Update;version=9 -> C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\npbookingDesktopAppUpdate3.dll [2021-02-19] (bookingDesktopApp.) [File not signed]

Chrome:
=======
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default [2021-03-08]
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=E210CZ91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Extension: (Prezentace) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-24]
CHR Extension: (Dokumenty) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-24]
CHR Extension: (Disk Google) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-24]
CHR Extension: (YouTube) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-24]
CHR Extension: (Tabulky) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-24]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-02-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-02]
CHR Extension: (Search Manager) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnplhahbcoldbildffdchneaepapccbn [2021-02-19]
CHR Extension: (Grammarly for Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-02-23]
CHR Extension: (Swift Select) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\molponhobmbbinjnghgafbfampcgamln [2021-02-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-24]
CHR Extension: (Chrome Media Router) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [gnplhahbcoldbildffdchneaepapccbn]

Opera:
=======
OPR Profile: C:\Users\tomasek\AppData\Roaming\Opera Software\Opera Stable [2021-01-05]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.cz/complete/search?client=op ... utEncoding}

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8477080 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
S2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [621728 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
S2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [351848 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-01-30] (BattlEye Innovations e.K. -> )
S2 bookingdesktopapp; C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2021-02-19] (bookingDesktopApp.) [File not signed]
S3 bookingdesktopappm; C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2021-02-19] (bookingDesktopApp.) [File not signed]
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10532256 2021-02-27] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-01] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [959752 2021-02-12] (McAfee, LLC -> McAfee, LLC)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S3 Rockstar Service; D:\GTAV\Launcher\RockstarService.exe [1347464 2021-03-03] (Rockstar Games, Inc. -> Rockstar Games)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [36792 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [208672 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [332880 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [247888 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [97360 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [16832 2021-01-05] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42424 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [176384 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [522480 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [108928 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84496 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851256 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469472 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216984 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326064 2021-01-05] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-24] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-03-01] (Malwarebytes Corporation -> Malwarebytes)
S3 HWiNFO_155; C:\Users\tomasek\AppData\Local\Temp\HWiNFO64A_155.SYS [64008 2021-02-04] (Martin Malik - REALiX -> REALiX(tm)) <==== ATTENTION
R2 LGHUBTemperatureService; C:\Program Files\LGHUB\logi_core_temp.sys [25448 2021-02-27] (Logitech Inc. -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [38136 2020-12-30] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [26672 2020-12-30] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66808 2020-12-30] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220616 2021-03-01] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-03-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198248 2021-03-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-03-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-03-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [142416 2021-03-08] (Malwarebytes Inc -> Malwarebytes)
R0 phylock; C:\Windows\System32\drivers\phylock.sys [37488 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> TeraByte, Inc.)
R1 ProtectIt; C:\Windows\System32\drivers\ProtectIt.sys [17472 2018-01-09] (Microsoft Windows Hardware Compatibility Publisher -> TeraByte, Inc.)
S3 TBIMount; C:\Windows\System32\drivers\tbimount.sys [146936 2019-04-25] (Microsoft Windows Hardware Compatibility Publisher -> TeraByte, Inc.)
R3 VBAudioVMVAIOMME; C:\Windows\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2021-01-01] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VOICEMOD_Driver; C:\Windows\system32\drivers\vmdrv.sys [48136 2021-01-13] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49544 2021-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [420088 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
S3 HWiNFO_152; \??\C:\Users\tomasek\AppData\Local\Temp\HWiNFO64A_152.SYS [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-08 17:41 - 2021-03-08 17:41 - 001189068 _____ C:\Windows\Minidump\030821-9250-01.dmp
2021-03-08 17:41 - 2021-03-08 17:41 - 000000000 ____D C:\Windows\Minidump
2021-03-08 12:20 - 2021-01-02 18:48 - 024960408 _____ C:\Users\tomasek\Downloads\microphone - kopie.blend
2021-03-08 12:06 - 2021-03-08 12:06 - 024485137 _____ C:\Users\tomasek\Downloads\95-blend.zip
2021-03-08 11:48 - 2021-03-08 11:48 - 024936488 _____ C:\Users\tomasek\Downloads\3dtrackingfootagep1.mp4
2021-03-07 19:49 - 2021-03-07 19:49 - 000000000 ____D C:\Users\tomasek\Documents\OpenIV
2021-03-07 19:48 - 2021-03-07 19:48 - 000001308 _____ C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\OpenIV.lnk
2021-03-07 19:48 - 2021-03-07 19:48 - 000001306 _____ C:\Users\tomasek\Desktop\OpenIV.lnk
2021-03-07 19:48 - 2021-03-07 19:48 - 000000000 ____D C:\Users\tomasek\AppData\Local\New Technology Studio
2021-03-07 19:46 - 2021-03-07 19:47 - 000000000 ____D C:\Windows\SysWOW64\directx
2021-03-07 11:14 - 2021-03-07 11:14 - 151988900 _____ C:\Users\tomasek\Downloads\Little Runmo.mp4
2021-03-07 11:08 - 2021-03-07 11:08 - 003454732 _____ C:\Users\tomasek\Downloads\Glitch green screen.mp4
2021-03-06 20:58 - 2021-03-08 13:47 - 000000000 ____D C:\Users\tomasek\AppData\LocalLow\IGDump
2021-03-06 20:58 - 2021-03-06 20:58 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\mpv
2021-03-06 19:45 - 2021-03-06 19:45 - 000001339 _____ C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lively Wallpaper.lnk
2021-03-06 19:45 - 2021-03-06 19:45 - 000001331 _____ C:\Users\tomasek\Desktop\Lively Wallpaper.lnk
2021-03-06 19:44 - 2021-03-06 19:44 - 196492707 _____ (rocksdanister ) C:\Users\tomasek\Downloads\lively_setup_x86_full_v1202.exe
2021-03-06 18:58 - 2021-03-06 18:58 - 002555356 _____ C:\Users\tomasek\Downloads\fight.mp4
2021-03-03 12:46 - 2021-03-03 12:46 - 016182010 _____ C:\Users\tomasek\Downloads\Crystalware b10 PREMIUM.rar
2021-03-03 12:29 - 2021-03-03 12:31 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Sony
2021-03-03 12:29 - 2021-03-03 12:29 - 000000000 ____D C:\Users\tomasek\AppData\Local\VEGAS
2021-03-03 12:29 - 2021-03-03 12:29 - 000000000 ____D C:\ProgramData\VEGAS Pro
2021-03-03 12:29 - 2021-03-03 12:29 - 000000000 ____D C:\ProgramData\VEGAS
2021-03-03 12:29 - 2021-03-03 12:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS
2021-03-03 12:29 - 2021-03-03 12:29 - 000000000 ____D C:\Program Files\VEGAS
2021-03-03 12:29 - 2021-03-03 12:29 - 000000000 ____D C:\Program Files (x86)\VEGAS
2021-03-03 12:23 - 2021-03-08 17:41 - 000142416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-03-03 12:23 - 2021-03-03 12:23 - 000198248 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-03-03 12:23 - 2021-03-03 12:23 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-03-03 10:07 - 2021-03-03 10:07 - 004976694 _____ C:\Users\tomasek\Downloads\nekonecno.bmp
2021-03-02 20:18 - 2021-03-02 20:23 - 000000000 ____D C:\Users\tomasek\AppData\Local\CrashDumps
2021-03-02 20:16 - 2021-03-02 20:16 - 000000000 _____ C:\Users\tomasek\Desktop\2CFDA16D75AC
2021-03-02 16:12 - 2021-03-02 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2021-03-02 16:12 - 2021-03-02 16:12 - 000001079 _____ C:\Users\tomasek\Desktop\Bandicam.lnk
2021-03-02 16:10 - 2021-03-02 16:10 - 022323497 _____ C:\Users\tomasek\Downloads\bandicam crack.rar
2021-03-02 13:14 - 2021-03-02 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-03-02 13:14 - 2021-03-02 13:14 - 000000000 ____D C:\Program Files\LGHUB
2021-03-01 22:43 - 2021-03-01 22:44 - 000073073 _____ C:\Users\tomasek\Downloads\Addition.txt
2021-03-01 22:42 - 2021-03-08 22:07 - 000024242 _____ C:\Users\tomasek\Downloads\FRST.txt
2021-03-01 22:41 - 2021-03-08 22:07 - 000000000 ____D C:\FRST
2021-03-01 22:40 - 2021-03-01 22:40 - 002301440 _____ (Farbar) C:\Users\tomasek\Downloads\FRST64.exe
2021-03-01 22:33 - 2021-03-01 22:33 - 000220616 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-03-01 22:32 - 2021-03-01 22:32 - 000220392 _____ (AVAST Software) C:\Users\tomasek\Downloads\avast_free_antivirus_setup_online.exe
2021-03-01 21:09 - 2021-03-01 21:09 - 000000000 ____D C:\Users\tomasek\AppData\Local\mbam
2021-03-01 21:08 - 2021-03-03 12:23 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-03-01 21:08 - 2021-03-01 21:08 - 002084016 _____ (Malwarebytes) C:\Users\tomasek\Downloads\MBSetup.exe
2021-03-01 21:08 - 2021-03-01 21:08 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-03-01 21:08 - 2021-03-01 21:08 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-03-01 21:08 - 2021-03-01 21:08 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-03-01 21:08 - 2021-03-01 21:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-03-01 21:08 - 2021-03-01 21:08 - 000000000 ____D C:\Program Files\Malwarebytes
2021-03-01 19:16 - 2021-03-01 20:14 - 000000000 ____D C:\AdwCleaner
2021-03-01 19:16 - 2021-03-01 19:16 - 008463216 _____ (Malwarebytes) C:\Users\tomasek\Downloads\adwcleaner_8.1.exe
2021-02-28 19:25 - 2021-02-28 19:25 - 000002378 _____ C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-02-28 19:25 - 2021-02-28 19:25 - 000002370 _____ C:\Users\tomasek\Desktop\Microsoft Teams.lnk
2021-02-28 19:25 - 2021-02-28 19:25 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Teams
2021-02-24 21:04 - 2021-02-24 21:04 - 018066536 _____ C:\Users\tomasek\Downloads\[GD] _Mountain King_ by Xyle (Daily level) _ Geometry Dash 2.113.mp4
2021-02-24 15:53 - 2021-02-24 15:53 - 000000026 _____ C:\Users\tomasek\Downloads\Oxygen U - Linkvertise.txt
2021-02-24 14:51 - 2021-02-24 14:52 - 000000000 ____D C:\Users\tomasek\AppData\Local\Coco_Z2
2021-02-24 12:18 - 2021-02-24 12:18 - 080521728 _____ C:\Users\tomasek\Downloads\LITTLE NIGHTMARES 2 Thin Man Boss Fight 4K ULTRA HD.mp4
2021-02-24 12:03 - 2021-02-24 12:03 - 013395845 _____ C:\Users\tomasek\Downloads\The Simpsons - Travel into the future couch gag.mp4
2021-02-24 12:01 - 2021-02-24 12:01 - 000845580 _____ C:\Users\tomasek\Downloads\GREEN SCREEN GLITCH EFFECT.mp4
2021-02-24 11:26 - 2021-02-24 11:26 - 004764414 _____ C:\Users\tomasek\Downloads\Green Screen Lightning And Thunder Video Effect.mp4
2021-02-24 11:23 - 2021-02-24 11:23 - 000391686 _____ C:\Users\tomasek\Downloads\Greenscreen Portal Like Effect HD.mp4
2021-02-23 18:52 - 2021-02-23 18:52 - 001024432 _____ C:\Users\tomasek\Downloads\filmora-idco_setup_full1901 (2).exe
2021-02-23 18:37 - 2021-02-23 18:37 - 012590829 _____ C:\Users\tomasek\Downloads\5_39pm - A Tornado of starlings.mp4
2021-02-23 17:17 - 2021-02-27 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sp Disk Cleaner
2021-02-23 17:17 - 2021-02-23 17:17 - 000000000 ____D C:\Program Files (x86)\Sp
2021-02-23 10:40 - 2021-02-23 10:40 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\CreamAPI
2021-02-23 10:38 - 2021-02-23 10:39 - 058504632 _____ C:\Users\tomasek\Downloads\Among.Us.v2020.12.9s_Adrian29.rar
2021-02-23 10:18 - 2021-02-23 10:21 - 000000000 ____D C:\Users\tomasek\krnl
2021-02-22 19:07 - 2021-02-23 11:28 - 2257350816 _____ C:\Users\tomasek\AppData\Roaming\2.txt
2021-02-22 19:07 - 2021-02-23 09:38 - 1570849912 _____ C:\Users\tomasek\AppData\Roaming\3.txt
2021-02-22 19:07 - 2021-02-22 19:16 - 3240346760 _____ C:\Users\tomasek\AppData\Roaming\10.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ C:\Users\tomasek\AppData\Roaming\9.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ C:\Users\tomasek\AppData\Roaming\8.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ C:\Users\tomasek\AppData\Roaming\7.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ C:\Users\tomasek\AppData\Roaming\6.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ C:\Users\tomasek\AppData\Roaming\5.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ C:\Users\tomasek\AppData\Roaming\4.txt
2021-02-22 15:31 - 2021-03-06 14:47 - 000001427 _____ C:\Users\tomasek\Desktop\Roblox Player.lnk
2021-02-22 15:31 - 2021-03-06 14:47 - 000001250 _____ C:\Users\tomasek\Desktop\Roblox Studio.lnk
2021-02-22 15:31 - 2021-03-06 14:47 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-02-22 15:15 - 2021-02-27 16:04 - 000000000 ____D C:\Program Files (x86)\Xydia
2021-02-22 15:15 - 2021-02-23 18:12 - 000001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xydia.lnk
2021-02-22 15:15 - 2021-02-22 15:15 - 000000000 ____D C:\Users\tomasek\AppData\Local\Xyba_Studios
2021-02-20 19:58 - 2021-02-24 14:44 - 000000037 _____ C:\Users\tomasek\AppData\Local\link.txt
2021-02-20 17:39 - 2021-02-20 19:22 - 000000000 ____D C:\Users\tomasek\Downloads\bin
2021-02-20 17:11 - 2021-02-24 15:59 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\WinHost
2021-02-20 16:00 - 2021-02-20 16:00 - 008658973 _____ C:\Users\tomasek\Downloads\video (3).mkv
2021-02-20 08:41 - 2021-02-20 09:04 - 000000209 _____ C:\Users\tomasek\AppData\Roaming\jjv5conf.json
2021-02-20 08:41 - 2021-02-20 09:04 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\jjsploitv5
2021-02-20 08:41 - 2021-02-20 09:03 - 000000000 ____D C:\Users\tomasek\AppData\Local\jjsploitv5-updater
2021-02-20 08:41 - 2021-02-20 08:41 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\JJSploit v5
2021-02-20 08:06 - 2021-02-20 08:06 - 000000000 ____D C:\Skisploit
2021-02-20 07:45 - 2021-02-20 07:45 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\booking-nativefier-9f4f54
2021-02-20 07:45 - 2021-02-20 07:45 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Booking
2021-02-20 00:36 - 2021-02-20 00:36 - 000000000 ____D C:\Windows\system32\Tasks\Services
2021-02-20 00:35 - 2021-02-20 00:35 - 000000000 __SHD C:\Users\tomasek\AppData\Local\Disk
2021-02-20 00:35 - 2021-02-20 00:35 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Real
2021-02-20 00:35 - 2021-02-20 00:35 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Bazertu
2021-02-20 00:34 - 2021-02-22 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sk Disk Cleaner
2021-02-20 00:34 - 2021-02-20 00:34 - 000000012 _____ C:\ProgramData\kaosdma.txt
2021-02-20 00:34 - 2021-02-20 00:34 - 000000000 ____D C:\Program Files (x86)\Sk
2021-02-19 22:52 - 2021-02-19 22:52 - 000000035 _____ C:\Users\tomasek\Downloads\SxWhitelist.txt
2021-02-19 22:40 - 2021-02-19 22:40 - 000000000 ____D C:\Users\tomasek\Documents\My Backups
2021-02-19 22:40 - 2021-02-19 22:40 - 000000000 ____D C:\ProgramData\TBIView
2021-02-19 22:40 - 2021-02-19 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraByte Drive Image Backup and Restore Suite
2021-02-19 22:40 - 2021-02-19 22:40 - 000000000 ____D C:\Program Files (x86)\TeraByte Drive Image Backup and Restore Suite
2021-02-19 22:40 - 2019-04-25 19:11 - 000146936 _____ (TeraByte, Inc.) C:\Windows\system32\Drivers\TBIMount.sys
2021-02-19 22:40 - 2018-01-09 17:44 - 000017472 _____ (TeraByte, Inc.) C:\Windows\system32\Drivers\ProtectIt.sys
2021-02-19 22:40 - 2017-04-01 15:30 - 000081880 _____ C:\Windows\tbicd2hd.exe
2021-02-19 22:40 - 2016-08-24 23:01 - 000037488 _____ (TeraByte, Inc.) C:\Windows\system32\Drivers\phylock.sys
2021-02-19 21:58 - 2021-01-19 16:00 - 001691648 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7z.dll
2021-02-19 21:58 - 2021-01-19 16:00 - 000483840 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7z.exe
2021-02-19 21:58 - 2021-01-19 16:00 - 000209408 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7z.sfx
2021-02-19 21:58 - 2021-01-19 16:00 - 000189952 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7zCon.sfx
2021-02-19 21:58 - 2021-01-19 16:00 - 000077312 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7-zip.dll
2021-02-19 21:58 - 2021-01-19 16:00 - 000052224 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7-zip32.dll
2021-02-19 21:58 - 2021-01-19 16:00 - 000014848 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\Uninstall.exe
2021-02-19 21:58 - 2021-01-19 14:51 - 000001696 _____ C:\Users\tomasek\Downloads\readme.txt
2021-02-19 21:58 - 2021-01-19 14:49 - 000051254 _____ C:\Users\tomasek\Downloads\History.txt
2021-02-19 21:58 - 2021-01-17 17:00 - 000108436 _____ C:\Users\tomasek\Downloads\7-zip.chm
2021-02-19 21:58 - 2021-01-17 16:12 - 000003990 _____ C:\Users\tomasek\Downloads\License.txt
2021-02-19 21:58 - 2018-01-28 10:00 - 000000366 _____ C:\Users\tomasek\Downloads\descript.ion
2021-02-19 21:26 - 2021-02-19 21:26 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\FinlinSploit
2021-02-19 21:08 - 2021-02-19 21:08 - 000003548 _____ C:\Windows\system32\Tasks\bookingDesktopAppUpdateTaskMachineUA
2021-02-19 21:08 - 2021-02-19 21:08 - 000003424 _____ C:\Windows\system32\Tasks\bookingDesktopAppUpdateTaskMachineCore
2021-02-19 21:08 - 2021-02-19 21:08 - 000003268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.lnk
2021-02-19 21:08 - 2021-02-19 21:08 - 000000000 ____D C:\Program Files (x86)\bookingDesktopApp
2021-02-19 21:07 - 2021-02-19 21:08 - 000000000 ____D C:\Program Files (x86)\Booking
2021-02-19 20:57 - 2021-02-19 20:57 - 000000000 ____D C:\Program Files (x86)\DabihKeennesscdvSetup
2021-02-18 19:34 - 2021-02-18 19:34 - 007220768 _____ C:\Users\tomasek\Downloads\§cGlitc§9h [16x].zip
2021-02-18 12:51 - 2021-03-03 10:13 - 000000000 ____D C:\Program Files (x86)\IBuddy
2021-02-18 12:51 - 2021-02-18 12:51 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taskbar system
2021-02-18 12:51 - 2021-02-18 12:51 - 000000000 ____D C:\Users\tomasek\AppData\Local\TaskbarSystem
2021-02-18 12:51 - 2021-02-18 12:51 - 000000000 ____D C:\Program Files (x86)\Digital Communications
2021-02-18 12:50 - 2021-03-03 12:22 - 000000000 ____D C:\Program Files (x86)\TraditionalCeryhe
2021-02-18 12:50 - 2021-02-19 21:56 - 000016438 _____ C:\Users\tomasek\AppData\Local\partner.bmp
2021-02-18 12:50 - 2021-02-18 12:50 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\PumoriRealm
2021-02-17 19:17 - 2021-02-17 19:17 - 000000000 ___HD C:\Users\tomasek\.Wurst encryption
2021-02-17 19:16 - 2021-02-17 19:16 - 000686157 _____ C:\Users\tomasek\Downloads\fabric-api-0.28.5+1.15.jar
2021-02-17 19:11 - 2021-02-17 19:11 - 000308924 _____ C:\Users\tomasek\Downloads\fabric-installer-0.6.1.51.jar
2021-02-17 18:14 - 2021-02-17 18:14 - 971727141 _____ C:\Users\tomasek\Downloads\512x Pulchra Revisited 1.13+.rar
2021-02-17 14:28 - 2021-02-17 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Sharpen AI
2021-02-17 14:27 - 2021-02-17 14:27 - 000002183 _____ C:\Users\tomasek\Desktop\Topaz Sharpen AI.lnk
2021-02-17 13:55 - 2021-02-17 14:28 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Topaz Labs LLC
2021-02-17 13:55 - 2021-02-17 14:28 - 000000000 ____D C:\Users\tomasek\AppData\Local\Topaz Labs LLC
2021-02-17 13:55 - 2021-02-17 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Gigapixel AI
2021-02-17 13:54 - 2021-02-17 14:28 - 000000000 ____D C:\ProgramData\Topaz Labs LLC
2021-02-17 13:54 - 2021-02-17 14:27 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Topaz Labs LLC
2021-02-17 13:54 - 2021-02-17 14:27 - 000000000 ____D C:\Program Files\Topaz Labs LLC
2021-02-17 13:54 - 2021-02-17 13:54 - 032757736 _____ (Topaz Labs LLC) C:\Users\tomasek\Downloads\TopazSharpenAI-Online-Installer.exe
2021-02-17 13:46 - 2021-02-17 13:46 - 029778664 _____ (Topaz Labs LLC) C:\Users\tomasek\Downloads\TopazGigapixelAI-Online-Installer.exe
2021-02-15 16:56 - 2021-02-15 17:27 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\CitizenFX
2021-02-15 16:55 - 2021-02-15 21:08 - 000000000 ____D C:\Users\tomasek\AppData\Local\DigitalEntitlements
2021-02-15 16:54 - 2021-03-03 11:53 - 000000000 ____D C:\Users\tomasek\AppData\Local\FiveM
2021-02-15 16:54 - 2021-02-15 17:49 - 000002142 _____ C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM.lnk
2021-02-15 16:54 - 2021-02-15 16:54 - 005539552 _____ (Cfx.re) C:\Users\tomasek\Downloads\FiveM.exe
2021-02-15 16:54 - 2021-02-15 16:54 - 000002134 _____ C:\Users\tomasek\Desktop\FiveM.lnk
2021-02-15 12:56 - 2021-02-15 12:56 - 005376627 _____ C:\Users\tomasek\Downloads\bandicam 2021-02-15 11-13-11-116.mp4
2021-02-15 11:01 - 2021-02-15 11:01 - 010615724 _____ C:\Users\tomasek\Downloads\Ĉ̴͉͇̝͉̃̊̇̓̉̑͂̾̕R̷͖͍̘͉̺̬̱̂̀̿Ù̵̧̧̞̙̯̻̍͑̚ͅN̵̡̛̺̝̲̣̥͓̒͂́͊͋͑͘̕ͅC̶̡̩͈̭̼̙͓͉̽̏Ȟ̷̨̲̲͎̚.mp4
2021-02-14 20:58 - 2021-02-14 20:58 - 017269612 _____ C:\Users\tomasek\Downloads\lucka VS já.mp4
2021-02-14 20:11 - 2021-02-14 20:11 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-02-14 20:11 - 2021-02-14 20:11 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-02-14 20:11 - 2021-02-14 20:11 - 001314112 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-02-14 20:11 - 2021-02-14 20:11 - 000231232 _____ C:\Windows\system32\containerdevicemanagement.dll
2021-02-14 20:11 - 2021-02-14 20:11 - 000010892 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-02-11 11:27 - 2021-02-11 11:27 - 000005918 _____ C:\Users\tomasek\Downloads\MotionBlurOnly.zip
2021-02-11 11:09 - 2021-02-11 11:09 - 000056820 _____ C:\Users\tomasek\Downloads\Patrix_1.16_models.zip
2021-02-11 11:08 - 2021-02-11 11:08 - 043351573 _____ C:\Users\tomasek\Downloads\Patrix_1.16_32x_basic.zip
2021-02-11 11:08 - 2021-02-11 11:08 - 002360612 _____ C:\Users\tomasek\Downloads\Patrix_1.16_32x_bonus.zip
2021-02-11 11:07 - 2021-02-11 11:08 - 006633452 _____ C:\Users\tomasek\Downloads\Patrix_1.16_32x_addon.zip
2021-02-09 21:23 - 2021-02-17 14:45 - 000000784 _____ C:\Users\tomasek\Desktop\Stažené soubory – zástupce.lnk
2021-02-09 20:17 - 2021-02-09 20:18 - 335086998 _____ C:\Users\tomasek\Downloads\Učím youtubery parkour #2 _ Wedry.mp4
2021-02-09 19:54 - 2021-02-09 19:54 - 045509412 _____ C:\Users\tomasek\Downloads\Chuchel #1.mp4
2021-02-09 17:04 - 2021-02-09 17:04 - 000000758 _____ C:\Users\tomasek\Downloads\Plocha – zástupce.lnk
2021-02-09 16:05 - 2021-02-09 16:05 - 000389633 _____ C:\Users\tomasek\Downloads\Inertia Client Installer.jar
2021-02-09 13:43 - 2021-02-09 13:44 - 015116066 _____ C:\Users\tomasek\Downloads\Moon (1).rar
2021-02-09 13:00 - 2021-02-09 13:00 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Goldberg SteamEmu Saves
2021-02-09 13:00 - 2021-02-09 13:00 - 000000000 ____D C:\Users\tomasek\AppData\LocalLow\Innersloth
2021-02-09 12:58 - 2021-02-09 12:59 - 109920864 _____ C:\Users\tomasek\Downloads\AMONG US (v2020.12.9s) @MaStEr F.zip
2021-02-09 12:57 - 2021-02-09 12:57 - 000000000 ____D C:\Users\tomasek\AppData\Local\Alizer
2021-02-07 19:59 - 2021-02-07 19:59 - 001245104 _____ C:\Users\tomasek\Downloads\filmorapro_setup_full4622 (1).exe
2021-02-07 19:58 - 2021-02-07 19:58 - 001113520 _____ C:\Users\tomasek\Downloads\filmora_setup_full846 (1).exe
2021-02-07 19:48 - 2021-02-07 19:48 - 004325374 _____ C:\Users\tomasek\Downloads\mimiko.wfpproj
2021-02-07 19:22 - 2021-02-07 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare FilmoraPro
2021-02-07 19:22 - 2021-02-07 19:22 - 000001246 _____ C:\Users\tomasek\Desktop\Wondershare FilmoraPro.lnk
2021-02-07 19:21 - 2021-02-07 19:21 - 001245104 _____ C:\Users\tomasek\Downloads\filmorapro_setup_full4622.exe
2021-02-07 18:56 - 2021-02-07 18:56 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2020.lnk
2021-02-07 18:40 - 2021-02-07 18:40 - 015991240 _____ C:\Users\tomasek\Downloads\mimi.mp4
2021-02-07 17:54 - 2021-02-07 17:54 - 003242191 _____ C:\Users\tomasek\Downloads\Fire Green Screen (2).mp4
2021-02-07 17:42 - 2021-02-07 17:42 - 201547282 _____ C:\Users\tomasek\Downloads\Rounded Neon Multicolored lines Background Looped Animation HD _ Free Version.mp4
2021-02-06 17:31 - 2021-02-06 17:31 - 102372728 _____ C:\Users\tomasek\Downloads\FilmoraX.zip
2021-02-06 17:22 - 2021-02-06 17:22 - 001113520 _____ C:\Users\tomasek\Downloads\filmora_setup_full846.exe
2021-02-06 17:12 - 2021-02-06 17:16 - 297860020 _____ C:\Users\tomasek\Downloads\_Getintopc.com_Wondershare_Filmora_v10.0.0.94x64_Multilingual.rar

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-08 22:02 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-08 20:23 - 2021-01-21 09:44 - 000004216 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0087AB00-A545-4531-AFE1-404CF38D4D3A}
2021-03-08 17:47 - 2019-12-07 15:41 - 000682184 _____ C:\Windows\system32\perfh005.dat
2021-03-08 17:47 - 2019-12-07 15:41 - 000137000 _____ C:\Windows\system32\perfc005.dat
2021-03-08 17:47 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-03-08 17:47 - 2019-12-07 08:12 - 001605602 _____ C:\Windows\system32\PerfStringBackup.INI
2021-03-08 17:41 - 2021-02-03 22:13 - 000000000 ____D C:\Intel
2021-03-08 17:41 - 2019-12-07 08:10 - 000000000 ____D C:\Users\tomasek
2021-03-08 17:41 - 2019-12-07 08:07 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-08 17:41 - 2019-12-07 08:07 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-03-08 17:41 - 2019-12-07 08:07 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-03-08 12:43 - 2020-12-16 15:57 - 000000000 ____D C:\Users\tomasek\AppData\Local\D3DSCache
2021-03-08 12:21 - 2021-01-02 18:48 - 000707544 _____ C:\Users\tomasek\Downloads\microphone.blend
2021-03-08 11:13 - 2020-12-24 20:26 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\.minecraft
2021-03-08 11:12 - 2020-12-30 20:52 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\.tlauncher
2021-03-08 10:27 - 2020-12-25 12:43 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\discord
2021-03-07 20:39 - 2019-12-07 08:07 - 000573768 _____ C:\Windows\system32\FNTCACHE.DAT
2021-03-07 17:13 - 2021-01-05 14:19 - 000000000 ____D C:\Users\tomasek\AppData\Local\GeometryDash
2021-03-07 13:35 - 2021-01-16 10:30 - 000000000 ____D C:\Program Files (x86)\Steam
2021-03-07 10:09 - 2021-01-02 09:52 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Mine_imator
2021-03-06 22:09 - 2020-12-30 11:50 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\LGHUB
2021-03-06 21:17 - 2020-12-24 20:47 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\audacity
2021-03-06 19:04 - 2020-12-26 22:36 - 000000000 ____D C:\Users\tomasek\AppData\Local\Adobe
2021-03-06 18:58 - 2019-12-07 08:10 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Adobe
2021-03-06 13:48 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-06 13:48 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-03-06 12:51 - 2019-12-07 08:07 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-03-06 12:49 - 2020-12-27 10:51 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-06 12:48 - 2020-12-30 11:50 - 000000000 ____D C:\Users\tomasek\AppData\Local\LGHUB
2021-03-05 16:21 - 2021-01-22 14:57 - 000000000 ____D C:\Users\tomasek\AppData\Local\Voicemod
2021-03-05 16:21 - 2021-01-22 14:56 - 000000000 ____D C:\ProgramData\Voicemod
2021-03-05 16:21 - 2021-01-22 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voicemod Desktop
2021-03-05 16:21 - 2021-01-22 14:56 - 000000000 ____D C:\Program Files\Voicemod Desktop
2021-03-05 13:35 - 2021-01-05 14:26 - 000004226 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1609853199
2021-03-05 13:35 - 2021-01-05 14:26 - 000001415 _____ C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2021-03-04 07:57 - 2020-12-27 10:50 - 000003584 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-04 07:57 - 2020-12-27 10:50 - 000003460 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-03 21:33 - 2021-01-17 20:14 - 000000256 _____ C:\Users\tomasek\AppData\LocalLow\rbxcsettings.rbx
2021-03-03 12:23 - 2020-12-25 13:26 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\lunarclient
2021-03-03 12:22 - 2020-12-16 15:48 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2021-03-03 12:22 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-03-03 11:19 - 2021-01-24 17:21 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2021-03-03 11:18 - 2021-01-24 10:57 - 000000000 ____D C:\Program Files\Rockstar Games
2021-03-03 10:13 - 2021-02-02 17:12 - 000000000 ____D C:\Users\tomasek\AppData\Local\Secure File Deleter 6
2021-03-02 20:15 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-03-02 17:11 - 2020-12-25 17:59 - 000000000 ____D C:\Users\tomasek\Documents\Bandicam
2021-03-02 17:02 - 2021-01-07 14:28 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2021-03-02 16:17 - 2020-12-25 17:58 - 000000000 ____D C:\Program Files (x86)\Bandicam
2021-03-02 16:12 - 2020-12-25 17:58 - 000000000 ____D C:\Program Files (x86)\BandiMPEG1
2021-03-02 13:18 - 2021-01-31 14:50 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\HandBrake
2021-03-02 08:00 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-03-01 22:24 - 2020-12-26 22:45 - 000000000 ____D C:\Program Files (x86)\Bandicam.v4.1.3 ( CZ HanzyKisik )
2021-03-01 21:08 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-03-01 11:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-02-28 19:36 - 2019-12-07 08:10 - 000000000 ____D C:\Users\tomasek\AppData\Local\ConnectedDevicesPlatform
2021-02-28 19:25 - 2020-12-25 12:43 - 000000000 ____D C:\Users\tomasek\AppData\Local\SquirrelTemp
2021-02-27 13:08 - 2021-02-05 15:46 - 000000000 ___RD C:\Users\tomasek\Documents\MAGIX
2021-02-27 13:08 - 2021-02-05 15:46 - 000000000 ____D C:\ProgramData\MAGIX
2021-02-27 13:08 - 2021-02-05 15:46 - 000000000 ____D C:\Program Files (x86)\MAGIX
2021-02-27 13:08 - 2021-02-05 15:42 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\MAGIX
2021-02-27 13:08 - 2020-12-17 10:20 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-27 12:14 - 2019-12-07 08:12 - 000003384 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2880034797-3857021402-3440946435-1001
2021-02-27 12:14 - 2019-12-07 08:12 - 000000000 ___RD C:\Users\tomasek\OneDrive
2021-02-27 12:14 - 2019-12-07 08:10 - 000002371 _____ C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-26 21:35 - 2021-01-17 20:14 - 000000000 ____D C:\Users\tomasek\AppData\Local\Roblox
2021-02-24 11:08 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2021-02-23 18:54 - 2021-01-07 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-02-23 18:53 - 2021-01-07 14:28 - 000000000 ____D C:\Program Files\Wondershare
2021-02-23 18:44 - 2020-12-16 15:57 - 000000000 ____D C:\Users\tomasek\AppData\Local\AMD
2021-02-22 11:17 - 2021-01-24 10:56 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-20 17:01 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\NDF
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Keywords
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Keywords
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-02-15 08:14 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-15 08:14 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2021-02-14 21:05 - 2020-12-24 20:26 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-02-14 20:08 - 2020-12-26 22:30 - 000000000 ____D C:\Windows\system32\MRT
2021-02-14 20:07 - 2020-12-26 20:37 - 130141752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-02-10 21:16 - 2021-02-02 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure File Deleter 6
2021-02-10 21:15 - 2021-02-05 15:46 - 000000574 _____ C:\Windows\Tasks\MAGIX PC Check & Tuning 2021 (PCMaintainService.exe).job
2021-02-10 21:15 - 2021-02-05 15:46 - 000000422 _____ C:\Windows\Tasks\MAGIX PC Check & Tuning 2021.job
2021-02-10 21:09 - 2021-02-03 22:13 - 000000000 __SHD C:\Users\tomasek\IntelGraphicsProfiles
2021-02-07 19:22 - 2021-01-15 15:28 - 000000000 ____D C:\Users\tomasek\AppData\Local\cache
2021-02-07 19:22 - 2021-01-07 14:30 - 000000000 ____D C:\ProgramData\Wondershare
2021-02-07 19:22 - 2021-01-07 14:29 - 000000000 ____D C:\Users\tomasek\AppData\Local\Wondershare
2021-02-07 19:22 - 2021-01-07 14:28 - 000000000 ____D C:\Users\tomasek\Documents\Wondershare
2021-02-07 18:56 - 2020-12-26 22:37 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-02-07 18:56 - 2020-12-26 22:37 - 000000000 ____D C:\Program Files\Adobe
2021-02-07 17:05 - 2021-01-01 19:17 - 000000000 ____D C:\Users\tomasek\Documents\Audacity
2021-02-06 10:58 - 2021-02-02 17:52 - 000000004 _____ C:\ProgramData\rc.dat
2021-02-06 10:58 - 2021-02-02 17:51 - 000000004 _____ C:\ProgramData\lock.dat
2021-02-06 10:49 - 2021-02-02 17:50 - 000000000 ____D C:\ProgramData\TranslateService

==================== Files in the root of some directories ========

2021-02-02 17:51 - 2021-02-06 10:58 - 000000004 _____ () C:\ProgramData\lock.dat
2021-02-02 17:52 - 2021-02-06 10:58 - 000000004 _____ () C:\ProgramData\rc.dat
2021-02-02 17:51 - 2021-02-02 17:51 - 000000008 _____ () C:\ProgramData\ts.dat
2021-01-31 11:16 - 2021-01-31 11:17 - 193255194 _____ (rocksdanister ) C:\Users\tomasek\lively_setup_x86_full_v1180.exe
2021-02-22 19:07 - 2021-02-22 19:16 - 3240346760 _____ () C:\Users\tomasek\AppData\Roaming\10.txt
2021-02-22 19:07 - 2021-02-23 11:28 - 2257350816 _____ () C:\Users\tomasek\AppData\Roaming\2.txt
2021-02-22 19:07 - 2021-02-23 09:38 - 1570849912 _____ () C:\Users\tomasek\AppData\Roaming\3.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\4.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\5.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\6.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\7.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\8.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\9.txt
2020-12-30 17:38 - 2020-12-30 17:38 - 000000000 _____ () C:\Users\tomasek\AppData\Roaming\90e410a49ea95c18085aaf88ebbf8100.tmp
2021-02-20 08:41 - 2021-02-20 09:04 - 000000209 _____ () C:\Users\tomasek\AppData\Roaming\jjv5conf.json
2021-01-03 13:28 - 2021-01-03 13:28 - 000000015 _____ () C:\Users\tomasek\AppData\Roaming\obs-virtualcam.txt
2020-12-16 15:57 - 2021-02-01 18:16 - 001065984 _____ () C:\Users\tomasek\AppData\Local\file__0.localstorage
2021-02-20 19:58 - 2021-02-24 14:44 - 000000037 _____ () C:\Users\tomasek\AppData\Local\link.txt
2021-02-18 12:50 - 2021-02-19 21:56 - 000016438 _____ () C:\Users\tomasek\AppData\Local\partner.bmp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by tomasek (08-03-2021 22:08:17)
Running from C:\Users\tomasek\Downloads
Windows 10 Home Version 2004 19041.804 (X64) (2019-12-07 07:08:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2880034797-3857021402-3440946435-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2880034797-3857021402-3440946435-503 - Limited - Disabled)
Guest (S-1-5-21-2880034797-3857021402-3440946435-501 - Limited - Disabled)
tomasek (S-1-5-21-2880034797-3857021402-3440946435-1001 - Administrator - Enabled) => C:\Users\tomasek
WDAGUtilityAccount (S-1-5-21-2880034797-3857021402-3440946435-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_1_2) (Version: 17.1.2 - Adobe Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Audition 2020 (HKLM-x32\...\AUDT_13_0_12) (Version: 13.0.12 - Adobe Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
Adobe Flash Professional CS5 (HKLM-x32\...\{CFC9F871-7C40-40B6-BE4A-B98A5B309716}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1) (Version: 22.1.0.94 - Adobe Inc.)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_7) (Version: 14.7 - Adobe Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team)
Bandicam (HKLM-x32\...\Bandicam) (Version: 4.6.2.1699 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Blender (HKLM\...\{64FCD268-AF5F-403D-B51B-00BC2D47DD0B}) (Version: 2.91.0 - Blender Foundation)
Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B865FDD4-E96E-4166-BB69-6E8C207E3E29}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\{B865FDD4-E96E-4166-BB69-6E8C207E3E29}) (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (HKLM\...\{9464C064-AAC7-4416-BFE4-4C3C0232FC71}) (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (HKLM-x32\...\{5D0275EA-F3CE-450A-A5A3-F852E30CA46F}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (HKLM-x32\...\{994F3055-8433-46A7-8E1F-6CC7B68B01F0}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (HKLM-x32\...\{EFB8E269-0619-475B-8C5B-96F98551AA33}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (HKLM-x32\...\{84749C5C-FA80-4779-BD96-544165A8CD31}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (HKLM-x32\...\{30FAE453-9F77-4F70-928E-042BEF00D011}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (HKLM-x32\...\{41263A64-D276-484F-9056-AD58C8995E35}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (HKLM-x32\...\{8DADD35F-49CE-4D18-AE6D-135DD150E74F}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (HKLM-x32\...\{7F5DE3F2-5865-4D4A-89D1-AAEFE1F96E50}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (HKLM-x32\...\{657EAD32-8E7A-43C0-A794-3BB31B00DC34}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (HKLM-x32\...\{D29A4F85-0FB7-4E54-B591-044652C4295F}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (HKLM-x32\...\{0A0143FF-ECB5-4960-A2E0-DC3150ABBBE0}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (HKLM-x32\...\{950055ED-DC61-4874-8EDB-E5CDE1D218CD}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (HKLM-x32\...\{F3286FA3-DF68-4948-8D1D-ED3A539077B3}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (HKLM-x32\...\{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (HKLM-x32\...\{877522BE-A318-4603-9B00-DF319C6FA2B1}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (HKLM-x32\...\{4C614BD3-607E-4289-BB51-4D87EC7BBD62}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (HKLM-x32\...\{246FE426-2661-4DD6-9603-DF2E6832387C}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (HKLM-x32\...\_{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.0.0.491 - Corel Corporation)
CorelDRAW Graphics Suite X7 (HKLM-x32\...\{08A60D9D-C206-46BF-9602-1F2616878CF7}) (Version: 17.0 - Corel Corporation) Hidden
CREY (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\CREY) (Version: - Bitglobe ApS)
Discord (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Excel (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
FiveM (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\CitizenFX_FiveM) (Version: - Cfx.re)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
GX Action Backup 4.6 (HKLM-x32\...\{A186BCE3-CA65-433C-9417-2A0375683719}_is1) (Version: 4.6 - GX Soft-Action, Inc.)
HandBrake 1.3.3 (HKLM-x32\...\HandBrake) (Version: 1.3.3 - )
HD Tune Pro 5.75 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Cheat Engine 7.2 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine)
IBuddy (HKLM-x32\...\IBuddy) (Version: 2.1.0.3 - IdleTime Software)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lively Wallpaper version 1.2.0.2 (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\{E3E43E1B-DEC8-44BF-84A6-243DBA3F2CB1}}_is1) (Version: 1.2.0.2 - rocksdanister)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: - Logitech)
Lunar Client (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.5.2 - Moonsworth, LLC)
MAGIX Common Components 1 (HKLM-x32\...\{E49CC9E6-4D76-42B5-B844-21F691F185AF}) (Version: 1.8.2.0 - MAGIX Software GmbH)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Fonts Package 2 (HKLM-x32\...\{701F3A9E-B00C-4EB4-8CFA-8DACAFCEA958}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX PC Check & Tuning 2021 (HKLM-x32\...\PC Check Tuning 2021_is1) (Version: 3.0.1844.0 - MAGIX Software GmbH)
MAGIX Soundpool Music Maker - Feel good (HKLM\...\{677F8E85-8686-476B-829A-D5ED9ECA16E6}) (Version: 1.0.1.0 - MAGIX Software GmbH) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Maxon Cinema 4D 22 (HKLM\...\Maxon Cinema 4D S22) (Version: S22 - Maxon)
Mega Hack version 5.4 (HKLM-x32\...\{9530A774-421F-4BC2-BB30-6DFE2AB278C4}_is1) (Version: 5.4 - Absolute)
Melodics version 2.1.5588.0 (HKLM\...\Melodics_is1) (Version: 2.1.5588.0 - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.45 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft OneDrive (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Teams) (Version: 1.4.00.4167 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.9 (x86) (HKLM-x32\...\{adb8593e-4b1d-48bf-a86f-d39db017d999}) (Version: 3.1.9.29323 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
Mine-imator 1.2.7 (HKLM-x32\...\{EF61A1AA-5F85-4E94-ACC6-D5650A312AE6}}_is1) (Version: 1.2.7 - David Norgren)
Music Maker (64-Bit) (HKLM\...\{500A036B-F08F-4E9E-ADC0-4EF3BA4D6C0D}) (Version: 29.0.4.25 - MAGIX Software GmbH) Hidden
Music Maker (64-Bit) (HKLM\...\MX.{500A036B-F08F-4E9E-ADC0-4EF3BA4D6C0D}) (Version: 29.0.4.25 - MAGIX Software GmbH)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.0 - OBS Project)
OpenIV (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\OpenIV) (Version: 4.0.1.1452 - .black/OpenIV Team)
Opera Stable 74.0.3911.203 (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Opera 74.0.3911.203) (Version: 74.0.3911.203 - Opera Software)
Outlook (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
ReelSmart Motion Blur v5 for After Effects and Premiere Pro (HKLM\...\ReelSmart Motion Blur v5 for After Effects and Premiere Pro 5.1.8) (Version: 5.1.8 - RE:Vision Effects)
Roblox Player for tomasek (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for tomasek (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\roblox-studio) (Version: - Roblox Corporation)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.35.340 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.9 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Taskbar system version 1.0.0.2 (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\{C40E1200-5BEC-410C-B3C5-F7B475729D42}_is1) (Version: 1.0.0.2 - Taskbar system)
TBIView 4.54b - TBIMount 1.23a - TBIHD 1.03 (HKLM-x32\...\{3368C32B-A096-4e82-B9C3-76572D693A58}_is1) (Version: - TeraByte Unlimited)
TeraByte Drive Image Backup and Restore Suite 3.42 Trial (HKLM-x32\...\{47BFB85A-8D4F-4c78-95CB-12A06E0C7215}_is1) (Version: - TeraByte Unlimited)
Topaz Gigapixel AI (HKLM\...\Topaz Gigapixel AI 5.4.4) (Version: 5.4.4 - Topaz Labs LLC)
Topaz Sharpen AI (HKLM\...\Topaz Sharpen AI 2.2.3) (Version: 2.2.3 - Topaz Labs LLC)
Update Notifier (HKLM\...\{9387807D-92D3-4DF3-B500-C7C81A353809}) (Version: 3.0.0.50 - MAGIX Software GmbH) Hidden
Update Notifier (HKLM\...\MX.{9387807D-92D3-4DF3-B500-C7C81A353809}) (Version: 3.0.0.50 - MAGIX Software GmbH)
VEGAS Pro 18.0 (HKLM\...\{75111FE1-CE55-11EA-8B12-00155D43CFCE}) (Version: 18.0.284 - VEGAS)
Vita Concert Grand LE (HKLM\...\{2C61CE04-1EEF-4582-ABBA-B9CCFC3743EB}) (Version: 2.4.0.96 - MAGIX Software GmbH) Hidden
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Voicemod (HKLM\...\{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1) (Version: 2.7.0.6 - Voicemod S.L.)
VSDC Free Video Editor version 6.6.4.265 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.6.4.265 - Flash-Integro LLC)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.200 - McAfee, LLC)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Wondershare Filmora X(Build 10.1.20.16) (HKLM\...\Wondershare Filmora X_is1) (Version: - Wondershare Software)
Wondershare Filmora(Build 7.8.9) (HKLM-x32\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare FilmoraPro (HKLM\...\{92F289A8-A52F-4779-8382-4B91055D7D8D}) (Version: 2.3.10723.54848 - Wondershare)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Word (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
xBot (HKLM-x32\...\xBot) (Version: 2.18 - AndxArtZ)
Xydia version 1.3.0 (HKLM-x32\...\{602064EF-1084-4E36-BBB9-8E8A8B78B54C}_is1) (Version: 1.3.0 - Xyba Studios / Xyba)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-02] (Microsoft Studios) [MS Ad]
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-02-03] (INTEL CORP) [Startup Task]
PowerPoint -> C:\Program Files\WindowsApps\powerpoint.office.com-8D456796_1.0.0.0_neutral__sxc7ffma4ybfy [2021-01-27] (powerpoint.office.com)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0 [2021-03-06] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\tomasek\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-31] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-31] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-31] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-31] (Adobe Inc. -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-31] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\Windows\system32\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

2021-01-06 14:47 - 2021-03-04 12:36 - 000016384 _____ () [File not signed] [File is in use] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\livelycefproperties.dll
2021-01-06 14:47 - 2021-03-04 12:36 - 000030720 _____ () [File not signed] [File is in use] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\livelygrid.dll
2021-01-06 14:47 - 2021-03-04 12:36 - 000016384 _____ () [File not signed] [File is in use] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\livelyscreenlayout.dll
2021-01-06 14:47 - 2021-03-04 12:36 - 000046592 _____ () [File not signed] [File is in use] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\livelysettings.dll
2021-01-07 14:29 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2021-01-07 14:29 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2021-01-06 14:47 - 2020-04-17 02:01 - 000244224 _____ () [File not signed] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\MSVCP140_APP.dll
2021-01-06 14:47 - 2020-04-17 02:01 - 000013312 _____ () [File not signed] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\VCRUNTIME140_APP.dll
2021-01-06 14:47 - 2020-10-13 07:59 - 000179712 _____ (Dominic Jonas) [File not signed] [File is in use] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\NLogViewer.dll
2021-01-06 14:47 - 2021-02-13 21:02 - 000998912 _____ (GitHub) [File not signed] [File is in use] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\Octokit.dll
2021-01-29 10:17 - 2021-02-02 17:12 - 153865320 _____ (Google LLC -> Google LLC) [File not signed] C:\Program Files\Google\Chrome\Application\88.0.4324.104\chrome.dll
2021-01-06 14:47 - 2019-12-07 16:47 - 000056832 _____ (Linearstar) [File not signed] [File is in use] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\RawInput.Sharp.dll
2021-03-06 19:45 - 2021-02-08 01:09 - 000007680 _____ (livelySubProcess) [File not signed] [File is in use] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\plugins\subproc\livelySubProcess.dll
2021-01-06 14:47 - 2021-03-04 12:37 - 000939520 _____ (livelywpf) [File not signed] [File is in use] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\livelywpf.dll
2021-02-05 15:46 - 2019-12-19 11:04 - 002229248 _____ (MAGIX Software GmbH) [File not signed] C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2021\MFL_rel_u_vc12.dll
2021-02-05 15:46 - 2019-12-19 11:04 - 001767424 _____ (MAGIX Software GmbH) [File not signed] C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2021\VistaCooperation_rel_u_vc12.dll
2021-03-06 19:45 - 2021-01-06 17:55 - 000006144 _____ (ModernWpf) [File not signed] [File is in use] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\cs\ModernWpf.resources.dll
2021-01-06 14:47 - 2021-01-06 17:55 - 000902144 _____ (ModernWpf) [File not signed] [File is in use] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\ModernWpf.dll
2021-01-06 14:47 - 2021-01-06 17:55 - 000697344 _____ (ModernWpf.Controls) [File not signed] [File is in use] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\ModernWpf.Controls.dll
2021-01-06 14:47 - 2021-01-20 23:07 - 000819712 _____ (NLog) [File not signed] [File is in use] C:\Users\tomasek\AppData\Local\Programs\Lively Wallpaper\NLog.dll
2021-01-07 14:29 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2021-01-07] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-02-12] (McAfee, LLC -> McAfee, LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2021-01-07] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-02-12] (McAfee, LLC -> McAfee, LLC)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2020-12-26 22:45 - 000000900 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.0 www.bandicam.co.kr
0.0.0.0 www.bandicam.com
0.0.0.0 bandicam.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%INTEL_DEV_REDIST%redist\intel64\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{988D6D5C-1F3F-4CDC-9F60-84F14C52A1AC}C:\users\tomasek\appdata\roaming\.minecraft\sigma\jre1.8.0_202\bin\java.exe] => (Block) C:\users\tomasek\appdata\roaming\.minecraft\sigma\jre1.8.0_202\bin\java.exe
FirewallRules: [UDP Query User{308B3B91-9CB0-4235-989F-67818EDFCAD5}C:\users\tomasek\appdata\roaming\.minecraft\sigma\jre1.8.0_202\bin\java.exe] => (Block) C:\users\tomasek\appdata\roaming\.minecraft\sigma\jre1.8.0_202\bin\java.exe
FirewallRules: [TCP Query User{5D6A9495-06AF-420F-B327-BF51A5440A16}C:\users\tomasek\.lunarclient\offline\jre\jre1.8.0_131\bin\javaw.exe] => (Block) C:\users\tomasek\.lunarclient\offline\jre\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{93343B67-0B6C-46EC-9FDD-9442EB7582F6}C:\users\tomasek\.lunarclient\offline\jre\jre1.8.0_131\bin\javaw.exe] => (Block) C:\users\tomasek\.lunarclient\offline\jre\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{C4F855FF-E3A5-4A41-B431-B9D5B12C65E2}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{DDD85B79-56E2-4927-BEB7-F332E11A03E4}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{EA579AB8-EA1A-44D8-8BEF-E4F7047DABC7}C:\program files\lghub\lghub_agent.exe] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{A0F466E9-05A4-4B75-AC06-BF0018015DA3}C:\program files\lghub\lghub_agent.exe] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{567C3516-3969-49C6-8BD1-7DD52811F759}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{A3C0B6AC-C80B-4482-9AF1-5EE5DFE52031}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{FDA4655C-58F4-4D60-84D9-FB76ABE91F3A}C:\program files (x86)\vb\voicemeeter\vban2midi.exe] => (Block) C:\program files (x86)\vb\voicemeeter\vban2midi.exe (Vincent Burel -> Audio Mechanic & Sound Breeder)
FirewallRules: [UDP Query User{141162F5-8AF0-4C13-ADC9-DE4F5CCD46E2}C:\program files (x86)\vb\voicemeeter\vban2midi.exe] => (Block) C:\program files (x86)\vb\voicemeeter\vban2midi.exe (Vincent Burel -> Audio Mechanic & Sound Breeder)
FirewallRules: [TCP Query User{B5EB6A6E-13F3-4A81-9AD5-ADE9AD40AF0F}C:\program files\lghub\lghub_agent.exe] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{B24B55C6-8D34-45F6-B17A-8AA8C5788219}C:\program files\lghub\lghub_agent.exe] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{8D3FFAF2-C2BA-4EE9-89FD-625E4BBDCB98}C:\program files (x86)\vb\voicemeeter\voicemeetermacrobuttons.exe] => (Block) C:\program files (x86)\vb\voicemeeter\voicemeetermacrobuttons.exe (Vincent Burel -> Audio Mechanic & Sound Breeder)
FirewallRules: [UDP Query User{1D0A537C-114A-4660-A3B0-AA4394CCE0AC}C:\program files (x86)\vb\voicemeeter\voicemeetermacrobuttons.exe] => (Block) C:\program files (x86)\vb\voicemeeter\voicemeetermacrobuttons.exe (Vincent Burel -> Audio Mechanic & Sound Breeder)
FirewallRules: [TCP Query User{13DE29CE-438E-4010-95BB-6F215ABDCD37}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [UDP Query User{705DBC7F-7F17-4F02-8E21-260289468676}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [{8E5C5E90-3F5C-4D6A-A549-9A316C4FEEBC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{94E2091E-CD2D-406D-8A40-153DC40216C8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{D01E5202-509E-449D-B46E-02230A42FDFE}C:\users\tomasek\desktop\vape_v4.exe] => (Allow) C:\users\tomasek\desktop\vape_v4.exe => No File
FirewallRules: [UDP Query User{E8C7B50F-ECC1-4B0F-91AB-3B943A3D3B31}C:\users\tomasek\desktop\vape_v4.exe] => (Allow) C:\users\tomasek\desktop\vape_v4.exe => No File
FirewallRules: [{B3EFD028-05A8-4270-8C9F-7F05FE36783D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3480D73D-1BDE-4781-896D-F86596DE6301}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{F57D01D3-80B6-481D-89FB-EE8A9FA67010}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StickFightTheGame\StickFight.exe () [File not signed]
FirewallRules: [{5563178C-FB14-4A0A-BBBC-E4DCD2C58CDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StickFightTheGame\StickFight.exe () [File not signed]
FirewallRules: [TCP Query User{C4002433-3858-4D0B-AAEA-445F28D86692}C:\users\tomasek\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe] => (Block) C:\users\tomasek\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe
FirewallRules: [UDP Query User{2833526C-1069-499B-A88D-D3118E788F22}C:\users\tomasek\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe] => (Block) C:\users\tomasek\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe
FirewallRules: [TCP Query User{39A90571-AD39-4C48-A131-174B35B4AC60}C:\users\tomasek\appdata\local\temp\rar$exa3024.13179\tube.tycoon\tube tycoon\tube tycoon.exe] => (Allow) C:\users\tomasek\appdata\local\temp\rar$exa3024.13179\tube.tycoon\tube tycoon\tube tycoon.exe => No File
FirewallRules: [UDP Query User{7B193943-C46A-423B-8F64-A7E0B747B871}C:\users\tomasek\appdata\local\temp\rar$exa3024.13179\tube.tycoon\tube tycoon\tube tycoon.exe] => (Allow) C:\users\tomasek\appdata\local\temp\rar$exa3024.13179\tube.tycoon\tube tycoon\tube tycoon.exe => No File
FirewallRules: [TCP Query User{FB41F9C0-338F-4046-A91D-2D2EB5BC9F15}C:\users\tomasek\appdata\local\temp\rar$exa7372.16383\tube.tycoon\tube tycoon\tube tycoon.exe] => (Allow) C:\users\tomasek\appdata\local\temp\rar$exa7372.16383\tube.tycoon\tube tycoon\tube tycoon.exe => No File
FirewallRules: [UDP Query User{02CBE93F-8A7C-4866-9CF0-4021532BA28A}C:\users\tomasek\appdata\local\temp\rar$exa7372.16383\tube.tycoon\tube tycoon\tube tycoon.exe] => (Allow) C:\users\tomasek\appdata\local\temp\rar$exa7372.16383\tube.tycoon\tube tycoon\tube tycoon.exe => No File
FirewallRules: [{4158B63F-FB8A-44A5-81E8-C28C6F214CE1}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{EB28CED6-3780-41F9-94A1-A3C0369D1CE6}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{2CFD35B6-FB6A-41E3-9219-568A8B6FC0B8}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC)
FirewallRules: [{1AD7EC85-4F10-41C4-BF53-3C10E4BFFDB7}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC)
FirewallRules: [{35DB2DDA-CA26-45D6-930F-C85EED0DE971}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC)
FirewallRules: [{6EFFF2AB-E91B-479B-A881-FCE7457223D4}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC)
FirewallRules: [{C6050740-ABD3-45DC-9316-AFC24297C05A}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC)
FirewallRules: [{A7C88CE6-0391-47B9-8068-FC81CEEE402A}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC)
FirewallRules: [TCP Query User{6B310C4B-07C5-4B67-A215-AFE64004DE5B}D:\gtav\gta5.exe] => (Block) D:\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{65B7285A-F300-45AE-8C16-324DB370211E}D:\gtav\gta5.exe] => (Block) D:\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{81EC7FA6-A62A-45EC-A935-80E4C78DBEEA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A8D38326-DC64-4BE6-BFBA-EE1B78FB7431}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3432CF65-B6A1-41D5-BF96-A9DA8D322591}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8FC2FA68-3F20-4B48-A799-96CE82B212E4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8DEBA9A2-A765-47E3-82BE-6C4B3D07EB27}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{19063CCD-6523-4C00-AC6C-83D3C5AC55B6}C:\users\tomasek\appdata\local\temp\rar$exa8120.8241\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa8120.8241\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{CD0C1FB0-D3D6-4CF1-A5E6-9CF25F7E5684}C:\users\tomasek\appdata\local\temp\rar$exa8120.8241\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa8120.8241\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [TCP Query User{9BB29097-528D-4864-863E-04120EDB5089}C:\users\tomasek\appdata\local\temp\rar$exa10320.13076\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10320.13076\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{D5D58E52-03CF-41CE-82BA-7F589EEA5456}C:\users\tomasek\appdata\local\temp\rar$exa10320.13076\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10320.13076\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [TCP Query User{20DC9595-43E7-4ACB-B8BA-4F598A518D88}C:\users\tomasek\appdata\local\temp\rar$exa1880.17018\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1880.17018\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{A93391CD-775C-4887-AC19-8BC2DD208AF9}C:\users\tomasek\appdata\local\temp\rar$exa1880.17018\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1880.17018\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [TCP Query User{D30A3658-A0F3-4AEE-BC7F-313D9964A75A}C:\users\tomasek\appdata\local\temp\rar$exa7332.49857\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa7332.49857\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{A20D869C-C2EC-4F90-AC06-F210CC8C282B}C:\users\tomasek\appdata\local\temp\rar$exa7332.49857\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa7332.49857\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [TCP Query User{1FE5E5A6-A532-45B0-AC4D-09851BB0041B}C:\users\tomasek\appdata\local\temp\rar$exa2024.49603\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa2024.49603\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [UDP Query User{F7BE151C-723C-42B3-9A69-746FAD7DADFA}C:\users\tomasek\appdata\local\temp\rar$exa2024.49603\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa2024.49603\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [TCP Query User{8BF4B984-E089-43BA-8345-8ACBA848EA1C}C:\users\tomasek\appdata\local\temp\rar$exa10848.28232\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10848.28232\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [UDP Query User{392CF501-8DBB-4DC6-89D2-E0D19140C5F8}C:\users\tomasek\appdata\local\temp\rar$exa10848.28232\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10848.28232\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [TCP Query User{70B090D1-52A7-46BA-A0A4-1D119B9E79C9}C:\users\tomasek\appdata\local\temp\rar$exa10848.36297\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10848.36297\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [UDP Query User{15146E8C-B331-4BC2-A4E4-B8920FF8070A}C:\users\tomasek\appdata\local\temp\rar$exa10848.36297\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10848.36297\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [TCP Query User{0CF5013D-287D-4A29-868E-4BEDF7F93D81}C:\users\tomasek\appdata\local\temp\rar$exa8296.13260\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa8296.13260\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [UDP Query User{AD76EA76-E999-4147-9D3D-C01B85BFF6CA}C:\users\tomasek\appdata\local\temp\rar$exa8296.13260\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa8296.13260\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [TCP Query User{8655B0CC-5D62-4806-9D38-284AD5F1700C}C:\users\tomasek\appdata\local\temp\rar$exa11028.22623\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa11028.22623\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [UDP Query User{9B7DE89C-F12F-454A-AA51-3F5CDC08A28A}C:\users\tomasek\appdata\local\temp\rar$exa11028.22623\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa11028.22623\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [TCP Query User{31F72760-6561-4F47-A754-B9FB58A305D3}C:\users\tomasek\appdata\local\temp\rar$exa3832.41731\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa3832.41731\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{9130FC91-5CB0-4365-9599-F69B3F852E17}C:\users\tomasek\appdata\local\temp\rar$exa3832.41731\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa3832.41731\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [{B7458BEC-1A8B-4A4F-9BE0-EECED640979D}] => (Allow) C:\Program Files\Common Files\MAGIX Services\Update Notifier\QMxNetworkSync.exe (MAGIX Software GmbH -> MAGIX)
FirewallRules: [{D0C187E7-0F7E-4BD9-BC9E-CE0219AF5822}] => (Allow) C:\Program Files\MAGIX\Music Maker\29\MusicMaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [TCP Query User{21DA2EDE-E91A-4D4F-9EA7-2AE87FA30B1D}C:\users\tomasek\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tomasek\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [File not signed]
FirewallRules: [UDP Query User{FB26248F-6329-4445-9831-F5DC1C43177E}C:\users\tomasek\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tomasek\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [File not signed]
FirewallRules: [{DAF42C8F-48E2-4E21-BE36-50FD3056E389}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A5E2169D-CCA6-4F1C-8C7B-88CD240F846A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{E1E11905-9D54-494D-8492-42F0855FDB6C}C:\users\tomasek\appdata\local\temp\rar$exa6640.16289\tube.tycoon\tube tycoon\tube tycoon.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa6640.16289\tube.tycoon\tube tycoon\tube tycoon.exe => No File
FirewallRules: [UDP Query User{A31E0D03-2B29-4DAE-B359-A419C7657F47}C:\users\tomasek\appdata\local\temp\rar$exa6640.16289\tube.tycoon\tube tycoon\tube tycoon.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa6640.16289\tube.tycoon\tube tycoon\tube tycoon.exe => No File
FirewallRules: [TCP Query User{33485E05-87C6-4A6E-9671-1812F08EFE73}C:\users\tomasek\appdata\local\temp\rar$exa13848.24458\tube.tycoon\tube tycoon\tube tycoon.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa13848.24458\tube.tycoon\tube tycoon\tube tycoon.exe => No File
FirewallRules: [UDP Query User{7F09273C-E4F5-4019-8238-A1B6C996A9F3}C:\users\tomasek\appdata\local\temp\rar$exa13848.24458\tube.tycoon\tube tycoon\tube tycoon.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa13848.24458\tube.tycoon\tube tycoon\tube tycoon.exe => No File
FirewallRules: [TCP Query User{67E6D092-2A62-4707-965A-6FC24AF63A5E}C:\users\tomasek\appdata\roaming\winhost\syswow.exe] => (Block) C:\users\tomasek\appdata\roaming\winhost\syswow.exe => No File
FirewallRules: [UDP Query User{471EA163-B559-48BB-80FB-23CB0A126F93}C:\users\tomasek\appdata\roaming\winhost\syswow.exe] => (Block) C:\users\tomasek\appdata\roaming\winhost\syswow.exe => No File
FirewallRules: [TCP Query User{3C94E08F-A93D-411D-AA60-2865277F3AC1}C:\users\tomasek\appdata\local\temp\rar$exb888.1361\among.us.v2020.12.9s_adrian29\among us.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exb888.1361\among.us.v2020.12.9s_adrian29\among us.exe => No File
FirewallRules: [UDP Query User{32582D14-B124-423B-94D8-0A3DDAF6C5BA}C:\users\tomasek\appdata\local\temp\rar$exb888.1361\among.us.v2020.12.9s_adrian29\among us.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exb888.1361\among.us.v2020.12.9s_adrian29\among us.exe => No File
FirewallRules: [TCP Query User{2AF4A34A-64E3-44EB-8435-A13BF04E687E}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{0D8CB387-1D3F-4B13-927D-2EC9CF9459FE}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [{3B7978CC-4C12-41E0-8FFA-F172889CB90D}] => (Allow) C:\Users\tomasek\AppData\Local\Programs\Opera\74.0.3911.160\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{DAD2A2D7-B850-4840-95C8-42CD17EB6FBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MAGIX\Music Maker Steam Edition\MusicMaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [{E5DBBE7B-D751-41C5-9CDD-4FF122DBC6D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MAGIX\Music Maker Steam Edition\MusicMaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [TCP Query User{94790FAF-9A08-43A3-93F4-3AA0ADA429E6}C:\users\tomasek\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\tomasek\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{6AB17062-831E-4435-A920-FBAE79726BB8}C:\users\tomasek\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\tomasek\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BFEA8D1B-428D-47FF-9DAB-7053B5687BEA}] => (Allow) C:\Users\tomasek\AppData\Local\Programs\Opera\74.0.3911.203\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{DC768F63-53C9-40C2-9624-4C23EE902907}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FF5192BF-9970-4C46-A883-E2E07EC81CA3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{251E88D3-909B-4007-9A6A-7E53F5E36882}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{365AC093-66C0-45B0-8238-E4D17ED5B059}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{48E1416F-2B07-462E-8A83-744C01A880A8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D2585744-51E6-4F79-88D4-A2D7FA0C82C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A5D8EB49-A193-45D4-A4DA-C2AE7F372A65}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4C0AFA59-6911-453F-AB2F-C6134D7331DE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

27-02-2021 13:08:16 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
02-03-2021 07:59:38 Instalační služba modulů systému Windows
07-03-2021 19:46:57 Nainstalováno rozhraní DirectX

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/07/2021 11:19:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Adobe Premiere Pro.exe verze 14.7.0.23 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 11a4

Čas spuštění: 01d713346f39ba24

Čas ukončení: 8

Cesta k aplikaci: C:\Program Files\Adobe\Adobe Premiere Pro 2020\Adobe Premiere Pro.exe

ID hlášení: 4e5e7dce-7497-4ecc-9741-332a06e0c241

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Cross-process

Error: (03/05/2021 07:56:15 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (03/02/2021 08:23:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Air.exe, verze: 1.0.0.0, časové razítko: 0x5ae793a7
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0xb610d74d
Kód výjimky: 0xc000041d
Posun chyby: 0x0012a8b2
ID chybujícího procesu: 0x1f68
Čas spuštění chybující aplikace: 0x01d70f99709dda90
Cesta k chybující aplikaci: C:\Users\tomasek\Downloads\Air.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID zprávy: 8b0cb6d4-d13d-4e8b-a38e-82c1edf6002a
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/02/2021 08:23:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Air.exe, verze: 1.0.0.0, časové razítko: 0x5ae793a7
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0xb610d74d
Kód výjimky: 0xc0020001
Posun chyby: 0x0012a8b2
ID chybujícího procesu: 0x1f68
Čas spuštění chybující aplikace: 0x01d70f99709dda90
Cesta k chybující aplikaci: C:\Users\tomasek\Downloads\Air.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID zprávy: 515048b1-5bb2-4505-864e-49e3e59dac87
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/02/2021 08:23:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Air.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: kód výjimky c0020001, adresa výjimky 7559A8B2
Zásobník:

Error: (03/02/2021 08:21:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Air.exe, verze: 1.0.0.0, časové razítko: 0x5ae793a7
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0xb610d74d
Kód výjimky: 0xc000041d
Posun chyby: 0x0012a8b2
ID chybujícího procesu: 0x2c70
Čas spuštění chybující aplikace: 0x01d70f98e10fa0dc
Cesta k chybující aplikaci: C:\Users\tomasek\Downloads\Air.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID zprávy: db4a6b90-29a0-49cc-b0fc-8a0f806a035c
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/02/2021 08:21:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Air.exe, verze: 1.0.0.0, časové razítko: 0x5ae793a7
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0xb610d74d
Kód výjimky: 0xc0020001
Posun chyby: 0x0012a8b2
ID chybujícího procesu: 0x2c70
Čas spuštění chybující aplikace: 0x01d70f98e10fa0dc
Cesta k chybující aplikaci: C:\Users\tomasek\Downloads\Air.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID zprávy: c7ba30f3-105c-4bad-a7af-99345ebe6995
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/02/2021 08:21:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Air.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: kód výjimky c0020001, adresa výjimky 7559A8B2
Zásobník:


System errors:
=============
Error: (03/08/2021 05:41:16 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Počítač byl restartován z procesu kontroly chyb. Kontrola chyb: 0x00000139 (0x0000000000000003, 0xffffa78959a3cad0, 0xffffa78959a3ca28, 0x0000000000000000). Výpis byl uložen do: C:\Windows\MEMORY.DMP. ID hlášení: 65eaeab6-f4b6-4eed-ab6f-e77fdb4a4e74

Error: (03/08/2021 05:41:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba avast! Tools závisí na službě avast! Antivirus, která neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (03/08/2021 05:41:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba avast! Antivirus neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (03/08/2021 05:41:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby avast! Antivirus bylo dosaženo časového limitu (45000 ms).

Error: (03/08/2021 05:41:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba cplspcon byla ukončena s následující chybou:
Nespecifikovaná chyba

Error: (03/08/2021 05:41:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (17:40:22, ‎08.‎03.‎2021) bylo neočekávané.

Error: (03/08/2021 10:39:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba avast! Tools závisí na službě avast! Antivirus, která neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (03/08/2021 10:39:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba avast! Antivirus neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.


Windows Defender:
================
Date: 2021-03-07 16:54:44
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {224BC3FC-E005-478F-AA8F-FB9133CE2114}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-05 19:28:25
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {EA2A5FB0-8FE1-46C5-BFEF-6A9BBC6577AB}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-03 12:23:46
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\real-time protection\\DisableBehaviorMonitoring
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2194.0, AS: 1.331.2194.0, NIS: 0.0.0.0
Verze modulu: AM: 1.1.17800.5, NIS: 0.0.0.0

Date: 2021-03-02 20:16:12
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\real-time protection\\DisableBehaviorMonitoring
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.331.2123.0, AS: 1.331.2123.0, NIS: 0.0.0.0
Verze modulu: AM: 1.1.17800.5, NIS: 0.0.0.0

Date: 2021-03-01 22:43:25
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Backdoor:Win32/Bladabindi!ml
Závažnost: Vážné
Kategorie: Zadní vrátka
Cesta: file:_C:\Users\tomasek\Downloads\Zeus 0.2.32.zip
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-3JV1PF5\tomasek
Název procesu: C:\Users\tomasek\Downloads\FRST64.exe
Verze bezpečnostních informací: AV: 1.331.2114.0, AS: 1.331.2114.0, NIS: 1.331.2114.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5

CodeIntegrity:
===============
Date: 2021-03-01 20:12:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-03-01 18:49:51
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\WebDiscoverBrowser\4.28.2\browser.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\rlls.dll that did not meet the Microsoft signing level requirements.

Date: 2021-03-01 08:00:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\tomasek\AppData\Local\Microsoft\Teams\current\Teams.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-28 09:53:19
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 2403 08/07/2020
Motherboard: ASUSTeK COMPUTER INC. TUF Z370-PLUS GAMING
Processor: Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz
Percentage of memory in use: 32%
Total physical RAM: 16320.64 MB
Available physical RAM: 10998.51 MB
Total Virtual: 21440.64 MB
Available Virtual: 13725.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.86 GB) (Free:13.26 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:298.09 GB) (Free:58 GB) NTFS
Drive e: (Nový svazek) (Fixed) (Total:931.51 GB) (Free:924.26 GB) NTFS

\\?\Volume{4a8a475f-654d-4693-858e-6fe43acd1535}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{b9408d54-7697-4b86-8d69-36afb3c71913}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 225303D0)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 63C90FA7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Jen pro kontrolu

#4 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
C:\DumpStack.log.tmp
C:\Users\tomasek\AppData\Roaming\90e410a49ea95c18085aaf88ebbf8100.tmp
FirewallRules: [TCP Query User{D01E5202-509E-449D-B46E-02230A42FDFE}C:\users\tomasek\desktop\vape_v4.exe] => (Allow) C:\users\tomasek\desktop\vape_v4.exe => No File
FirewallRules: [UDP Query User{E8C7B50F-ECC1-4B0F-91AB-3B943A3D3B31}C:\users\tomasek\desktop\vape_v4.exe] => (Allow) C:\users\tomasek\desktop\vape_v4.exe => No File
FirewallRules: [{B3EFD028-05A8-4270-8C9F-7F05FE36783D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3480D73D-1BDE-4781-896D-F86596DE6301}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{19063CCD-6523-4C00-AC6C-83D3C5AC55B6}C:\users\tomasek\appdata\local\temp\rar$exa8120.8241\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa8120.8241\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{CD0C1FB0-D3D6-4CF1-A5E6-9CF25F7E5684}C:\users\tomasek\appdata\local\temp\rar$exa8120.8241\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa8120.8241\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [TCP Query User{9BB29097-528D-4864-863E-04120EDB5089}C:\users\tomasek\appdata\local\temp\rar$exa10320.13076\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10320.13076\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{D5D58E52-03CF-41CE-82BA-7F589EEA5456}C:\users\tomasek\appdata\local\temp\rar$exa10320.13076\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10320.13076\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [TCP Query User{20DC9595-43E7-4ACB-B8BA-4F598A518D88}C:\users\tomasek\appdata\local\temp\rar$exa1880.17018\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1880.17018\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{A93391CD-775C-4887-AC19-8BC2DD208AF9}C:\users\tomasek\appdata\local\temp\rar$exa1880.17018\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1880.17018\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [TCP Query User{D30A3658-A0F3-4AEE-BC7F-313D9964A75A}C:\users\tomasek\appdata\local\temp\rar$exa7332.49857\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa7332.49857\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{A20D869C-C2EC-4F90-AC06-F210CC8C282B}C:\users\tomasek\appdata\local\temp\rar$exa7332.49857\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa7332.49857\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [TCP Query User{1FE5E5A6-A532-45B0-AC4D-09851BB0041B}C:\users\tomasek\appdata\local\temp\rar$exa2024.49603\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa2024.49603\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [UDP Query User{F7BE151C-723C-42B3-9A69-746FAD7DADFA}C:\users\tomasek\appdata\local\temp\rar$exa2024.49603\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa2024.49603\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [TCP Query User{8BF4B984-E089-43BA-8345-8ACBA848EA1C}C:\users\tomasek\appdata\local\temp\rar$exa10848.28232\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10848.28232\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [UDP Query User{392CF501-8DBB-4DC6-89D2-E0D19140C5F8}C:\users\tomasek\appdata\local\temp\rar$exa10848.28232\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10848.28232\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [TCP Query User{70B090D1-52A7-46BA-A0A4-1D119B9E79C9}C:\users\tomasek\appdata\local\temp\rar$exa10848.36297\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10848.36297\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [UDP Query User{15146E8C-B331-4BC2-A4E4-B8920FF8070A}C:\users\tomasek\appdata\local\temp\rar$exa10848.36297\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10848.36297\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [TCP Query User{0CF5013D-287D-4A29-868E-4BEDF7F93D81}C:\users\tomasek\appdata\local\temp\rar$exa8296.13260\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa8296.13260\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [UDP Query User{AD76EA76-E999-4147-9D3D-C01B85BFF6CA}C:\users\tomasek\appdata\local\temp\rar$exa8296.13260\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa8296.13260\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [TCP Query User{8655B0CC-5D62-4806-9D38-284AD5F1700C}C:\users\tomasek\appdata\local\temp\rar$exa11028.22623\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa11028.22623\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [UDP Query User{9B7DE89C-F12F-454A-AA51-3F5CDC08A28A}C:\users\tomasek\appdata\local\temp\rar$exa11028.22623\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa11028.22623\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [TCP Query User{31F72760-6561-4F47-A754-B9FB58A305D3}C:\users\tomasek\appdata\local\temp\rar$exa3832.41731\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa3832.41731\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{9130FC91-5CB0-4365-9599-F69B3F852E17}C:\users\tomasek\appdata\local\temp\rar$exa3832.41731\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa3832.41731\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [TCP Query User{E1E11905-9D54-494D-8492-42F0855FDB6C}C:\users\tomasek\appdata\local\temp\rar$exa6640.16289\tube.tycoon\tube tycoon\tube tycoon.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa6640.16289\tube.tycoon\tube tycoon\tube tycoon.exe => No File
FirewallRules: [UDP Query User{A31E0D03-2B29-4DAE-B359-A419C7657F47}C:\users\tomasek\appdata\local\temp\rar$exa6640.16289\tube.tycoon\tube tycoon\tube tycoon.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa6640.16289\tube.tycoon\tube tycoon\tube tycoon.exe => No File
FirewallRules: [TCP Query User{33485E05-87C6-4A6E-9671-1812F08EFE73}C:\users\tomasek\appdata\local\temp\rar$exa13848.24458\tube.tycoon\tube tycoon\tube tycoon.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa13848.24458\tube.tycoon\tube tycoon\tube tycoon.exe => No File
FirewallRules: [UDP Query User{7F09273C-E4F5-4019-8238-A1B6C996A9F3}C:\users\tomasek\appdata\local\temp\rar$exa13848.24458\tube.tycoon\tube tycoon\tube tycoon.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa13848.24458\tube.tycoon\tube tycoon\tube tycoon.exe => No File
FirewallRules: [TCP Query User{67E6D092-2A62-4707-965A-6FC24AF63A5E}C:\users\tomasek\appdata\roaming\winhost\syswow.exe] => (Block) C:\users\tomasek\appdata\roaming\winhost\syswow.exe => No File
FirewallRules: [UDP Query User{471EA163-B559-48BB-80FB-23CB0A126F93}C:\users\tomasek\appdata\roaming\winhost\syswow.exe] => (Block) C:\users\tomasek\appdata\roaming\winhost\syswow.exe => No File
hklm\software\policies\microsoft\windows defender\real-time protection\\DisableBehaviorMonitoring
C:\Users\tomasek\Downloads\Zeus 0.2.32.zip

EmptyTemp:
Hosts:
End
Uložte do C:\Users\tomasek\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Bartis111
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 01 bře 2021 22:38

Re: Jen pro kontrolu

#5 Příspěvek od Bartis111 »

DObrý den,

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by tomasek (10-03-2021 21:54:24) Run:1
Running from C:\Users\tomasek\Downloads
Loaded Profiles: tomasek
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
C:\DumpStack.log.tmp
C:\Users\tomasek\AppData\Roaming\90e410a49ea95c18085aaf88ebbf8100.tmp
FirewallRules: [TCP Query User{D01E5202-509E-449D-B46E-02230A42FDFE}C:\users\tomasek\desktop\vape_v4.exe] => (Allow) C:\users\tomasek\desktop\vape_v4.exe => No File
FirewallRules: [UDP Query User{E8C7B50F-ECC1-4B0F-91AB-3B943A3D3B31}C:\users\tomasek\desktop\vape_v4.exe] => (Allow) C:\users\tomasek\desktop\vape_v4.exe => No File
FirewallRules: [{B3EFD028-05A8-4270-8C9F-7F05FE36783D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3480D73D-1BDE-4781-896D-F86596DE6301}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{19063CCD-6523-4C00-AC6C-83D3C5AC55B6}C:\users\tomasek\appdata\local\temp\rar$exa8120.8241\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa8120.8241\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{CD0C1FB0-D3D6-4CF1-A5E6-9CF25F7E5684}C:\users\tomasek\appdata\local\temp\rar$exa8120.8241\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa8120.8241\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [TCP Query User{9BB29097-528D-4864-863E-04120EDB5089}C:\users\tomasek\appdata\local\temp\rar$exa10320.13076\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10320.13076\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{D5D58E52-03CF-41CE-82BA-7F589EEA5456}C:\users\tomasek\appdata\local\temp\rar$exa10320.13076\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10320.13076\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [TCP Query User{20DC9595-43E7-4ACB-B8BA-4F598A518D88}C:\users\tomasek\appdata\local\temp\rar$exa1880.17018\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1880.17018\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{A93391CD-775C-4887-AC19-8BC2DD208AF9}C:\users\tomasek\appdata\local\temp\rar$exa1880.17018\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1880.17018\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [TCP Query User{D30A3658-A0F3-4AEE-BC7F-313D9964A75A}C:\users\tomasek\appdata\local\temp\rar$exa7332.49857\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa7332.49857\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{A20D869C-C2EC-4F90-AC06-F210CC8C282B}C:\users\tomasek\appdata\local\temp\rar$exa7332.49857\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa7332.49857\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [TCP Query User{1FE5E5A6-A532-45B0-AC4D-09851BB0041B}C:\users\tomasek\appdata\local\temp\rar$exa2024.49603\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa2024.49603\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [UDP Query User{F7BE151C-723C-42B3-9A69-746FAD7DADFA}C:\users\tomasek\appdata\local\temp\rar$exa2024.49603\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa2024.49603\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [TCP Query User{8BF4B984-E089-43BA-8345-8ACBA848EA1C}C:\users\tomasek\appdata\local\temp\rar$exa10848.28232\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10848.28232\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [UDP Query User{392CF501-8DBB-4DC6-89D2-E0D19140C5F8}C:\users\tomasek\appdata\local\temp\rar$exa10848.28232\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10848.28232\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [TCP Query User{70B090D1-52A7-46BA-A0A4-1D119B9E79C9}C:\users\tomasek\appdata\local\temp\rar$exa10848.36297\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10848.36297\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [UDP Query User{15146E8C-B331-4BC2-A4E4-B8920FF8070A}C:\users\tomasek\appdata\local\temp\rar$exa10848.36297\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa10848.36297\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [TCP Query User{0CF5013D-287D-4A29-868E-4BEDF7F93D81}C:\users\tomasek\appdata\local\temp\rar$exa8296.13260\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa8296.13260\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [UDP Query User{AD76EA76-E999-4147-9D3D-C01B85BFF6CA}C:\users\tomasek\appdata\local\temp\rar$exa8296.13260\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa8296.13260\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [TCP Query User{8655B0CC-5D62-4806-9D38-284AD5F1700C}C:\users\tomasek\appdata\local\temp\rar$exa11028.22623\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa11028.22623\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [UDP Query User{9B7DE89C-F12F-454A-AA51-3F5CDC08A28A}C:\users\tomasek\appdata\local\temp\rar$exa11028.22623\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa11028.22623\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe => No File
FirewallRules: [TCP Query User{31F72760-6561-4F47-A754-B9FB58A305D3}C:\users\tomasek\appdata\local\temp\rar$exa3832.41731\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa3832.41731\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{9130FC91-5CB0-4365-9599-F69B3F852E17}C:\users\tomasek\appdata\local\temp\rar$exa3832.41731\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa3832.41731\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe => No File
FirewallRules: [TCP Query User{E1E11905-9D54-494D-8492-42F0855FDB6C}C:\users\tomasek\appdata\local\temp\rar$exa6640.16289\tube.tycoon\tube tycoon\tube tycoon.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa6640.16289\tube.tycoon\tube tycoon\tube tycoon.exe => No File
FirewallRules: [UDP Query User{A31E0D03-2B29-4DAE-B359-A419C7657F47}C:\users\tomasek\appdata\local\temp\rar$exa6640.16289\tube.tycoon\tube tycoon\tube tycoon.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa6640.16289\tube.tycoon\tube tycoon\tube tycoon.exe => No File
FirewallRules: [TCP Query User{33485E05-87C6-4A6E-9671-1812F08EFE73}C:\users\tomasek\appdata\local\temp\rar$exa13848.24458\tube.tycoon\tube tycoon\tube tycoon.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa13848.24458\tube.tycoon\tube tycoon\tube tycoon.exe => No File
FirewallRules: [UDP Query User{7F09273C-E4F5-4019-8238-A1B6C996A9F3}C:\users\tomasek\appdata\local\temp\rar$exa13848.24458\tube.tycoon\tube tycoon\tube tycoon.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa13848.24458\tube.tycoon\tube tycoon\tube tycoon.exe => No File
FirewallRules: [TCP Query User{67E6D092-2A62-4707-965A-6FC24AF63A5E}C:\users\tomasek\appdata\roaming\winhost\syswow.exe] => (Block) C:\users\tomasek\appdata\roaming\winhost\syswow.exe => No File
FirewallRules: [UDP Query User{471EA163-B559-48BB-80FB-23CB0A126F93}C:\users\tomasek\appdata\roaming\winhost\syswow.exe] => (Block) C:\users\tomasek\appdata\roaming\winhost\syswow.exe => No File
hklm\software\policies\microsoft\windows defender\real-time protection\\DisableBehaviorMonitoring
C:\Users\tomasek\Downloads\Zeus 0.2.32.zip

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
C:\Users\tomasek\AppData\Roaming\90e410a49ea95c18085aaf88ebbf8100.tmp => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D01E5202-509E-449D-B46E-02230A42FDFE}C:\users\tomasek\desktop\vape_v4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E8C7B50F-ECC1-4B0F-91AB-3B943A3D3B31}C:\users\tomasek\desktop\vape_v4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3EFD028-05A8-4270-8C9F-7F05FE36783D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3480D73D-1BDE-4781-896D-F86596DE6301}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{19063CCD-6523-4C00-AC6C-83D3C5AC55B6}C:\users\tomasek\appdata\local\temp\rar$exa8120.8241\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CD0C1FB0-D3D6-4CF1-A5E6-9CF25F7E5684}C:\users\tomasek\appdata\local\temp\rar$exa8120.8241\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9BB29097-528D-4864-863E-04120EDB5089}C:\users\tomasek\appdata\local\temp\rar$exa10320.13076\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D5D58E52-03CF-41CE-82BA-7F589EEA5456}C:\users\tomasek\appdata\local\temp\rar$exa10320.13076\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{20DC9595-43E7-4ACB-B8BA-4F598A518D88}C:\users\tomasek\appdata\local\temp\rar$exa1880.17018\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A93391CD-775C-4887-AC19-8BC2DD208AF9}C:\users\tomasek\appdata\local\temp\rar$exa1880.17018\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D30A3658-A0F3-4AEE-BC7F-313D9964A75A}C:\users\tomasek\appdata\local\temp\rar$exa7332.49857\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A20D869C-C2EC-4F90-AC06-F210CC8C282B}C:\users\tomasek\appdata\local\temp\rar$exa7332.49857\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1FE5E5A6-A532-45B0-AC4D-09851BB0041B}C:\users\tomasek\appdata\local\temp\rar$exa2024.49603\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F7BE151C-723C-42B3-9A69-746FAD7DADFA}C:\users\tomasek\appdata\local\temp\rar$exa2024.49603\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8BF4B984-E089-43BA-8345-8ACBA848EA1C}C:\users\tomasek\appdata\local\temp\rar$exa10848.28232\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{392CF501-8DBB-4DC6-89D2-E0D19140C5F8}C:\users\tomasek\appdata\local\temp\rar$exa10848.28232\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{70B090D1-52A7-46BA-A0A4-1D119B9E79C9}C:\users\tomasek\appdata\local\temp\rar$exa10848.36297\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{15146E8C-B331-4BC2-A4E4-B8920FF8070A}C:\users\tomasek\appdata\local\temp\rar$exa10848.36297\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0CF5013D-287D-4A29-868E-4BEDF7F93D81}C:\users\tomasek\appdata\local\temp\rar$exa8296.13260\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AD76EA76-E999-4147-9D3D-C01B85BFF6CA}C:\users\tomasek\appdata\local\temp\rar$exa8296.13260\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8655B0CC-5D62-4806-9D38-284AD5F1700C}C:\users\tomasek\appdata\local\temp\rar$exa11028.22623\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9B7DE89C-F12F-454A-AA51-3F5CDC08A28A}C:\users\tomasek\appdata\local\temp\rar$exa11028.22623\people.playground.v1.13.1\people.playground.v1.13.1\win32\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{31F72760-6561-4F47-A754-B9FB58A305D3}C:\users\tomasek\appdata\local\temp\rar$exa3832.41731\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9130FC91-5CB0-4365-9599-F69B3F852E17}C:\users\tomasek\appdata\local\temp\rar$exa3832.41731\people.playground.v1.13.1\people.playground.v1.13.1\win64\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E1E11905-9D54-494D-8492-42F0855FDB6C}C:\users\tomasek\appdata\local\temp\rar$exa6640.16289\tube.tycoon\tube tycoon\tube tycoon.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A31E0D03-2B29-4DAE-B359-A419C7657F47}C:\users\tomasek\appdata\local\temp\rar$exa6640.16289\tube.tycoon\tube tycoon\tube tycoon.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{33485E05-87C6-4A6E-9671-1812F08EFE73}C:\users\tomasek\appdata\local\temp\rar$exa13848.24458\tube.tycoon\tube tycoon\tube tycoon.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7F09273C-E4F5-4019-8238-A1B6C996A9F3}C:\users\tomasek\appdata\local\temp\rar$exa13848.24458\tube.tycoon\tube tycoon\tube tycoon.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{67E6D092-2A62-4707-965A-6FC24AF63A5E}C:\users\tomasek\appdata\roaming\winhost\syswow.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{471EA163-B559-48BB-80FB-23CB0A126F93}C:\users\tomasek\appdata\roaming\winhost\syswow.exe" => removed successfully
hklm\software\policies\microsoft\windows defender\real-time protection\\DisableBehaviorMonitoring => Error: No automatic fix found for this entry.
"C:\Users\tomasek\Downloads\Zeus 0.2.32.zip" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28691133 B
Java, Flash, Steam htmlcache => 19928508 B
Windows/system/drivers => 178053073 B
Edge => 1584242 B
Chrome => 416274764 B
Firefox => 0 B
Opera => 11323321 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 16944 B
systemprofile32 => 17078 B
LocalService => 52628 B
NetworkService => 370424 B
tomasek => 1704644632 B

RecycleBin => 785173737 B
EmptyTemp: => 2.9 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-03-2021 21:56:22)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 21:56:22 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Jen pro kontrolu

#6 Příspěvek od Rudy »

Smazáno, log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Bartis111
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 01 bře 2021 22:38

Re: Jen pro kontrolu

#7 Příspěvek od Bartis111 »

Můžeme to prosím ještě projet zoeckem na vymazání prohlížečů? Možná už máte jiný nástroj. Vaše forum čtu často a vím že tam dítěti stále vyskakují reklamy a nevhodné upozornění. Prosím nemazat hesla


edit :
jestli už to nepřipravujete , šlo by přes ten zoek nějak uplně zakázat ty pitomé upozornění? Už se ptá skoro každá stránka na to jestli může posílat tyto .....


děkuji mockrát

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Jen pro kontrolu

#8 Příspěvek od Rudy »

OK. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Bartis111
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 01 bře 2021 22:38

Re: Jen pro kontrolu

#9 Příspěvek od Bartis111 »

Posílám logy, hned co jsem otevřel chrome po těchto akcích se mi zobrazilo viz příloha



Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by tomasek on 11.03.2021 at 21:54:49,34.
Microsoft Windows 10 Home 10.0.19041 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\tomasek\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11.03.2021 21:55:07 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\Epic Games deleted successfully
C:\PROGRA~3\CorelDRAW Graphics Suite X7 deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\ssh deleted successfully
C:\PROGRA~3\TBIView deleted successfully
C:\PROGRA~3\TranslateService deleted successfully
C:\Users\tomasek\AppData\Local\BlueStacksSetup deleted successfully
C:\Users\tomasek\AppData\Local\jjsploitv5-updater deleted successfully
C:\Users\tomasek\AppData\Local\RakaposhiPurviewopbInstall deleted successfully
C:\Users\tomasek\AppData\Local\SansevieriaFuturefszSolution deleted successfully
C:\Users\tomasek\AppData\Local\Vivox deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Packages deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17DF52E2-6A15-4543-96F6-ED7049C89EB3} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{339FCE79-B840-4F0F-9521-3E5E6CD50590} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3866DCC8-816B-4151-BE92-8E57B07DF2EA} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C92CDE4-0973-4586-B4A8-D45C213A9909} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E3B4F96-12B6-4C4B-A83E-E45F4FFF6517} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{404A628F-FF8C-4ADE-97F8-FC997EF50B2A} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D9D2132-16A7-4304-BF34-CCA233390266} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5066FC75-C8A1-4CC0-BD66-97A0EC640408} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DEF9675-8546-4152-A66F-399792C2C4B2} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E066FE5-52A8-4791-BA71-0BCAB99ADF9A} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70B14E47-4ECD-4DE6-AD38-DC62D5A0FCEC} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8852D43B-76CF-4D01-BFB7-CBA64A58FC15} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E03D5D9-9969-44EC-9F33-2BDAEB6DBDFC} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{904F8262-AD22-47AD-9CF2-3F3DC0F0D63E} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9195192B-3481-43AB-8828-582DC346883B} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9732BA3F-D4F8-4F2A-BE65-3C07FBEA19A2} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1815B42-C59E-4332-82A5-3FE5C2A2BEBA} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3D89359-24DE-4AA8-A746-3EEB48456303} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFC00D04-9F98-4FBF-9A96-94255A0402A7} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4C4FCC1-BDD1-4F33-94AE-C5B963235030} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C778B328-533F-43DA-ABD6-02B5DC1FCB4E} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED5BDB6B-CE16-4696-A134-73DB55AC3E3F} deleted successfully
HKEY_USERS\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB1720C7-801A-4B63-897D-AA4FEA51F07A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\VstPlugins deleted
C:\Users\tomasek\AppData\Roaming\.tlauncher deleted
C:\Users\tomasek\AppData\Roaming\discord deleted
C:\Users\tomasek\AppData\Roaming\HandBrake deleted
C:\Users\tomasek\AppData\Roaming\LGHUB deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\PROGRA~3\kaosdma.txt deleted
C:\PROGRA~3\lock.dat deleted
C:\PROGRA~3\rc.dat deleted
C:\PROGRA~3\ts.dat deleted
C:\PROGRA~3\simplitec deleted
C:\PROGRA~3\Wondershare Video Editor deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\tomasek\AppData\Local\Wondershare deleted
C:\Users\tomasek\AppData\Local\cache deleted
C:\Users\tomasek\AppData\Local\CrashRpt deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM22972.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM22C27.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM22C86.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM22CA6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM247BB.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM247BD.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM2BC63.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM2BC64.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM2BC74.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM2BC76.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM2BD1B.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM2BFD9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM2C3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM2CBD6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM2D63D.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM2D650.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM2D652.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM2D866.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\CM2D956.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tpm-2830-ae8-31e3ef.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b38-3b50-285bd9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f0-187c-1a3f12.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbc9fb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbca1c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbca2e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbca4f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbca61.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbca63.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbca84.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbca96.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbcac7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbcae8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbcb09.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbcb2a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbcb7b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbcb8c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbcb9e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbcbaf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbcbb1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbcbc3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1178-2700-dbcbf4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-94911.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-94922.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-94924.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-94926.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-94938.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-9493a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-9493c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-9493e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-94940.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-94952.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-94954.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-94956.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-94958.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-94969.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-9496b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-9496d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-9496f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-94981.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1214-1c6c-94983.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1d05.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1d26.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1d48.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1d69.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1d6b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1d6d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1d7e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1d80.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1d82.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1d84.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1d96.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1d98.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1d9a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1d9c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1dae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1db0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1db2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1db4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1224-ae4-2c1dc5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074e8c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074ebc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074ebe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074ed0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074ef1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074f03.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074f24.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074f26.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074f38.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074f49.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074f4b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074f4d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074f5f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074f61.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074f63.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074f65.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074f77.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074f79.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1284-1694-1074f7b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d33.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d35.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d46.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d48.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d4a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d4c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d4e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d60.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d62.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d64.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d66.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d68.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d7a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d7c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d7e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d80.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d82.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d93.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1318-1f74-1324d95.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a24ea.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a24ec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a24fd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a24ff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a2511.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a2513.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a2525.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a2546.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a2558.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a255a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a256b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a256d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a256f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a2571.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a2583.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a2585.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a2587.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a2589.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1360-2be8-16a258b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c02a2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c02b4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c02b6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c02b8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c02ba.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c02bc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c02cd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c02cf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c02d1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c02d3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c02e5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c02e7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c02e9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c02fb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c02fd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c02ff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c0301.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c0312.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a8-1930-7c0314.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689ddc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689ded.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689def.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689df1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689df3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689e63.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689e65.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689e67.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689e78.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689e7a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689e7c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689e8e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689e90.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689e92.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689e94.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689ea6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689ea8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689eaa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689eac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689eae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689ebf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689ec1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689ec3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689ec5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689ec7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689ed9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689edb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689edd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689edf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689ef1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689ef3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689ef5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689ef7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f08.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f0a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f0c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f0e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f20.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f22.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f24.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f35.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f37.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f39.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f3b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f3d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f4f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f51.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f53.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f55.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f57.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f59.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f6b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f6d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f6f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f71.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1494-1a34-689f73.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8d8e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8da0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8db1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8db3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8dd4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8de6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8df8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8dfa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8e0b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8e1d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8e1f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8e31.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8e42.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8e44.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8e56.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8e77.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8e89.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8e9a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1568-1e24-7f8eac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-96592.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-965a3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-965a5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-965b7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-965b9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-965bb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-965bd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-965ce.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-965d0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-965d2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-965d4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-965e6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-965e8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-965ea.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-965ec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-965fe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-96600.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-96602.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1574-15ac-96604.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-9369d8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-9369f9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936a0b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936a1d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936a2e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936a40.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936a51.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936a63.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936a75.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936a86.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936a98.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936aaa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936aac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936abd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936ade.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936af0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936b02.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936b13.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1850-1c7c-936b25.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1ae8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1af9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1b0b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1b1d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1b2e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1b40.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1b52.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1b63.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1b75.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1b77.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1b88.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1b9a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1bac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1bae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1bb0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1bc1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1bd3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1bd5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1974-1ab8-4f1be7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b38-3b50-285bb9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b38-3b50-285bbb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b38-3b50-285bbd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b38-3b50-285bbf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b38-3b50-285bc1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b38-3b50-285bd3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b38-3b50-285bd5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1b38-3b50-285bd7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ecda3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ecda5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ecdb6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ecdb8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ecdba.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ecdbc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ecdce.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ecdd0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ecdd2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ecdd4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ecde5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ecde7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ecde9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ecdeb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ecdfd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ecdff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ece01.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ece03.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1c28-1a4c-4ece15.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d276c9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d276db.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d276dd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d276ee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d27700.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d27711.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d27723.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d27744.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d27756.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d27777.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d27779.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d2778b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d2778d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d2779e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d277a0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d277b2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d277c4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d277d5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ca0-1b10-1d277e7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f383d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f384f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f3860.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f3882.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f3893.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f38a5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f38b6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f38b8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f38ca.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f38cc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f38de.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f38e0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f38f1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f3903.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f3905.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f3907.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f3928.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f393a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1dc0-44c-1f394b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bedf6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bee08.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bee0a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bee0c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1beee9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1beefa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1beefc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1beefe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef00.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef12.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef14.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef16.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef27.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef29.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef2b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef2d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef3f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef41.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef53.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef55.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef66.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef68.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef6a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef7c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef7e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bef90.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1befa1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1befa3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1befb5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1befb7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1befc8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1befca.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1befdc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1befde.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1befff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bf001.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bf051.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bf053.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bf065.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bf067.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bf069.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bf06b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bf07d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bf07f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bf081.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bf083.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bf085.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e3c-1138-1bf087.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac331.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac362.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac393.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac395.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac3c6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac3e7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac3f9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac41a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac42b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac44d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac45e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac480.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac491.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac4a3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac4b4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac4d6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac507.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac518.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1e88-2a54-9ac51a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94b53.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94b64.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94b66.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94b68.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94ba9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94bab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94bbd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94bbf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94bc1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94bd2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94bd4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94bd6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94bd8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94bda.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94bec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94bee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-94e42.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-95856.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1ea4-214-95a0d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5a71.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5a82.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5a84.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5a86.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5a88.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5a9a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5a9c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5a9e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5ab0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5ab2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5ac3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5ac5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5ad7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5ae8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5afa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5b1b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5b1d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5b1f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1edc-17fc-bf5b41.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-60746f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-607471.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-607483.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-607485.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-607487.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-607489.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-60749a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-60749c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-60749e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-6074a0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-6074b2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-6074b4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-6074b6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-6074b8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-6074ca.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-6074cc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-6074ce.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-6074d0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f08-2be0-6074e1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1cdf6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1cdf8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1ce09.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1ce0b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1ce0d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1ce1f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1ce21.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1ce23.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1ce34.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1ce46.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1ce58.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1ce79.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1ce8b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1cf0a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1cf89.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1cf9a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1cf9c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1cfae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f90-1930-e1cfbf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fd4-ee8-fd61e7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fd4-ee8-fd6209.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fd4-ee8-fd621a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fd4-ee8-fd621c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fd4-ee8-fd622e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fd4-ee8-fd6230.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fd4-ee8-fd6242.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fd4-ee8-fd6244.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-69101c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-69102d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-69103f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-691060.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-691081.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-6910a3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-6910a5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-6910c6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-6910d8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-6910f9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-69110a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-69110c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-69111e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-691120.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-691132.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-691143.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-691155.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-691157.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-204-1ed4-691169.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123f51.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123f53.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123f55.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123f66.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123f68.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123f6a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123f7c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123f7e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123f80.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123f82.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123f94.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123f96.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123f98.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123f9a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123fab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123fad.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123faf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123fc1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21cc-17e4-123fc3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d83f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d841.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d843.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d855.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d857.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d859.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d85b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d86c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d86e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d870.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d872.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d884.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d886.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d888.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d88a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d89b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d89d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d89f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-21e8-358c-10d8a1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d68fb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d690d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d690f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d6911.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d6913.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d6925.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d6927.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d6929.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d692b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d693c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d693e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d6940.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d6942.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d6954.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d6956.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d6958.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d695a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d696b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2204-1bd0-1d696d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a069.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a06b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a06d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a07f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a081.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a083.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a085.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a097.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a099.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a09b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a09d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a0ae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a0b0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a0b2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a0b4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a0b6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a0c8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a0da.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2270-32d4-106a0dc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-949bd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-949ce.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-949d0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-949d2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-949e4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-949e6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-949e8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-949f9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-949fb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-949fd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-949ff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-94a11.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-94a13.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-94a15.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-94a17.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-94a29.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-94a2b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-94a2d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-23a8-1b80-94a3e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dca1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dca3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dcc4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dcc6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dcc8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dcca.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dcdb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dcdd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dcdf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dce1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dcf3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dcf5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dcf7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dcf9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dd0b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dd0d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dd1e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dd30.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2774-3124-14dd32.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c14e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c160.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c1ee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c200.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c2dd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c2fe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c34e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c3cd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c3ee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c3f0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c411.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c413.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c435.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c437.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c458.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c479.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c49a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c4bc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-27c4-1cb0-9c4be.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e30e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e310.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e322.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e324.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e326.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e328.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e339.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e33b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e33d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e34f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e351.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e353.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e365.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e367.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e369.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e37a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e37c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e38e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e390.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e3a2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e3a4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e3a6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e3b7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e3b9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e3cb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e3cd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2830-ae8-31e3ee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403b2d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403b2f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403b40.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403b42.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403b44.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403b56.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403b58.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403b5a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403b6c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403b6e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403b70.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403b81.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403b93.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403b95.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403b97.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403ba8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403bba.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403beb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403bed.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2898-26f4-403bff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c17b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c18c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c18e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c190.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c192.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c1a4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c1a6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c1a8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c1aa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c1ac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c1be.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c1c0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c1c2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c1c4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c1d5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c1d7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c2a4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c391.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2980-22f0-187c3b2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-19302e3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-19302f5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-19302f7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-19302f9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-193030b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-193030d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-193030f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-1930311.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-1930313.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-1930324.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-1930326.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-1930328.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-193032a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-193033c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-193033e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-1930340.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-1930342.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-1930354.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a9c-3448-1930356.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-950d1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-950d3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-950d5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-950e7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-950e9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-950eb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-950fc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-950fe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-95100.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-95102.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-95114.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-95126.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-951a5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-95437.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-954d5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-95516.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-95595.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-956bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2cd8-1dc4-9579c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-8760cd7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-8760ce9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-8760cfa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-8760d1c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-8760d8b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-8760dac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-8760ded.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-8760e5c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-8760f87.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-8761035.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-8761056.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-8761133.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-8761319.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-876156d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-87617a1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-87617e2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-8761822.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-87618d0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2db0-760-8761940.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c7122.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c7124.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c7136.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c7138.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c713a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c713c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c714e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c717f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c7181.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c7192.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c7194.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c7196.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c7198.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c71aa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c71ac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c71ae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c71b0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c71d1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e74-2870-3c71e3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25b9d6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25b9d8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25b9e9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25b9eb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25b9ed.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25b9ef.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba01.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba03.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba05.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba17.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba19.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba1b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba2c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba2e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba30.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba42.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba44.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba46.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba58.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba5a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba5c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba5e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba6f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba71.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba83.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba85.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba87.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba89.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba9a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba9c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25ba9e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bab0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bab2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bac4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bac6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bac8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bb47.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bb49.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bb5a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bb5c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bb6e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bb70.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bb72.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bb74.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bb86.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bb88.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bb8a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bb8c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bb9d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bb9f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bba1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bba3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bbb5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bbb7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bbb9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bbbb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e88-1de4-25bbcc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b613.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b625.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b627.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b629.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b63a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b63c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b63e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b640.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b652.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b654.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b656.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b658.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b65a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b66b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b66d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b66f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b671.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b683.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f20-3128-9b695.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8aed.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8aef.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b01.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b03.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b05.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b07.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b19.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b1b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b1d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b1f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b21.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b32.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b34.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b36.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b38.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b4a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b4c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b4e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-31f8-3204-c8b50.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-13202fb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-132030c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-132031e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-132033f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-1320341.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-1320343.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-1320355.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-1320357.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-1320368.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-132037a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-132039b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-13203ad.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-13203ce.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-13203ef.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-1320401.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-1320413.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-1320424.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-1320436.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3204-2164-1320448.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-99fcc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-99fed.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-99fef.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-99ff1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-99ff3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-9a005.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-9a007.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-9a009.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-9a00b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-9a01c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-9a01e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-9a020.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-9a022.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-9a034.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-9a055.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-9a067.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-9a078.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-9a0a9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3260-1284-9a0ab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e87c7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e87d9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e87db.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e87ec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e87ee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e87f0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e87f2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e87f4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e8806.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e8808.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e880a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e880c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e881e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e882f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e8831.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e8833.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e8845.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e8847.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-331c-19d0-e8849.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29bec2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29bed4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29bed6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29bed8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29beda.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29beeb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29beed.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29beef.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29bef1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29bf03.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29bf05.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29bf07.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29bf09.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29bf1a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29bf1c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29bf1e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29bf20.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29bf32.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-35fc-3678-29bf34.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453c99.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453cca.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453cdc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453d5b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453d6d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453d7e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453d9f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453df0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453eec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453f0d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453f1e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453f4f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453f61.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453fc1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453fd2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453fe4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-453ff6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-454026.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3760-7bc-454028.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5fe9b4e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5fe9c98.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5fe9d46.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5fe9dc5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5fe9df6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5fe9e07.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5fea00d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5fea0bb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5fea1a7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5fea524.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5fea768.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5fea77a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5fea847.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5fea878.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5fea8a8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5fea8e9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5feab2d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5feab6e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-394-1d08-5feab9e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bc80.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bc91.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bc93.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bc95.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bca7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bca9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bcab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bcbc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bcbe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bcc0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bcd2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bcd4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bcd6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bcd8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bcea.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bcec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bcfd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bcff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd01.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd03.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd15.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd17.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd29.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd2b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd2d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd2f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd40.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd42.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd44.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd56.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd58.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd5a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd6b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd6d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd7f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bd81.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bdd1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bdd3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bdd5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bde7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bde9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bdeb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bdfc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7bdfe.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7be00.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7be02.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7be14.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7be16.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7be18.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7be1a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7be2c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7be2e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7be3f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7be51.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7be53.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7be55.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3ac0-3484-5c7be57.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684c7e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684c8f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684c91.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684c93.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684c95.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684c97.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684ca9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684cab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684cad.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684caf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684cb1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684cc2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684cc4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684cc6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684cc8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684cda.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684cdc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684cde.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3be4-20f0-684ce0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f0-187c-1a3d87.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3f0-187c-1a3f10.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717d85.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717da6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717db7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717dc9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717ddb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717dec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717dee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717e10.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717e21.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717e33.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717e44.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717e66.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717e77.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717e89.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717e9b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717eac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717eae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717eb0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-404-16b0-717ec2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e4678.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e468a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e468c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e468e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e4690.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e4692.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e4694.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e46a6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e46a8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e46aa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e46ac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e46bd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e46bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e46d1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e46d3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e46d5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e46d7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e46e8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-408-8d8-e46ea.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5cdec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5ce1d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5ce6d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5cead.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5cf4c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5cf7c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5cf8e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5cfa0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5cfd1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5cfe2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5cfe4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5cff6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5cff8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5d009.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5d01b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5d01d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5d01f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5d021.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-52c-1f64-b5d033.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a01e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a020.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a022.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a034.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a036.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a038.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a03a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a03c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a04d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a04f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a051.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a053.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a055.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a067.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a069.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a06b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a06d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a07f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-5e0-640-12a081.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e22c5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e22d7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e22d9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e22db.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e22ec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e22ee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e22f0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e22f2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e2304.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e2306.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e2308.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e230a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e231c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e231e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e2320.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e2322.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e2333.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e2335.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6b0-2434-8e2337.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc64b9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc64ea.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc64ec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc64fd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc64ff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc6521.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc6571.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc6573.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc6575.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc6586.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc6588.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc658a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc659c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc65ae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc65bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc65c1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc65c3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc65d5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-6fc-2b24-fc65d7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8bdff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be11.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be13.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be15.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be17.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be28.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be2a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be2c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be3e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be40.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be42.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be44.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be56.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be58.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be5a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be5c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be6d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be6f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-7e8-2a88-b8be71.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-716039.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-71604a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-71604c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-71604e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-716050.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-716062.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-716064.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-716066.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-716068.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-71606a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-71607b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-71608d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-71608f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-716091.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-716093.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-7160a5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-7160a7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-7160a9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-84c-20d0-7160ab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e179.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e17b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e17d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e18e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e190.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e192.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e1a4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e1a6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e1a8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e1aa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e1bc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e1be.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e1c0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e1d1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e1d3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e1d5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e1d7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e1e9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-9dc-1578-4b3e1eb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-23473d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-23473f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-234741.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-234753.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-234755.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-234757.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-234778.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-2347a9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-2347ab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-2347cc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-2347ee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-23480f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-234821.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-234861.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-234882.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-234884.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-2348a6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-2348b7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-a54-39fc-2348c9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-9689f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968a1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968a3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968b4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968b6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968b8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968ba.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968bc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968ce.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968d0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968d2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968d4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968e6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968e8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968ea.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968ec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968fd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-968ff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-adc-13f8-96901.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d7532.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d7544.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d7565.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d7577.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d7589.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d759a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d75ac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d75ae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d75bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d75d1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d75d3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d75d5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d75e7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d7608.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d761a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d762b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d764c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d764e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ba4-2d2c-2d7650.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e099.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e09b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e09d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e09f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e0a1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e0a3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e0a5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e0b7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e0b9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e0bb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e0bd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e0bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e0c1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e0d3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e0d5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e0d7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e0d9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e0db.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ce8-1040-e0dd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e528e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e5290.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e5292.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e52a4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e52a6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e52a8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e52aa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e52bb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e52bd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e52bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e52c1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e52c3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e52d5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e52d7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e52d9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e52db.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e52ed.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e52ef.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-de4-1924-e52f1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d14b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d15d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d15f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d161.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d163.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d174.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d176.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d178.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d18a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d18c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d18e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d190.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d1a2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d1a4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d1a6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d1a8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d1b9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d1bb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-ff4-32f0-13d1bd.tmp deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\tomasek\lively_setup_x86_full_v1180.exe deleted
"C:\DumpStack.log.tmp" not deleted
"C:\Users\tomasek\AppData\Roaming\WinHost\.msdat" deleted
"C:\Users\tomasek\AppData\Roaming\mpv" deleted
"C:\Users\tomasek\AppData\Roaming\Bazertu" deleted
"C:\Users\tomasek\AppData\Roaming\WinHost" deleted

==== Fake Chromium Profiles Check ======================

Fake profile C:\Windows\SysNative\config\systemprofile\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - No path found[]
gnplhahbcoldbildffdchneaepapccbn - No path found[]

Search Manager - tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnplhahbcoldbildffdchneaepapccbn
Grammarly for Chrome - tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
Swift Select - tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\molponhobmbbinjnghgafbfampcgamln
Chrome Media Router - tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Outlook - tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb
Microsoft Protect - tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch
Word - tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi
Excel - tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm
Multi Find - tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mkofacajmfbednlblgglmpbidklocddm
PowerPoint - tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf

==== Chromium Startpages ======================

C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
G0mw9fLjyH+2Il0QqktsNXzkNiE1ogW4l0h4+PJc262j0vtm4hBzMvR0QScFWcAIcAErlUiWTt4jefXCAYqubV99ed5MvVMWBxe97wOa9hYwAhbCminOepA4RRTg9eyi0TiuHpq/bNI8C5qZgKIQNBAjgiFBaIx9hiMBFlK4NHUbFdgY6Qp/hSCMNurctwz1jpsXEnT4eHg1YWXfquoH8s4swIjkFCMBF6Ejc3cUkQIDAQAB","manifest_version":2,"name":"WebRTC Internals Extension","permissions":["webrtcInternalsPrivate"],"version":"2.0.1"},"path":"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\87.0.664.66\\resources\\webrtc_internals","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"nkeimhogjdpnpccoofpliimaahmaaome":{"active_permissions":{"api":["desktopCapture","processes","webrtcAudioPrivate","webrtcDesktopCapturePrivate","webrtcLoggingPrivate","system.cpu","enterprise.hardwarePlatform"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13259508507231904","location":5,"manifest":{"background":{"page":"background.html","persistent":false},"externally_connectable":{"matches":["https://*.google.com/*","https://*.microsoft.com/*","https://*.skype.com/*"]},"incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAQt2ZDdPfoSe/JI6ID5bgLHRCnCu9T36aYczmhw/tnv6QZB2I6WnOCMZXJZlRdqWc7w9jo4BWhYS50Vb4weMfh/I0On7VcRwJUgfAxW2cHB+EkmtI1v4v/OU24OqIa1Nmv9uRVeX0GjhQukdLNhAE6ACWooaf5kqKlCeK+1GOkQIDAQAB","manifest_version":2,"name":"Google Hangouts","permissions":["desktopCapture","enterprise.hardwarePlatform","processes","system.cpu","webrtcAudioPrivate","webrtcDesktopCapturePrivate","webrtcLoggingPrivate"],"version":"1.3.16"},"path":"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\89.0.774.45\\resources\\hangout_services","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"opfacbhaojodjaojgocnibmklknchehf":{"active_bit":false,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":17,"events":[],"from_bookmark":true,"from_webstore":false,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13253536271784372","location":1,"manifest":{"app":{"display_mode":"browser","launch":{"web_url":"https://powerpoint.office.com/"},"linke ... artup_urls":[]}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal will be reset at reboot
C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully
C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tomasek\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\tomasek\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\tomasek\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot
C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=7146 folders=1941 3689160658 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\tomasek\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\DumpStack.log.tmp" not deleted
"C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Web Data" not found
"C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal" not found
"C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted
"C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted
"C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted
"C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted
"C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted

==== EOF on 11.03.2021 at 22:09:01,81 ======================



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by tomasek (Administrator) on 11.03.2021 at 21:59:01,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\ProgramData\mntemp (File)



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.03.2021 at 22:00:20,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Přílohy
Bez názvu.jpg
Bez názvu.jpg (15.95 KiB) Zobrazeno 1377 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Jen pro kontrolu

#10 Příspěvek od Rudy »

Bylo vyčištěno. Search manager si můžete buď ponechat (je neškodný), nebo zakázat. Je to na vás. Osobně nicpodobného nepoužívá.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Bartis111
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 01 bře 2021 22:38

Re: Jen pro kontrolu

#11 Příspěvek od Bartis111 »

Děkuji mockrát , jestli to je vše můžete
lock :)

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Jen pro kontrolu

#12 Příspěvek od Rudy »

Za mne vše, nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno