Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Vodafone mi oznámilo, že jsem v botnetu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
SGC
Návštěvník
Návštěvník
Příspěvky: 369
Registrován: 15 dub 2008 13:09

Re: Vodafone mi oznámilo, že jsem v botnetu

#16 Příspěvek od SGC »

AdwCleaner log

Zatím jsem dal nalezené věci do karantény, abych náhodou nesmazal něco, co bych neměl.

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-28.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-06-2021
# Duration: 00:00:37
# OS: Windows 10 Home
# Cleaned: 176
# Failed: 0


***** [ Services ] *****

Deleted MsgPlusService
Deleted YahooAUService

***** [ Folders ] *****

Deleted C:\Program Files\Common Files\Speedbit
Deleted C:\Program Files\Yahoo!\Companion
Deleted C:\Program Files\messenger plus! for skype
Deleted C:\Program Files\mipony
Deleted C:\Program Files\yuna software
Deleted C:\ProgramData\AdTrustMedia
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mipony
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\messenger plus! for skype
Deleted C:\ProgramData\Speedbit
Deleted C:\ProgramData\Yahoo! Companion
Deleted C:\ProgramData\messenger plus! for skype
Deleted C:\Users\Comp\AppData\LocalLow\HPAppData
Deleted C:\Users\Comp\AppData\LocalLow\Yahoo! Companion
Deleted C:\Users\Comp\AppData\LocalLow\Yahoo!\Companion
Deleted C:\Users\Comp\AppData\Local\AdTrustMedia
Deleted C:\Users\Comp\AppData\Local\slimware utilities inc
Deleted C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mipony
Deleted C:\Users\Comp\AppData\Roaming\Yahoo!\Companion
Deleted C:\Users\Comp\AppData\Roaming\mipony
Deleted C:\Users\Karlíček\AppData\LocalLow\Application Updater
Deleted C:\Users\Karlíček\AppData\LocalLow\HPAppData
Deleted C:\Users\Karlíček\AppData\LocalLow\Yahoo! Companion
Deleted C:\Users\Karlíček\AppData\LocalLow\Yahoo!\Companion
Deleted C:\Users\Karlíček\AppData\Local\Media Get LLC
Deleted C:\Users\Karlíček\AppData\Local\MediaGet2
Deleted C:\Users\Karlíček\AppData\Local\slimware utilities inc
Deleted C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2
Deleted C:\Users\Karlíček\AppData\Roaming\Yahoo!\Companion
Deleted C:\Users\Karlíček\AppData\Roaming\mipony
Deleted C:\Users\Karlíček\Documents\messenger plus! for skype
Deleted C:\Users\Maminka\AppData\LocalLow\HPAppData
Deleted C:\Users\Maminka\AppData\LocalLow\Yahoo! Companion
Deleted C:\Users\Maminka\AppData\LocalLow\Yahoo!\Companion
Deleted C:\Users\Maminka\AppData\Local\AdTrustMedia
Deleted C:\Users\Maminka\AppData\Roaming\Yahoo!\Companion
Deleted C:\Users\Návštěvník\AppData\LocalLow\HPAppData
Deleted C:\Users\Návštěvník\AppData\Local\AdTrustMedia

***** [ Files ] *****

Deleted C:\Users\Comp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
Deleted C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
Deleted C:\Users\Karlíček\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
Deleted C:\Users\Karlíček\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\MiPony.lnk
Deleted C:\Users\Maminka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
Deleted C:\Users\Návštěvník\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\APN PIP
Deleted HKCU\Software\AppDataLow\Software\Conduit
Deleted HKCU\Software\AppDataLow\Software\Smartbar
Deleted HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted HKCU\Software\AppDataLow\Toolbar
Deleted HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Deleted HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17}
Deleted HKCU\Software\YahooPartnerToolbar
Deleted HKCU\Software\Yahoo\Companion
Deleted HKCU\Software\Yahoo\YFriendsBar
Deleted HKCU\Software\dt soft\daemon tools toolbar
Deleted HKCU\Software\yuna software
Deleted HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\yt.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MiPony.exe
Deleted HKLM\Software\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
Deleted HKLM\Software\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
Deleted HKLM\Software\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
Deleted HKLM\Software\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
Deleted HKLM\Software\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
Deleted HKLM\Software\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
Deleted HKLM\Software\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
Deleted HKLM\Software\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Deleted HKLM\Software\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
Deleted HKLM\Software\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
Deleted HKLM\Software\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
Deleted HKLM\Software\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
Deleted HKLM\Software\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
Deleted HKLM\Software\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Deleted HKLM\Software\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
Deleted HKLM\Software\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
Deleted HKLM\Software\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}
Deleted HKLM\Software\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
Deleted HKLM\Software\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Deleted HKLM\Software\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
Deleted HKLM\Software\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}
Deleted HKLM\Software\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Deleted HKLM\Software\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}
Deleted HKLM\Software\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
Deleted HKLM\Software\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Deleted HKLM\Software\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
Deleted HKLM\Software\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
Deleted HKLM\Software\Classes\CLSID\{F5CC67F7-F6BA-44E3-98EC-EA17D17E6479}
Deleted HKLM\Software\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Deleted HKLM\Software\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Deleted HKLM\Software\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Deleted HKLM\Software\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Deleted HKLM\Software\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Deleted HKLM\Software\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Deleted HKLM\Software\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Deleted HKLM\Software\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Deleted HKLM\Software\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Deleted HKLM\Software\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted HKLM\Software\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Deleted HKLM\Software\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Deleted HKLM\Software\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Deleted HKLM\Software\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
Deleted HKLM\Software\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
Deleted HKLM\Software\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Deleted HKLM\Software\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Deleted HKLM\Software\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Deleted HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Deleted HKLM\Software\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Deleted HKLM\Software\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Deleted HKLM\Software\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Deleted HKLM\Software\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Deleted HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Deleted HKLM\Software\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Deleted HKLM\Software\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
Deleted HKLM\Software\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Deleted HKLM\Software\Classes\Prod.cap
Deleted HKLM\Software\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
Deleted HKLM\Software\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
Deleted HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Deleted HKLM\Software\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
Deleted HKLM\Software\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
Deleted HKLM\Software\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Deleted HKLM\Software\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
Deleted HKLM\Software\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted HKLM\Software\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
Deleted HKLM\Software\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
Deleted HKLM\Software\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
Deleted HKLM\Software\Classes\Yahoo.AntiSpyPlugin
Deleted HKLM\Software\Classes\Yahoo.PopupBlockerPlugin
Deleted HKLM\Software\Classes\mipony
Deleted HKLM\Software\Classes\mpybrowser
Deleted HKLM\Software\Classes\yt.CacheLoader
Deleted HKLM\Software\Classes\yt.Clickstream
Deleted HKLM\Software\Classes\yt.YTHelper
Deleted HKLM\Software\Classes\yt.YToolbarBand
Deleted HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\services\YahooAUService
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\services\msgplusservice
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Plus! for Skype
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MiPony
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Toolbar
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Deleted HKLM\Software\PIP
Deleted HKLM\Software\Yahoo\Companion
Deleted HKLM\Software\yuna software
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
Deleted HKLM\System\Setup\FirstBoot\Services\YahooAUService
Deleted HKLM\System\Setup\FirstBoot\Services\msgplusservice
Deleted HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Software\AdTrustMedia
Deleted HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Software\AppDataLow\AskToolbarInfo
Deleted HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Software\AppDataLow\Software\Conduit
Deleted HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Software\AppDataLow\Software\Yahoo\Companion
Deleted HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Deleted HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Deleted HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Software\SpeedBit
Deleted HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Software\Yahoo\Companion
Deleted HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Software\yuna software

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [18135 octets] - [06/05/2021 11:29:34]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Vodafone mi oznámilo, že jsem v botnetu

#17 Příspěvek od Rudy »

To ke v pořádku, přesun do karantény postačí. Teď dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

SGC
Návštěvník
Návštěvník
Příspěvky: 369
Registrován: 15 dub 2008 13:09

Re: Vodafone mi oznámilo, že jsem v botnetu

#18 Příspěvek od SGC »

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-04-2021
Ran by Comp (administrator) on MAIN-HOME-PC (MICRO-STAR INTERNATIONAL CO.,LTD MS-7529) (06-05-2021 14:29:36)
Running from C:\Users\Maminka\Desktop
Loaded Profiles: Maminka & Comp
Platform: Microsoft Windows 10 Home Version 20H2 19042.928 (X86) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Lespeed Technology Ltd. -> WiseCleaner.COM) [File not signed] C:\Program Files\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.9-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <9>
(Opera Software AS -> Opera Software) C:\Users\Maminka\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(voidtools -> voidtools) C:\Program Files\Everything\Everything.exe <2>
0 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x86__8wekyb3d8bbwe\Cortana.exe
0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21022.215.0_x86__8wekyb3d8bbwe\YourPhone.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6707744 2008-12-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-12-26] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Incorporation)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft, Inc. -> ArcSoft Inc.)
HKLM\...\Run: [AMP WinOFF] => c:\program files\amp winoff\winoff_admin.exe [120320 2016-11-04] (Alberto Martínez Pérez) [File not signed]
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [4511712 2019-06-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1710880 2019-02-04] (voidtools -> voidtools)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [2665624 2019-02-05] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\Run: [Avast Browser] => C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserUpdateCore.exe
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\Run: [Opera Browser Assistant] => C:\Users\Maminka\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-438729375-2292271272-1643045957-1006\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-438729375-2292271272-1643045957-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\Run: [IPLA!] => C:\Program Files\ipla\ipla.exe [18603096 2020-02-28] (Cyfrowy Polsat S.A. -> Cyfrowy Polsat S.A.)
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\Run: [Windows Shutdown Assistant] => C:\Program Files\Apowersoft\Windows Shutdown Assistant\Windows Shutdown Assistant.exe [2566992 2016-11-26] (APOWERSOFT LIMITED -> Apowersoft)
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\Software\Policies\...\system: [disablecmd] 0
HKU\S-1-5-21-438729375-2292271272-1643045957-1011\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-438729375-2292271272-1643045957-1011\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\Windows NT x86\Print Processors\hpzppwn7: C:\Windows\System32\spool\prtprocs\W32X86\hpzppWN7.dll [90624 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\LIDIL hpzllwn7: C:\WINDOWS\system32\hpzllwn7.dll [37888 2009-07-14] (Microsoft Windows -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PDFCreator: C:\WINDOWS\system32\pdfcmnnt.dll [116224 2001-10-28] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-05-04] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
AppInit_DLLs: C:\Windows\System32\guard32.dll => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WiseAutoShutdown.exe – zástupce.lnk [2016-08-11]
ShortcutTarget: WiseAutoShutdown.exe – zástupce.lnk -> C:\Program Files\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe (Lespeed Technology Ltd. -> WiseCleaner.COM) [File not signed]
Startup: C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2015-08-16]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) [File not signed]
Startup: C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2011-01-17]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () [File not signed]
Startup: C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011-08-13] ()
Startup: C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled [2011-08-24] ()
Startup: C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2011-07-14]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () [File not signed]
Startup: C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ReIcon.lnk [2019-06-20]
ShortcutTarget: ReIcon.lnk -> C:\ProgramData\ReIcon\ReIcon.exe (Sordum Software -> www.sordum.org) [File not signed]
Startup: C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WiseAutoShutdown.exe – zástupce.lnk [2016-07-22]
ShortcutTarget: WiseAutoShutdown.exe – zástupce.lnk -> C:\Program Files\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe (Lespeed Technology Ltd. -> WiseCleaner.COM) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-438729375-2292271272-1643045957-1006\User: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {015242DB-2F89-4EBD-8FDF-6BD803962AF1} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {01A02A3B-F5CF-4060-B603-9DB9E97726E0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {05D5BDAC-A502-41DC-843B-CF7DC12519A9} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0B6A283E-9D3C-43D2-A858-C23455E817E0} - \User_Feed_Synchronization-{F6CE3E0C-74CC-46CF-8C45-DE2FE86C5794} -> No File <==== ATTENTION
Task: {0C078A32-ACEF-4254-8C09-403C0DCD927D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0DF62F0D-CB25-452A-90B1-3BE4AB6632E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {10D35043-6050-486C-A622-F3A0BE2354CA} - System32\Tasks\GoogleUpdateTaskMachineCore1d5ff07347049de => C:\Program Files\Google\Update\GoogleUpdate.exe [154440 2016-07-12] (Google Inc -> Google Inc.)
Task: {18934300-EBAE-442F-89D4-A7FCE2F9D735} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {18DFFA26-3033-4BF3-B01B-DECC20D7966B} - System32\Tasks\SafeZone scheduled Autoupdate 1495997204 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {195E46F2-1FFD-4E38-948F-8A8D4E3421E9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003Core => C:\Users\Karlíček\AppData\Local\Facebook\Update\FacebookUpdate.exe [137536 2011-08-04] (Facebook, Inc. -> Facebook Inc.)
Task: {19AC77B2-FB2A-4F4B-9CA6-3A4AAA3B9780} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [282800 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {1E78C6BE-B0EA-4925-9497-3661BCC27FF6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {1ED0DF46-3514-4EEA-A0BE-17E8565693AC} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {249109C3-27C3-47D5-AFAD-0B86AE985523} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {260B3ED2-B82A-4142-9270-8CE3627D4AB2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003UA => C:\Users\Karlíček\AppData\Local\Facebook\Update\FacebookUpdate.exe [137536 2011-08-04] (Facebook, Inc. -> Facebook Inc.)
Task: {2B1FE9CB-695A-48F5-B056-E20CCCB31480} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {33D3B1F4-CABC-4E39-8515-8DA45E152008} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.9-0\MpCmdRun.exe [502456 2021-05-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {34A72D6B-A250-45E7-82E1-163F152D961A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [179584 2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {3551C8B2-42C6-49A4-8270-16C427C30739} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-08] (Adobe Inc. -> Adobe)
Task: {367F930A-A3DB-4112-B1F1-50E92A171C88} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {3849242C-32A4-4BF6-8920-21C7ABCBA81F} - System32\Tasks\{54EC03B7-AFE8-4202-8DEC-647233106BC8} => C:\Windows\system32\pcalua.exe -a D:\Network\Realtek\giga\setup.exe -d D:\Network\Realtek\giga
Task: {3B6A652E-170D-4CD8-A005-E46BB90382A3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.9-0\MpCmdRun.exe [502456 2021-05-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {495E5763-59D0-4345-888C-EAAFA8890868} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4C0FACD6-1E96-4695-8494-43AAC947D2C7} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-438729375-2292271272-1643045957-1003 => C:\Users\Comp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {506791CB-50F0-41D5-B3F0-F5E446708C23} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {5537E4DE-8C56-469D-B3D5-243FE98B1047} - System32\Tasks\hibernace => C:\Windows\System32\shutdown.exe [23552 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {5644836C-B191-496E-A5FE-8FDEFBF417CC} - System32\Tasks\{E15BCA64-7FA9-4477-9AE5-4312FB16ECCD} => C:\Users\Karlíček\Documents\My Completed Downloads\Portable Programs\IM's\PidginPortable\PidginPortable.exe
Task: {5813F2CC-E3A9-4FCE-9F9A-70A2A874820F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D48026B-AF3D-44A9-BCA1-C97321C3932A} - System32\Tasks\GoogleUpdateTaskMachineUA1d5ff0734b56ec5 => C:\Program Files\Google\Update\GoogleUpdate.exe [154440 2016-07-12] (Google Inc -> Google Inc.)
Task: {5E958D49-305D-4448-8EB5-D9D864B7E79B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5F4F897B-B0CE-4828-9090-F5B5D196E166} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {62981A1A-B20F-44BB-AB42-82FBEB428CBE} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {63964FE2-D964-4AA3-8EA9-7F398B160F82} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6550E7AA-9883-4D45-ACCC-98B774C0BA8A} - System32\Tasks\Wise Auto Shutdown Task.job => C:\Program Files\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe [2105872 2017-04-13] (Lespeed Technology Ltd. -> WiseCleaner.COM) [File not signed]
Task: {6AC715AE-BEBD-46F7-BBB9-B935C4BB5B82} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6D4ACAAF-9FC4-4BA4-A882-17A2E351F847} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.9-0\MpCmdRun.exe [502456 2021-05-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6E24FBDE-F099-4764-A196-DA75F21850AF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6F48DD67-5E4E-426C-8356-59D1E94CACA9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {73ED9B17-01AC-4003-B5A8-C311469EA34E} - System32\Tasks\{CAC467AD-BA1D-49B2-8A8D-1B352D6EADCE} => "c:\program files\mozilla firefox\firefox.exe" https://www.skype.com/go/downloading?so ... rror=12040
Task: {751FF52F-9341-401F-AB6E-38615B80DDED} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7CA8241D-FFA2-4917-BABC-A3E152FA47BD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7E30EFDB-2AF0-4FFD-981B-B5D652F930E7} - System32\Tasks\Opera scheduled Autoupdate 1375252152 => C:\Users\Maminka\AppData\Local\Programs\Opera\launcher.exe [1596568 2021-04-26] (Opera Software AS -> Opera Software)
Task: {80B5D156-FB47-491B-87B2-4CF63E5FB411} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8645CF15-736A-481C-872F-3DB682F6E636} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {883C1EF1-F845-4B48-BA9B-6F312BB8ACDD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {89AF9E6D-02B9-48DF-9409-502D36DA7A7A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {8C01AA03-E6FB-489F-AA99-A642331A0F83} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8E40374D-17C7-4BC1-B2DE-7EFC96B336BF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {935DE609-F220-40F3-8CBD-E9B44720B742} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A7948FFA-2DA2-4F40-86B8-558E381DBF21} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A79B4017-AD29-4A3E-A50D-ACD33CA96227} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A7C54477-069E-43CD-A580-DF067FA4D12D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003Core => C:\Users\Karlíček\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-07-29] (Google Inc -> Google Inc.)
Task: {AA88399F-D4AF-4D5C-8D13-11A24193D9BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [154440 2016-07-12] (Google Inc -> Google Inc.)
Task: {AC7EA363-4AF6-42EE-82AC-0C74AB25E008} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AD2FD4C0-D899-4026-8572-12B16F86723D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {AE5FBBF7-B757-4CCB-9F1B-A696BC58B586} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Comp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {AFAE27B5-5A37-4AA1-ADFD-49FDCC68652A} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-438729375-2292271272-1643045957-1004 => C:\Users\Comp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {B8988841-0F94-424D-9FB3-667961196B58} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B8E8B954-C42C-4542-A57A-1466504BFF28} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.9-0\MpCmdRun.exe [502456 2021-05-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BD16A4EE-F9EC-44A3-BFAC-C4028FCAB40A} - System32\Tasks\{0EEC141E-753D-47FF-90FD-89DBD7AF9C16} => "c:\program files\mozilla firefox\firefox.exe" https://www.skype.com/go/downloading?so ... rror=12040
Task: {BFF70B1C-6A24-4ABF-AF73-190FADA754F2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {C04D2E67-E8A3-42F0-9DD5-A2EBE4EA8240} - System32\Tasks\WiseCleaner\WASSkipUAC => C:\Program Files\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe [2105872 2017-04-13] (Lespeed Technology Ltd. -> WiseCleaner.COM) [File not signed]
Task: {C3B2E8E9-2725-4CDE-934A-43BAF780D90F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C5599F6A-4F0D-483F-986A-00D82EF60110} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C5925743-D8D2-4BAD-B946-4F5280409621} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [282800 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {C86B9A99-54EF-49CB-9CE2-593C72C1D26F} - System32\Tasks\{BAB4145C-E88F-4A66-819C-2BE60CDC7AD3} => "c:\program files\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/5.1.0.112.259/ ... adedefault
Task: {CA43540F-9B84-4677-BD6C-A0A84FD54F4C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CC1EE004-12D3-4192-A6FF-4EF178F5FF36} - System32\Tasks\{ACE7A557-8088-40F3-914A-358B1A8996BE} => C:\Program Files\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Software Sarl -> Skype Technologies S.A.)
Task: {CF743BEF-1921-49AB-98D5-C3390F6DC961} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {D001CFFF-1324-4A99-AA4A-1D853F3FCF9A} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [642544 2021-04-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {D06E5AFB-13BA-4766-92D3-B31850A7D85A} - System32\Tasks\{DD90D3CF-2969-4A94-800E-8C9D9455F1A2} => "c:\program files\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/5.1.0.112.259/ ... adyoffered
Task: {D7969268-B43F-4B73-8054-98E4F89030EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003UA => C:\Users\Karlíček\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-07-29] (Google Inc -> Google Inc.)
Task: {D88FC983-0258-4DD7-97CA-47BDF27A81E2} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DA891CFC-6C6E-4350-A6A9-23373A95F72F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1051864 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E23E02EB-5F77-441D-A7C3-DA6412071E8F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E28D5973-CFB8-4EC9-AB5B-DA444FF12971} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player NPAPI Notifier" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player PPAPI Notifier" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore1d5ff07347049de" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA1d5ff0734b56ec5" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d72c01217d5f68" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task v2" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-438729375-2292271272-1643045957-1003" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-438729375-2292271272-1643045957-1004" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\Opera scheduled assistant Autoupdate 1581104545" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1375252152" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\PostponeDeviceSetupToast_S-1-5-21-438729375-2292271272-1643045957-1004_0" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{F7262D93-127A-4F3F-92C3-929FCF75FC8B}" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\Wise Auto Shutdown Task" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\Wise Auto Shutdown Task.job" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(20): schtasks.exe -> /Change /TN "\{0EEC141E-753D-47FF-90FD-89DBD7AF9C16}" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(21): schtasks.exe -> /Change /TN "\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(22): schtasks.exe -> /Change /TN "\{44133E25-8CA6-44B6-B401-C336A0E15969}" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(23): schtasks.exe -> /Change /TN "\{ACE7A557-8088-40F3-914A-358B1A8996BE}" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(24): schtasks.exe -> /Change /TN "\{CAC467AD-BA1D-49B2-8A8D-1B352D6EADCE}" /ENABLE
Task: {E54921C2-D731-48AA-A72B-FFA53F491A76} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(25): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {E6CCF2EB-A756-47AB-9A8D-CDD8BFF501C5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E79B2998-8F63-451A-A56D-26EDC0A5098A} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {ED61A1AC-76F0-4B3C-9370-154671EBD304} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {EF77B54C-DF4B-48F8-92D4-7ACE9B153E41} - System32\Tasks\Opera scheduled assistant Autoupdate 1581104545 => C:\Users\Maminka\AppData\Local\Programs\Opera\launcher.exe [1596568 2021-04-26] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Maminka\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {F0526EEA-83C5-43E9-9690-4F11B141E044} - System32\Tasks\{44133E25-8CA6-44B6-B401-C336A0E15969} => "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.22.0.109/cs/ ... rogressBar
Task: {F0E52D99-A829-4587-8E6B-D2CA78493BCB} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {F2069893-8E7D-44C5-81FC-2924A3B04DCB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [154440 2016-07-12] (Google Inc -> Google Inc.)
Task: {F234F8D5-661F-4AF6-9ED2-815A17E68BB1} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F3D19692-0FB0-410D-BD9C-7A2044FEB8FD} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {F560D2F4-E214-459A-A698-DCB19E07FE7B} - System32\Tasks\Wise Auto Shutdown Task => C:\Program Files\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe [2105872 2017-04-13] (Lespeed Technology Ltd. -> WiseCleaner.COM) [File not signed]
Task: {F75ABFF9-C1C0-4426-97EA-72DE2D60DFCA} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe
Task: {FADFDA32-09F5-4390-BE58-20FC563B4C65} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe
Task: {FB0D1C66-59FD-4653-92C3-253D5F56C008} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FD98795F-7464-4D8B-B206-ED9C90C93F6C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FD9C5D81-FFD1-4958-B2B6-D5EFCEDB7A2A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {FF387E74-DC30-4AD1-BE15-ACD9A5DDB5B4} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Wise Auto Shutdown Task.job => C:\Program Files\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.38 213.46.172.39
Tcpip\..\Interfaces\{8175a705-23af-461d-b23d-c7c59cd11b6f}: [DhcpNameServer] 213.46.172.38 213.46.172.39

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Comp\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-04]

FireFox:
========
FF DefaultProfile: fd93r2bu.default-1383898885237
FF ProfilePath: C:\Users\Comp\AppData\Roaming\Mozilla\Firefox\Profiles\fd93r2bu.default-1383898885237 [2021-05-04]
FF Extension: (Mozilla Archive Format) - C:\Users\Comp\AppData\Roaming\Mozilla\Firefox\Profiles\fd93r2bu.default-1383898885237\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2016-02-25] [Legacy]
FF Extension: (No Name) - C:\Users\Comp\AppData\Roaming\Mozilla\Firefox\Profiles\fd93r2bu.default-1383898885237\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-06-06]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2021-04-28] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-07-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-01-11] (Foxit Corporation -> Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc. -> Yahoo! Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll [2010-04-23] (TVU networks -> TVU networks)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.) [File not signed]
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc. -> Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Karlíček\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2011-08-11] (Skype Technologies SA -> Skype Limited)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Karlíček\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2011-07-21] (Google Inc -> Google)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1003: @talk.google.com/O3DPlugin -> C:\Users\Karlíček\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2011-07-21] (Google Inc -> )
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Karlíček\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll [2011-07-31] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Karlíček\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll [2011-07-31] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Karlíček\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1003: @xenocode.com/Spoon Plugin 3.26 -> C:\Users\Karlíček\AppData\Local\Spoon\3.26.0.6\npMozillaSpoonPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Maminka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-08-11] (Unity Technologies SF -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1004: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1004: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1004: SkypePlugin -> C:\Users\Maminka\AppData\Local\SkypePlugin\7.31.0.56\npGatewayNpapi.dll [2017-02-03] (Microsoft Corporation -> Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Návštěvník\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-438729375-2292271272-1643045957-1007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Comp\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-10-03] (Unity Technologies ApS -> Unity Technologies ApS)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fpgkjhpjldibdbbppfcabadmpfenkdfe] - <no Path/update_url>

Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-438729375-2292271272-1643045957-1003) Opera - "C:\Users\Karlíček\Documents\My Completed Downloads\Portable Programs\Web Browsers\Opera.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SuperAdBlocker.com -> SUPERAntiSpyware.com) [File not signed]
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 Everything; C:\Program Files\Everything\Everything.exe [1710880 2019-02-04] (voidtools -> voidtools)
S4 HotspotShieldService; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [247808 2010-07-27] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [57640 2010-07-27] (AnchorFree Inc -> ) [File not signed]
S4 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [322608 2010-06-23] (AnchorFree Inc -> ) [File not signed]
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [4293488 2019-06-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5247944 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [261272 2019-02-05] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S4 uhssvc; C:\Program Files\Microsoft Update Health Tools\uhssvc.exe [263504 2021-03-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.9-0\NisSrv.exe [1716720 2021-05-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.9-0\MsMpEng.exe [87648 2021-05-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2016-07-25] (ChengDu AoMei Tech Co., Ltd -> ) [File not signed]
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [17352 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 mcdbus; C:\WINDOWS\System32\drivers\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R3 MpKsl034728a5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8F543AC9-C333-437A-9E55-F4DF9BBAA2D6}\MpKslDrv.sys [52448 2021-05-06] (Microsoft Windows -> Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R3 PAC7302; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (Microsoft Windows Hardware Compatibility Publisher -> PixArt Imaging Inc.)
S3 PcaSp60; C:\WINDOWS\system32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA))
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16016 2015-10-12] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [562176 2019-12-07] (Microsoft Windows -> Realtek)
S3 RTL8169; C:\WINDOWS\System32\DRIVERS\Rtlh86.sys [133120 2008-10-03] (Realtek Corporation) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [193656 2019-02-04] (Invincea, Inc. -> Sandboxie Holdings, LLC)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (OpenVPN, Inc. -> The OpenVPN Project)
R3 taphss; C:\WINDOWS\System32\drivers\taphss.sys [32768 2010-06-16] (AnchorFree Inc -> AnchorFree Inc)
R1 VBoxNetAdp; C:\WINDOWS\System32\DRIVERS\VBoxNetAdp6.sys [98704 2016-02-25] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [39328 2021-05-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [327904 2021-05-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53496 2021-05-04] (Microsoft Windows -> Microsoft Corporation)
U3 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-06 14:29 - 2021-05-06 14:32 - 000045920 _____ C:\Users\Maminka\Desktop\FRST.txt
2021-05-06 14:28 - 2021-05-05 09:36 - 002010624 _____ (Farbar) C:\Users\Maminka\Desktop\FRST.exe
2021-05-06 11:25 - 2021-05-06 11:31 - 000000000 ____D C:\AdwCleaner
2021-05-06 11:24 - 2021-05-06 11:23 - 008534696 _____ (Malwarebytes) C:\Users\Maminka\Desktop\adwcleaner_8.2.exe
2021-05-05 09:40 - 2021-05-06 14:31 - 000000000 ____D C:\FRST
2021-05-04 11:33 - 2021-05-04 11:33 - 012612600 _____ (AVAST Software) C:\Users\Comp\Downloads\avastclear.exe
2021-05-04 11:17 - 2021-05-04 11:17 - 012612600 _____ (AVAST Software) C:\Users\Maminka\Downloads\avastclear.exe
2021-05-03 12:31 - 2021-05-03 12:31 - 000002621 _____ C:\Users\Maminka\Downloads\smime.p7s
2021-04-28 13:41 - 2021-05-04 11:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-15 22:37 - 2021-05-04 11:44 - 000003478 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d72c01217d5f68
2021-04-15 15:14 - 2021-04-15 15:14 - 001434336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-14 12:30 - 2021-04-14 12:30 - 000000000 ____D C:\WINDOWS\PCHEALTH
2021-04-10 14:10 - 2021-04-10 14:10 - 000218258 _____ C:\Users\Maminka\Downloads\prilohy_178365.zip
2021-04-08 10:35 - 2021-04-08 10:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-04-08 01:57 - 2021-04-08 01:57 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-04-08 01:55 - 2021-04-08 01:55 - 000000020 ___SH C:\Users\Comp\ntuser.ini
2021-04-08 01:48 - 2021-04-08 01:48 - 000000020 ___SH C:\Users\Maminka\ntuser.ini
2021-04-08 01:44 - 2021-05-06 11:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-08 01:44 - 2021-05-05 14:23 - 000004208 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{F7262D93-127A-4F3F-92C3-929FCF75FC8B}
2021-04-08 01:44 - 2021-05-04 11:48 - 000004204 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1375252152
2021-04-08 01:44 - 2021-05-04 11:47 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-438729375-2292271272-1643045957-1004
2021-04-08 01:44 - 2021-05-04 11:44 - 000003572 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-08 01:44 - 2021-05-04 11:40 - 000003770 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1581104545
2021-04-08 01:44 - 2021-05-04 11:40 - 000003276 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-08 01:44 - 2021-05-04 11:40 - 000003104 _____ C:\WINDOWS\system32\Tasks\Wise Auto Shutdown Task.job
2021-04-08 01:44 - 2021-05-04 11:40 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-438729375-2292271272-1643045957-1003
2021-04-08 01:44 - 2021-05-04 11:40 - 000002770 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2021-04-08 01:44 - 2021-05-04 11:40 - 000002504 _____ C:\WINDOWS\system32\Tasks\Wise Auto Shutdown Task
2021-04-08 01:44 - 2021-05-04 11:40 - 000002352 _____ C:\WINDOWS\system32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2021-04-08 01:44 - 2021-05-04 11:40 - 000002286 _____ C:\WINDOWS\system32\Tasks\{CAC467AD-BA1D-49B2-8A8D-1B352D6EADCE}
2021-04-08 01:44 - 2021-05-04 11:40 - 000002286 _____ C:\WINDOWS\system32\Tasks\{0EEC141E-753D-47FF-90FD-89DBD7AF9C16}
2021-04-08 01:44 - 2021-05-04 11:40 - 000002230 _____ C:\WINDOWS\system32\Tasks\{44133E25-8CA6-44B6-B401-C336A0E15969}
2021-04-08 01:44 - 2021-05-04 11:40 - 000002012 _____ C:\WINDOWS\system32\Tasks\{ACE7A557-8088-40F3-914A-358B1A8996BE}
2021-04-08 01:44 - 2021-05-04 11:39 - 000003816 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2021-04-08 01:44 - 2021-05-04 11:39 - 000003648 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2021-04-08 01:44 - 2021-05-04 11:39 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d5ff0734b56ec5
2021-04-08 01:44 - 2021-05-04 11:39 - 000003406 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2021-04-08 01:44 - 2021-05-04 11:39 - 000003390 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-08 01:44 - 2021-05-04 11:39 - 000003194 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d5ff07347049de
2021-04-08 01:44 - 2021-05-04 11:39 - 000003166 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-08 01:44 - 2021-05-04 10:14 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-04-08 01:44 - 2021-04-22 18:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-04-08 01:44 - 2021-04-08 01:46 - 000003546 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003UA
2021-04-08 01:44 - 2021-04-08 01:46 - 000003274 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003Core
2021-04-08 01:44 - 2021-04-08 01:46 - 000003236 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2021-04-08 01:44 - 2021-04-08 01:46 - 000002490 _____ C:\WINDOWS\system32\Tasks\{BAB4145C-E88F-4A66-819C-2BE60CDC7AD3}
2021-04-08 01:44 - 2021-04-08 01:46 - 000002482 _____ C:\WINDOWS\system32\Tasks\{DD90D3CF-2969-4A94-800E-8C9D9455F1A2}
2021-04-08 01:44 - 2021-04-08 01:46 - 000002138 _____ C:\WINDOWS\system32\Tasks\SidebarExecute
2021-04-08 01:44 - 2021-04-08 01:45 - 000003512 _____ C:\WINDOWS\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003UA
2021-04-08 01:44 - 2021-04-08 01:45 - 000003270 _____ C:\WINDOWS\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003Core
2021-04-08 01:44 - 2021-04-08 01:45 - 000002734 _____ C:\WINDOWS\system32\Tasks\hibernace
2021-04-08 01:44 - 2021-04-08 01:44 - 000003424 _____ C:\WINDOWS\system32\Tasks\SafeZone scheduled Autoupdate 1495997204
2021-04-08 01:44 - 2021-04-08 01:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2021-04-08 01:44 - 2021-04-08 01:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\WiseCleaner
2021-04-08 01:44 - 2021-04-08 01:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\OfficeSoftwareProtectionPlatform
2021-04-08 01:44 - 2021-04-08 01:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-08 01:44 - 2021-04-08 01:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\moje úlohy
2021-04-08 01:44 - 2017-05-28 19:33 - 000000000 _____ C:\WINDOWS\system32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2021-04-08 01:44 - 2010-08-06 14:49 - 000003080 _____ C:\WINDOWS\system32\Tasks\{E15BCA64-7FA9-4477-9AE5-4312FB16ECCD}
2021-04-08 01:44 - 2010-07-15 18:23 - 000003102 _____ C:\WINDOWS\system32\Tasks\{54EC03B7-AFE8-4202-8DEC-647233106BC8}
2021-04-08 01:39 - 2021-04-08 01:44 - 000026673 _____ C:\WINDOWS\diagwrn.xml
2021-04-08 01:39 - 2021-04-08 01:44 - 000026673 _____ C:\WINDOWS\diagerr.xml
2021-04-08 01:31 - 2021-04-08 01:47 - 000000000 ____D C:\Windows.old
2021-04-08 01:20 - 2021-04-08 01:31 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-04-08 01:20 - 2021-04-08 01:20 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2021-04-08 01:10 - 2021-04-08 01:19 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-04-08 01:10 - 2021-04-08 01:10 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-04-08 01:05 - 2021-04-08 01:05 - 000000000 ____D C:\ProgramData\ssh
2021-04-08 00:58 - 2021-05-06 11:45 - 003355582 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-08 00:56 - 2021-04-08 00:56 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-04-08 00:56 - 2021-04-08 00:56 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-04-08 00:56 - 2021-04-08 00:56 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-04-08 00:56 - 2021-04-08 00:56 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-04-08 00:56 - 2021-04-08 00:56 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-04-08 00:56 - 2021-04-08 00:56 - 000036160 _____ C:\WINDOWS\system32\HvSocket.dll
2021-04-08 00:55 - 2021-04-08 00:55 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-04-08 00:55 - 2021-04-08 00:55 - 000941568 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-04-08 00:55 - 2021-04-08 00:55 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-04-08 00:55 - 2021-04-08 00:55 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-04-08 00:55 - 2021-04-08 00:55 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-04-08 00:55 - 2021-04-08 00:55 - 000053760 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 001797120 _____ C:\WINDOWS\system32\dwmscene.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 001128520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-04-08 00:54 - 2021-04-08 00:54 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-04-08 00:54 - 2021-04-08 00:54 - 000266240 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-04-08 00:54 - 2021-04-08 00:54 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-04-08 00:54 - 2021-04-08 00:54 - 000162304 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-04-08 00:54 - 2021-04-08 00:54 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-04-08 00:54 - 2021-04-08 00:54 - 000045056 _____ C:\WINDOWS\system32\runexehelper.exe
2021-04-08 00:54 - 2021-04-08 00:54 - 000039936 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-04-08 00:53 - 2021-04-08 00:53 - 001333760 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-04-08 00:53 - 2021-04-08 00:53 - 000611952 _____ C:\WINDOWS\system32\TextShaping.dll
2021-04-08 00:53 - 2021-04-08 00:53 - 000455680 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-04-08 00:53 - 2021-04-08 00:53 - 000235520 _____ C:\WINDOWS\system32\HeatCore.dll
2021-04-08 00:53 - 2021-04-08 00:53 - 000118784 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-04-08 00:53 - 2021-04-08 00:53 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-04-08 00:53 - 2021-04-08 00:53 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-04-08 00:52 - 2021-04-08 00:52 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-04-08 00:52 - 2021-04-08 00:52 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-04-08 00:52 - 2021-04-08 00:52 - 000330752 _____ C:\WINDOWS\system32\ssdm.dll
2021-04-08 00:52 - 2021-04-08 00:52 - 000240640 _____ C:\WINDOWS\system32\CoreMas.dll
2021-04-08 00:52 - 2021-04-08 00:52 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-04-08 00:52 - 2021-04-08 00:52 - 000148480 _____ C:\WINDOWS\system32\IHDS.dll
2021-04-08 00:52 - 2021-04-08 00:52 - 000128000 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-04-08 00:52 - 2021-04-08 00:52 - 000057344 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-04-08 00:52 - 2021-04-08 00:52 - 000047472 _____ C:\WINDOWS\system32\umpdc.dll
2021-04-08 00:52 - 2021-04-08 00:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-04-08 00:52 - 2021-04-08 00:52 - 000010752 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-04-08 00:39 - 2019-04-18 19:49 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-04-08 00:38 - 2021-05-06 11:45 - 000723958 _____ C:\WINDOWS\system32\perfh019.dat
2021-04-08 00:38 - 2021-05-06 11:45 - 000143432 _____ C:\WINDOWS\system32\perfc019.dat
2021-04-08 00:38 - 2021-05-04 11:47 - 000002417 _____ C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-08 00:38 - 2021-04-08 01:55 - 000000000 ____D C:\Users\Comp
2021-04-08 00:38 - 2021-04-08 01:48 - 000000000 ____D C:\Users\Maminka
2021-04-08 00:38 - 2021-04-08 01:39 - 000000000 ____D C:\Users\Karlíček
2021-04-08 00:38 - 2021-04-08 01:23 - 000000000 ____D C:\Users\Návštěvník
2021-04-08 00:38 - 2021-04-08 01:18 - 000000000 ____D C:\Users\Karol
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Šablony
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Soubory cookie
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Poslední
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Okolní tiskárny
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Okolní síť
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Nabídka Start
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Dokumenty
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Documents\Obrázky
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Documents\Hudba
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Documents\Filmy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Návštěvník\AppData\Local\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Šablony
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Soubory cookie
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Poslední
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Okolní tiskárny
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Okolní síť
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Nabídka Start
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Dokumenty
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Documents\Obrázky
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Documents\Hudba
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Documents\Filmy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Maminka\AppData\Local\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Šablony
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Soubory cookie
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Poslední
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Okolní tiskárny
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Okolní síť
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Nabídka Start
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Dokumenty
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Documents\Obrázky
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Documents\Hudba
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Documents\Filmy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karol\AppData\Local\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Šablony
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Soubory cookie
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Poslední
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Okolní tiskárny
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Okolní síť
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Nabídka Start
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Dokumenty
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Documents\Obrázky
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Documents\Hudba
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Documents\Filmy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Karlíček\AppData\Local\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Šablony
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Soubory cookie
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Poslední
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Okolní tiskárny
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Okolní síť
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Nabídka Start
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Dokumenty
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Documents\Obrázky
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Documents\Hudba
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Documents\Filmy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Guest\AppData\Local\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Šablony
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Soubory cookie
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Poslední
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Okolní tiskárny
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Okolní síť
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Nabídka Start
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Dokumenty
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Documents\Obrázky
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Documents\Hudba
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Documents\Filmy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-08 00:38 - 2021-04-08 00:38 - 000000000 _SHDL C:\Users\Comp\AppData\Local\Data aplikací
2021-04-08 00:38 - 2021-04-08 00:37 - 000340720 _____ C:\WINDOWS\system32\perfi019.dat
2021-04-08 00:38 - 2021-04-08 00:37 - 000041686 _____ C:\WINDOWS\system32\perfd019.dat
2021-04-08 00:38 - 2019-12-07 08:08 - 000001105 _____ C:\Users\Návštěvník\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-08 00:38 - 2019-12-07 08:08 - 000001105 _____ C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-08 00:38 - 2019-12-07 08:08 - 000001105 _____ C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-08 00:38 - 2019-12-07 08:08 - 000001105 _____ C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-08 00:37 - 2021-04-08 00:58 - 000000000 ____D C:\Users\Guest
2021-04-08 00:37 - 2021-04-08 00:37 - 000000000 ____D C:\WINDOWS\system32\ru
2021-04-08 00:37 - 2019-12-07 08:08 - 000001105 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-08 00:33 - 2021-04-15 22:32 - 000461504 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-08 00:33 - 2021-04-08 00:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-08 00:32 - 2021-04-08 00:32 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-08 00:26 - 2021-05-06 11:45 - 000738240 _____ C:\WINDOWS\system32\perfh015.dat
2021-04-08 00:26 - 2021-05-06 11:45 - 000144162 _____ C:\WINDOWS\system32\perfc015.dat
2021-04-08 00:26 - 2021-04-08 00:26 - 000343212 _____ C:\WINDOWS\system32\perfi015.dat
2021-04-08 00:26 - 2021-04-08 00:26 - 000041370 _____ C:\WINDOWS\system32\perfd015.dat
2021-04-08 00:26 - 2021-04-08 00:26 - 000000000 ____D C:\WINDOWS\system32\pl
2021-04-06 16:21 - 2021-04-08 01:49 - 000000000 ___DC C:\WINDOWS\Panther
2021-04-06 16:20 - 2021-04-06 16:20 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-06 13:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-06 13:25 - 2019-12-07 08:12 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-06 11:45 - 2019-12-07 14:21 - 000682184 _____ C:\WINDOWS\system32\perfh005.dat
2021-05-06 11:45 - 2019-12-07 14:21 - 000137000 _____ C:\WINDOWS\system32\perfc005.dat
2021-05-06 11:45 - 2019-12-07 08:10 - 000000000 ____D C:\WINDOWS\INF
2021-05-06 11:41 - 2012-05-10 13:56 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-06 11:40 - 2016-11-19 14:04 - 000000000 ____D C:\Users\Maminka\AppData\LocalLow\Mozilla
2021-05-06 11:37 - 2016-07-04 09:27 - 000000426 _____ C:\WINDOWS\Tasks\Wise Auto Shutdown Task.job
2021-05-06 11:36 - 2019-12-07 08:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-05-06 11:31 - 2011-10-04 20:25 - 000000000 ____D C:\Users\Comp\AppData\LocalLow\Yahoo!
2021-05-06 11:31 - 2011-10-04 20:24 - 000000000 ____D C:\Users\Comp\AppData\Roaming\Yahoo!
2021-05-06 11:31 - 2011-02-11 07:51 - 000000000 ____D C:\Users\Maminka\AppData\Roaming\Yahoo!
2021-05-06 11:31 - 2011-02-11 07:51 - 000000000 ____D C:\Users\Maminka\AppData\LocalLow\Yahoo!
2021-05-06 11:31 - 2011-01-06 12:54 - 000000000 ____D C:\Users\Karlíček\AppData\LocalLow\Yahoo!
2021-05-06 11:31 - 2010-09-29 22:04 - 000000000 ____D C:\Users\Karlíček\AppData\Roaming\Yahoo!
2021-05-06 11:31 - 2010-09-29 22:01 - 000000000 ____D C:\Program Files\Yahoo!
2021-05-04 13:03 - 2011-08-26 11:12 - 000000000 ____D C:\Program Files\JDownloader
2021-05-04 12:21 - 2019-04-24 20:04 - 000000000 ____D C:\Users\Maminka\AppData\Local\AVAST Software
2021-05-04 12:21 - 2017-05-28 20:45 - 000000000 ____D C:\Users\Maminka\AppData\Roaming\AVAST Software
2021-05-04 11:55 - 2018-05-15 23:23 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-04 11:52 - 2019-12-07 08:12 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-04 11:51 - 2020-10-29 01:17 - 000002389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-04 11:51 - 2020-10-29 01:17 - 000002227 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-04 11:49 - 2016-07-12 11:28 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-04 11:48 - 2017-06-30 19:38 - 000001445 _____ C:\Users\Maminka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2021-05-04 11:47 - 2016-07-05 20:43 - 000000000 ___RD C:\Users\Maminka\OneDrive
2021-05-04 11:39 - 2012-05-10 13:56 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2021-05-04 11:39 - 2011-09-26 20:43 - 000000000 ____D C:\ProgramData\AVAST Software
2021-05-04 11:35 - 2017-05-28 20:05 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-05-04 11:33 - 2017-05-28 19:12 - 000000000 ____D C:\Users\Comp\AppData\LocalLow\Mozilla
2021-05-04 11:31 - 2011-03-26 15:23 - 000001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-30 11:28 - 2020-10-24 21:27 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-29 12:52 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-22 10:46 - 2019-06-19 15:31 - 000000000 ____D C:\Users\Maminka\AppData\Roaming\Everything
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-15 22:27 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-15 15:30 - 2019-12-07 08:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-15 15:30 - 2019-12-07 08:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-15 15:14 - 2010-07-15 14:40 - 000414044 __RSH C:\bootmgr
2021-04-14 15:46 - 2013-08-15 03:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 15:30 - 2010-07-15 17:45 - 128249400 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-14 15:29 - 2013-06-06 14:02 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-04-14 15:21 - 2009-07-14 04:04 - 000000786 _____ C:\WINDOWS\win.ini
2021-04-14 12:30 - 2019-12-07 08:12 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2021-04-09 22:19 - 2015-07-26 09:22 - 000000270 __RSH C:\ProgramData\ntuser.pol
2021-04-09 15:49 - 2019-03-20 15:12 - 000000000 ____D C:\Users\Maminka\Desktop\DANUTA
2021-04-08 10:29 - 2020-01-25 18:57 - 000647560 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-04-08 10:06 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\appcompat
2021-04-08 10:05 - 2017-12-23 05:12 - 000000000 ____D C:\Users\Maminka\AppData\Local\Packages
2021-04-08 02:08 - 2019-12-07 08:12 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-04-08 01:51 - 2018-08-09 17:47 - 000000000 ____D C:\ProgramData\Packages
2021-04-08 01:51 - 2017-12-23 09:15 - 000000000 ___RD C:\Users\Maminka\3D Objects
2021-04-08 01:51 - 2016-04-27 06:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-04-08 01:46 - 2019-12-07 08:12 - 000000000 ____D C:\Program Files\Windows NT
2021-04-08 01:45 - 2019-12-07 08:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-04-08 01:44 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\Registration
2021-04-08 01:44 - 2019-12-07 08:12 - 000000000 ____D C:\ProgramData\USOPrivate
2021-04-08 01:44 - 2019-12-07 08:12 - 000000000 ____D C:\Program Files\Windows Defender
2021-04-08 01:32 - 2019-12-07 08:12 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-04-08 01:32 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-04-08 01:32 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\spool
2021-04-08 01:32 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-08 01:32 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-04-08 01:32 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\IME
2021-04-08 01:32 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\System
2021-04-08 01:32 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\schemas
2021-04-08 01:32 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\ServiceState
2021-04-08 01:32 - 2019-03-19 04:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-04-08 01:32 - 2017-04-11 14:57 - 000000000 ____D C:\WINDOWS\PixArt
2021-04-08 01:32 - 2016-04-27 06:18 - 000000000 ____D C:\WINDOWS\ShellNew
2021-04-08 01:32 - 2014-11-20 19:15 - 000000000 ____D C:\WINDOWS\system32\vbox
2021-04-08 01:32 - 2011-10-19 20:44 - 000000000 ____D C:\WINDOWS\system32\TVUAx
2021-04-08 01:32 - 2011-02-25 15:23 - 000000000 ____D C:\WINDOWS\system32\SPReview
2021-04-08 01:32 - 2011-02-25 15:22 - 000000000 ____D C:\WINDOWS\system32\EventProviders
2021-04-08 01:32 - 2010-07-27 01:06 - 000000000 ____D C:\WINDOWS\system32\Lang
2021-04-08 01:32 - 2010-07-15 16:38 - 000000000 ____D C:\WINDOWS\system32\Adobe
2021-04-08 01:31 - 2019-12-07 08:14 - 000000000 ____D C:\WINDOWS\Setup
2021-04-08 01:31 - 2019-12-07 08:12 - 000000000 __SHD C:\Program Files\Windows Sidebar
2021-04-08 01:31 - 2019-12-07 08:12 - 000000000 ____D C:\Program Files\Common Files\System
2021-04-08 01:31 - 2019-06-19 09:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2021-04-08 01:31 - 2019-06-18 11:28 - 000000000 ____D C:\Program Files\UNP
2021-04-08 01:31 - 2019-04-14 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2021-04-08 01:31 - 2018-12-30 12:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Upgrade S 4.5.9
2021-04-08 01:31 - 2018-09-15 07:10 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-04-08 01:31 - 2017-10-05 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-04-08 01:31 - 2017-04-11 14:57 - 000000000 ____D C:\Program Files\Realtek
2021-04-08 01:31 - 2016-11-04 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMP WinOFF
2021-04-08 01:31 - 2016-10-13 17:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONE TOUCH Upgrade S 2.8.5
2021-04-08 01:31 - 2016-08-10 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-08 01:31 - 2016-07-25 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Standard Edition 6.0
2021-04-08 01:31 - 2016-07-05 14:44 - 000000000 ____D C:\Program Files\MSBuild
2021-04-08 01:31 - 2016-05-08 09:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Auto Shutdown
2021-04-08 01:31 - 2015-08-16 09:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows AIK
2021-04-08 01:31 - 2015-08-14 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI PE Builder 1.4
2021-04-08 01:31 - 2015-07-29 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2021-04-08 01:31 - 2015-06-06 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcatel onetouch Manager
2021-04-08 01:31 - 2015-06-06 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONE TOUCH Upgrade S 2.8.0
2021-04-08 01:31 - 2014-08-29 11:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2021-04-08 01:31 - 2013-10-21 21:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-04-08 01:31 - 2013-04-02 18:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2021-04-08 01:31 - 2013-04-02 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft WebCam Companion 3
2021-04-08 01:31 - 2013-04-02 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC VGA Camer@ Plus
2021-04-08 01:31 - 2013-03-27 11:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2021-04-08 01:31 - 2013-03-21 16:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2021-04-08 01:31 - 2012-10-13 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ipla
2021-04-08 01:31 - 2012-10-02 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2021-04-08 01:31 - 2012-07-15 14:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klavaro
2021-04-08 01:31 - 2012-07-02 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-08 01:31 - 2012-04-04 17:46 - 000000000 ____D C:\WINDOWS\cs
2021-04-08 01:31 - 2012-01-10 16:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenWith.org Desktop Tool
2021-04-08 01:31 - 2011-11-24 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASuite
2021-04-08 01:31 - 2011-10-04 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2021-04-08 01:31 - 2011-08-28 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I-Doser Premium
2021-04-08 01:31 - 2011-08-24 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eyeQ
2021-04-08 01:31 - 2011-08-21 12:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neuro-Programmer 3
2021-04-08 01:31 - 2011-07-20 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All Ten Fingers
2021-04-08 01:31 - 2011-07-18 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FacebookDiscovery
2021-04-08 01:31 - 2011-05-04 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
2021-04-08 01:31 - 2011-04-30 14:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperMemo Extreme English!
2021-04-08 01:31 - 2011-04-29 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LanguageNow! V7
2021-04-08 01:31 - 2011-04-11 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vocaboly
2021-04-08 01:31 - 2011-04-06 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfoTag Magic
2021-04-08 01:31 - 2011-04-05 12:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TapinRadio 1.34
2021-04-08 01:31 - 2011-03-31 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free HTTP Sniffer
2021-04-08 01:31 - 2011-03-23 14:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD
2021-04-08 01:31 - 2011-02-23 22:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
2021-04-08 01:31 - 2011-02-15 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Task Coach
2021-04-08 01:31 - 2011-02-02 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free MP3 Joiner
2021-04-08 01:31 - 2011-01-13 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1Time
2021-04-08 01:31 - 2010-12-29 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fwink
2021-04-08 01:31 - 2010-11-23 11:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind
2021-04-08 01:31 - 2010-09-07 10:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ziepod+
2021-04-08 01:31 - 2010-08-01 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2021-04-08 01:31 - 2010-07-28 15:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedlingua Professional Individual
2021-04-08 01:31 - 2010-07-26 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2021-04-08 01:31 - 2010-07-26 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2021-04-08 01:31 - 2010-07-23 19:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TELL ME MORE Performance
2021-04-08 01:31 - 2010-07-22 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperMemo UX
2021-04-08 01:31 - 2010-07-18 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
2021-04-08 01:31 - 2010-07-17 14:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2021-04-08 01:31 - 2010-07-15 20:34 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.2
2021-04-08 01:31 - 2010-07-15 19:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2021-04-08 01:31 - 2010-07-15 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webcam 1200
2021-04-08 01:31 - 2010-07-15 18:18 - 000000000 ____D C:\Program Files\Intel
2021-04-08 01:31 - 2009-07-14 04:37 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicyUsers
2021-04-08 01:31 - 2009-07-14 04:37 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-04-08 01:30 - 2019-12-07 08:12 - 000000000 __RHD C:\Users\Public\Libraries
2021-04-08 01:25 - 2016-07-05 14:44 - 000021592 _____ C:\WINDOWS\system32\emptyregdb.dat
2021-04-08 01:24 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\Media
2021-04-08 01:22 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-04-08 01:22 - 2016-07-05 14:44 - 000000000 ____D C:\WINDOWS\system32\XPSViewer
2021-04-08 01:21 - 2016-07-05 14:44 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2021-04-08 01:20 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\Resources
2021-04-08 01:20 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\Help
2021-04-08 01:20 - 2019-06-19 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2021-04-08 01:20 - 2016-11-26 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2021-04-08 01:20 - 2016-07-05 14:44 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-04-08 01:20 - 2013-06-06 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2021-04-08 01:20 - 2012-07-05 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2021-04-08 01:20 - 2011-01-13 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2021-04-08 01:20 - 2010-08-04 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2021-04-08 01:20 - 2010-07-28 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Alternative
2021-04-08 01:20 - 2010-07-26 12:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamingStar
2021-04-08 01:20 - 2009-07-14 06:52 - 000000000 ____D C:\Program Files\Microsoft Games
2021-04-08 01:05 - 2019-12-07 14:23 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugins
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\Com
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\IME
2021-04-08 01:05 - 2019-12-07 08:12 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-04-08 01:03 - 2019-12-07 14:23 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-04-08 01:03 - 2019-12-07 14:23 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-04-08 00:50 - 2019-06-19 12:59 - 000000000 ____D C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2021-04-08 00:50 - 2019-03-29 10:36 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-08 00:50 - 2012-07-02 11:22 - 000000000 ____D C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-08 00:50 - 2012-05-08 20:46 - 000000000 ____D C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MemoryLifter
2021-04-08 00:50 - 2012-02-18 16:15 - 000000000 ____D C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Task List Guru
2021-04-08 00:50 - 2012-01-19 15:46 - 000000000 ____D C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RSS Bandit
2021-04-08 00:50 - 2011-12-02 13:05 - 000000000 ____D C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KeyFreeze
2021-04-08 00:50 - 2011-10-07 21:40 - 000000000 ____D C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MultiSkypeLauncher
2021-04-08 00:50 - 2011-07-19 10:36 - 000000000 ____D C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2021-04-08 00:50 - 2011-05-15 20:41 - 000000000 ____D C:\Users\Comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamTorrent 1.0
2021-04-08 00:50 - 2011-04-29 12:18 - 000000000 ____D C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCS WinVisible
2021-04-08 00:50 - 2011-03-16 16:36 - 000000000 ____D C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOICEbook Shelf Volume 1
2021-04-08 00:50 - 2011-01-18 21:19 - 000000000 ____D C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
2021-04-08 00:46 - 2017-12-23 05:11 - 000000000 ____D C:\Users\Návštěvník\AppData\Local\Packages
2021-04-08 00:45 - 2017-12-23 05:17 - 000000000 ____D C:\Users\Comp\AppData\Local\Packages
2021-04-08 00:43 - 2019-04-14 09:47 - 000000000 ____D C:\Users\Karlíček\AppData\Local\Packages
2021-04-08 00:43 - 2011-03-05 17:53 - 000000000 ____D C:\Users\Karlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digsby
2021-04-08 00:39 - 2019-12-07 14:22 - 000000000 ____D C:\WINDOWS\OCR
2021-04-08 00:38 - 2019-12-07 14:21 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-04-08 00:38 - 2019-12-07 14:21 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-04-08 00:38 - 2019-12-07 14:21 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-04-08 00:37 - 2019-12-07 14:21 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-04-08 00:37 - 2019-12-07 08:12 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-04-08 00:35 - 2017-04-11 14:57 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2021-04-07 23:09 - 2010-07-15 14:40 - 000008192 __RSH C:\BOOTSECT.BAK

==================== Files in the root of some directories ========

2011-12-02 13:28 - 2011-12-02 13:28 - 000000308 _____ () C:\Program Files\KeyFreeze.appref-ms
2011-03-02 15:12 - 2011-03-02 15:13 - 000000990 ___SH () C:\Users\Comp\AppData\Roaming\systemfl.$dk
2011-11-27 12:00 - 2011-11-27 12:00 - 000007623 _____ () C:\Users\Comp\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

SGC
Návštěvník
Návštěvník
Příspěvky: 369
Registrován: 15 dub 2008 13:09

Re: Vodafone mi oznámilo, že jsem v botnetu

#19 Příspěvek od SGC »

ADDITION

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-04-2021
Ran by Comp (06-05-2021 14:38:22)
Running from C:\Users\Maminka\Desktop
Microsoft Windows 10 Home Version 20H2 19042.928 (X86) (2021-04-07 23:47:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-438729375-2292271272-1643045957-500 - Administrator - Disabled)
ASPNET (S-1-5-21-438729375-2292271272-1643045957-1010 - Limited - Enabled)
Comp (S-1-5-21-438729375-2292271272-1643045957-1007 - Administrator - Enabled) => C:\Users\Comp
DefaultAccount (S-1-5-21-438729375-2292271272-1643045957-503 - Limited - Disabled)
Guest (S-1-5-21-438729375-2292271272-1643045957-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-438729375-2292271272-1643045957-1014 - Limited - Enabled)
Karlíček (S-1-5-21-438729375-2292271272-1643045957-1003 - Limited - Enabled) => C:\Users\Karlíček
Karol (S-1-5-21-438729375-2292271272-1643045957-1011 - Limited - Enabled) => C:\Users\Karol
Maminka (S-1-5-21-438729375-2292271272-1643045957-1004 - Limited - Enabled) => C:\Users\Maminka
Návštěvník (S-1-5-21-438729375-2292271272-1643045957-1006 - Limited - Enabled) => C:\Users\Návštěvník
WDAGUtilityAccount (S-1-5-21-438729375-2292271272-1643045957-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1Time ver 2.2 (HKLM\...\1Time ver 2.2_is1) (Version: - )
32 Bit HP CIO Components Installer (HKLM\...\{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}) (Version: 6.1.1 - Hewlett-Packard) Hidden
Adblock Plus pro IE (32-bit) (HKLM\...\{829B7328-74A3-4DF1-BCD2-C8415A36B486}) (Version: 1.6 - Eyeo GmbH)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Alcatel onetouch Manager (HKLM\...\{C32EDA33-2F6F-0200-0000-000000000000}) (Version: 13.05.2155 - Mobile Action)
AMP WinOFF 5.0.1 (HKLM\...\AMP WinOFF) (Version: 5.0.1 - Alberto Martinez Perez)
Anki (HKLM\...\Anki) (Version: - )
AOMEI Partition Assistant Standard Edition 6.0 (HKLM\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
AOMEI PE Builder 1.4 (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5566909D}_is1) (Version: - AOMEI Technology Co., Ltd.)
ArcSoft WebCam Companion 3 (HKLM\...\{B3236C7B-455E-4CDB-B3E1-7A2190B054BC}) (Version: 3.0.33.183 - ArcSoft)
Ashampoo Burning Studio 10 10.0.7 (HKLM\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.7 - ashampoo GmbH & Co. KG)
ASUS RT-N12E Wireless Router Utilities (HKLM\...\{BAC6FEB3-D5F4-4627-BCA1-18F914FC6C17}) (Version: 4.2.3.8 - ASUS)
Captcha.trader Mipony Plugin 1.0 (HKLM\...\Captcha.trader Mipony Plugin) (Version: 1.0 - )
CzRus QWERTY Caps 2.0.2 (HKLM\...\{C841483C-8A64-452A-93C8-53D5CDE03F8A}) (Version: 1.0.3.40 - Đonny)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
EasyBits GO (HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\Game Organizer) (Version: - EasyBits Media)
Everything 1.4.1.935 (x86) (HKLM\...\Everything) (Version: 1.4.1.935 - David Carpenter)
eyeQ (HKLM\...\{B33CD700-6738-11D4-87FE-0080C6F974A2}) (Version: - )
Facebook Video Calling 1.0.0.7897 (HKLM\...\{422D76A7-38F1-4243-A7C7-21FCA56B7FA9}) (Version: 1.0.7897 - Skype Limited)
FacebookDiscovery 5.0.126 (HKLM\...\FacebookDiscovery_is1) (Version: 5.0.126 - msgdiscovery.com)
FeedDemon (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\FeedDemon_is1) (Version: 4.0.0.22 - NewsGator Technologies, Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 5.4.5.124 - Foxit Corporation)
Free HTTP Sniffer (HKLM\...\Free HTTP Sniffer) (Version: - )
Free MP3 Joiner 3.6.1.2 (HKLM\...\Free MP3 Joiner_is1) (Version: - FreeAudioVideoSoftTech, Inc.)
Freecorder 4.01 Application (HKLM\...\Freecorder4.01) (Version: 4.01 - Applian Technologies Inc.)
FreeFileSync 10.13 (HKLM\...\FreeFileSync_is1) (Version: 10.13 - FreeFileSync.org)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.8.1 - )
Fwink (HKLM\...\{F432F2AE-F463-4491-A5FE-844849992F6E}) (Version: 1.0.96 - Chris Lundie)
Gadu-Gadu 10 (HKLM\...\Gadu-Gadu 10) (Version: - GG Network S.A.)
GameXN GO (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\Game Organizer) (Version: - EasyBits Media)
Gmail Backup (HKLM\...\gmailbackup) (Version: - )
Google Earth Pro (HKLM\...\{59F21DFB-6977-434B-9CB9-67783D6E7B6B}) (Version: 7.3.3.7786 - Google)
Google Chrome (HKLM\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
Google Talk (remove only) (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Talk Plugin (HKLM\...\{A89DEBCA-F743-3412-97F6-B2E489194551}) (Version: 2.2.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.145 - Google Inc.) Hidden
Hotspot Shield 1.49 (HKLM\...\HotspotShield) (Version: 1.49 - AnchorFree)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
I-Doser Premium (HKLM\...\I-Doser) (Version: 5.0 - I-Doser.com)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Improve Your English Pro 2.7.0 (HKLM\...\{A311A732-8FAD-4970-94A6-A8D1F97366DF}_is1) (Version: - www.rentanadviser.com)
InfoTag Magic 1.0 (HKLM\...\InfoTag Magic 1.0) (Version: 1.0.beta5 - ContextMagic.com)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
ipla 2.10 (HKLM\...\ipla) (Version: 2.10 - Redefine Sp z o.o.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (HKLM\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeyFreeze (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\266e56dfe0bcee5a) (Version: 1.0.0.1 - KeyFreeze)
Klavaro-1.9.4 (HKLM\...\Klavaro_is1) (Version: - )
K-Lite Codec Pack 10.4.5 Basic (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
LanguageNow! (HKLM\...\LanguageNow!) (Version: - )
Macrium Reflect Free Edition (HKLM\...\{C53E7340-7446-47D1-A191-5BC5A0EBD470}) (Version: 7.2.4325 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.2 - Paramount Software (UK) Ltd.)
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes verze 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MemoryLifter (HKLM\...\{2120B2F7-93AF-4063-B2E0-C1707E77D78C}) (Version: 2.4.1 - OMICRON electronics GmbH)
Messenger Plus! 5 (HKLM\...\Messenger Plus!) (Version: 5.10.0.750 - Yuna Software)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Edge (HKLM\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\OneDriveSetup.exe) (Version: 18.143.0717.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-438729375-2292271272-1643045957-1006\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{389456AD-8CD0-42D6-866A-531330AE8372}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (HKLM\...\{370187B9-6964-38D0-851F-6C4898B0C2B1}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Mobile Upgrade S 4.5.9 (HKLM\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version: - TCL Communication Technology Holdings Limited)
Mozilla Firefox 88.0 (x86 cs) (HKLM\...\Mozilla Firefox 88.0 (x86 cs)) (Version: 88.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0.0.7775 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MultiSkypeLauncher (remove only) (HKLM\...\MultiSkypeLauncher) (Version: 1.8 - MultiSkypeLauncher)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NCS WinVisible (HKLM\...\{D1FD6957-27F6-41FF-90F3-2C9AF5912719}) (Version: 1.0.5004 - Neptune Century Studios)
Neuro-Programmer 3.0.1 (HKLM\...\Neuro-Programmer 3_is1) (Version: - Transparent Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\Octoshape add-in for Adobe Flash Player) (Version: - )
OpenFM (HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\OpenFM) (Version: 2 - GG Network S.A.)
OpenOffice.org 3.2 (HKLM\...\{FAB43061-FEFB-46E8-A159-96710395DB5E}) (Version: 3.2.9505 - OpenOffice.org)
OpenWith.org 1.0.3 (HKLM\...\{B52F8C4B-FE88-4B59-9B80-1C93669D7DEB}_is1) (Version: - OpenWith.org)
Opera 11.50 (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\Opera 11.50.1074) (Version: 11.50.1074 - Opera Software ASA)
Opera Stable 75.0.3969.243 (HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\Opera 75.0.3969.243) (Version: 75.0.3969.243 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaltalkScene (HKLM\...\PalTalk8.2) (Version: 9.9 - AVM Software Inc.)
PC VGA Camer@ Plus (HKLM\...\{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}) (Version: 1.0.0.19 - Aecotech)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polish QWERTY (HKLM\...\{110ABC2E-97F0-4001-8D3E-CCA63F53A5FD}) (Version: 1.0.3.40 - STROKES)
QT Lite 4.1.0 (HKLM\...\quicktime_lite_is1) (Version: 4.1.0 - )
QTTabBar 1.5.0.0 Beta 1 (HKLM\...\{EF791F98-18A0-4446-AEE9-38511C16D521}) (Version: 1.5.225 - Quizo and Paul Accisano)
QuickSFV (Remove only) (HKLM\...\QuickSFV) (Version: - )
RapidLoader (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\RapidLoader) (Version: - Colin Palmer)
Real Alternative 2.0.2 Lite (HKLM\...\RealAlt_is1) (Version: 2.0.2 - )
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5767 - Realtek Semiconductor Corp.)
Rosetta Stone Version 3 (HKLM\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
Sandboxie 5.28 (32-bit) (HKLM\...\Sandboxie) (Version: 5.28 - Sandboxie Holdings, LLC)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0100-0405-0000-0000000FF1CE}_Office15.OMUI.cs-cz_{78A9943A-5DB1-4B90-8AEF-5CE30456FB6E}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype Web Plugin (HKLM\...\{CD62BCB9-02D2-443F-AC7A-443377DA5B38}) (Version: 7.31.0.56 - Skype Technologies S.A.)
Skype™ 7.40 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SopCast 3.0.3 (HKLM\...\SopCast) (Version: 3.0.3 - SopCast.com)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Speedlingua American English Pack 2.1 SLPI (HKLM\...\{7B15F03F-1982-4bd1-BC4B-F53A93AE8D56}_is1) (Version: 2.1 - Speedlingua S.A.)
Speedlingua Individual 2.1 (HKLM\...\{27E7DBC9-904E-453e-A6F5-01DADE9D8B5B}_is1) (Version: 2.1 - Speedlingua S.A.)
Spoon Sandbox Manager 3.26 (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\Spoon Sandbox Manager 3.26) (Version: 3.26.0.6 - Code Systems Corporation)
StreamTorrent 1.0 (HKLM\...\StreamTorrent 1.0) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1022 - SUPERAntiSpyware.com)
SuperMemo Extreme English! (HKLM\...\SuperMemo Extreme English!) (Version: - )
SuperMemo UX - Grammar&Idioms in Use (HKLM\...\SuperMemo UX - Extreme English: Grammar & Idioms in Use ) (Version: 1.4.0.1 - SuperMemo World)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Task Coach 1.2.9 (HKLM\...\Task Coach_is1) (Version: - Frank Niessink and Jerome Laheurte)
Task List Guru 2.50 (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\Task List Guru_is1) (Version: 2.50 - Jiri Novotny, Dextronet)
TELL ME MORE (HKLM\...\TMM90) (Version: - )
Unity Web Player (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-438729375-2292271272-1643045957-1006\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM\...\{90150000-012B-0405-0000-0000000FF1CE}_Office15.OMUI.cs-cz_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
URL Helper (HKLM\...\URL Helper_is1) (Version: - )
URL Snooper v2.28.01 (HKLM\...\URLSnooper 2_is1) (Version: - DonationCoder.com)
VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Veetle TV 0.9.18 (HKLM\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vocaboly 3.0 (HKLM\...\{43EBFA90-95DF-4b69-A63F-68B3FAE4E8F8}_is1) (Version: - Vocaboly Software)
Webcam 1200 (HKLM\...\{66D475AE-F18B-43A0-8BAF-61AF4403E339}) (Version: 1.0.0.0 - Logitech)
Windows 7 Manager (HKLM\...\{13DE3939-422A-44D5-BD52-B85EF48DBDAB}) (Version: 1.2.6 - Yamicsoft)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{1407B87C-36E3-4FC1-9051-D08B21E1096F}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Shutdown Assistant V3.0.9 (HKLM\...\{4DFA83B9-2722-435D-9F7D-756F902D48FE}_is1) (Version: 3.0.9 - APOWERSOFT LIMITED)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 5.70 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Wise Auto Shutdown 1.61 (HKLM\...\Wise Auto Shutdown_is1) (Version: 1.61 - WiseCleaner.com, Inc.)
Xleaner v3.3.0.1 (HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\{72D84E46-E633-4729-8A77-2347C8CD4096}_is1) (Version: - MoreThanACleaner.de)
XviD Video Codec (remove only) (HKLM\...\XviD Video Codec) (Version: - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
YouSendIt Application Plug-in SDK (HKLM\...\InstallShield_{3AE00DF4-ADF1-479E-834C-D1B2E71570BD}) (Version: 1.0.2 - YouSendIt)

Packages:
=========
@{Microsoft.BingNews_4.36.20583.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithTagline} -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20583.0_x86__8wekyb3d8bbwe [2021-04-10] (Microsoft Corporation) [MS Ad]
@{Microsoft.BingWeather_4.36.20503.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding} -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20503.0_x86__8wekyb3d8bbwe [2021-04-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-09] (Microsoft Corporation) [MS Ad]
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x86__8wekyb3d8bbwe [2016-07-05] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{10D8693B-09F1-4595-8944-F8DFB825F11F}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{167FD956-39C3-374C-927A-1D3C47CB6663}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{4424021B-831C-4F50-A74F-1AF30ADA650C}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Maminka\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies SF -> Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{62593C70-ACF0-44CC-8716-990919D46A85}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{68184D48-051A-311C-882D-30E8CDECFE3D}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Karlíček\AppData\Local\temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{7253b364-18c5-555a-4b07-26abb39c9f99}\InprocServer32 -> C:\Users\Maminka\AppData\Local\SkypePlugin\7.31.0.56\EdgeBrokerPS.dll (Microsoft Corporation -> Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{78347620-4EAB-30D9-A0E0-17812FAFE927}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{7BD11BDB-D781-3B76-AB98-EAE7663D8644}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{A2D48AF1-951B-44FC-BA37-B27EBBF95C3B}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.4.154.333\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{AD125A81-9419-33B1-9FC7-71430C0CD9D9}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{B7AEE3D0-7829-4B16-853D-8A8062091FD2}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.5.245.0\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{E4441051-104A-32A7-AF72-D4C66D8CB61B}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{E5A7A7B5-9D06-4DBE-BAC0-04B69FF070B5}\InprocServer32 -> C:\Users\Maminka\AppData\Local\SkypePlugin\7.31.0.56\GatewayActiveX.dll (Microsoft Corporation -> Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\localserver32 -> C:\Users\Maminka\AppData\Local\Programs\Opera\75.0.3969.243\notification_helper.exe (Opera Software AS -> The Chromium Authors)
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1007_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Comp\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS -> Unity Technologies ApS)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com -> SuperAdBlocker.com) [File not signed]
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [IZArcCM] -> [CC]{BC593DF5-466F-44EC-8FFD-C4DBC603B917} => -> No File
ContextMenuHandlers1: [miranda.shlext] -> [CC]{72013A26-A94C-11d6-8540-A5E62932711D} => -> No File
ContextMenuHandlers1: [OpenWith.org] -> [CC]{1569D0D3-1127-48A2-A4BC-958553F472C5} => -> No File
ContextMenuHandlers1: [QuickSFV Shell Extension] -> [CC]{906b0e6e-61ce-11d3-8ee2-0060080a7242} => -> No File
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-06-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-06-05] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-04] () [File not signed]
ContextMenuHandlers4: [DAP_ShredMenu] -> [CC]{BED4C38B-F765-45AC-8C56-613F76BBF43E} => -> No File
ContextMenuHandlers4: [IZArcCM] -> [CC]{BC593DF5-466F-44EC-8FFD-C4DBC603B917} => -> No File
ContextMenuHandlers4: [miranda.shlext] -> [CC]{72013A26-A94C-11d6-8540-A5E62932711D} => -> No File
ContextMenuHandlers4: [QuickSFV Shell Extension] -> [CC]{906b0e6e-61ce-11d3-8ee2-0060080a7242} => -> No File
ContextMenuHandlers4: [SimpleShlExt] -> {03B54A4E-A635-418E-81FC-CF60CBB141AA} => -> No File
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-04] () [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\system32\xvidvfw.dll [163840 2009-08-23] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2010-07-04 23:32 - 2010-07-04 23:32 - 000010752 _____ () [File not signed] C:\Program Files\Unlocker\UnlockerCOM.dll
2011-09-06 11:02 - 2001-10-28 17:42 - 000116224 _____ () [File not signed] C:\WINDOWS\System32\pdfcmnnt.dll
2009-09-20 12:36 - 2009-09-20 12:36 - 000249344 _____ (Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqcxs08.dll
2009-09-20 12:24 - 2009-09-20 12:24 - 000213504 _____ (Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqddcmn.dll
2009-09-20 12:24 - 2009-09-20 12:24 - 000133120 _____ (Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqddsvc.dll
2009-09-20 12:31 - 2009-09-20 12:31 - 000694784 _____ (Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpslpsvc32.dll
2008-12-03 20:05 - 2008-12-03 20:05 - 000044544 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2008-12-03 20:05 - 2008-12-03 20:05 - 000053760 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2011-07-19 02:08 - 2011-07-19 02:08 - 000141696 _____ (SuperAdBlocker.com -> SUPERAntiSpyware.com) [File not signed] C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\ampa.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ampa.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:157E1AD3 [131]
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA [126]
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [129]
AlternateDataStreams: C:\ProgramData\TEMP:CDF51F17 [490]
AlternateDataStreams: C:\ProgramData\TEMP:F87C192A [106]
AlternateDataStreams: C:\Users\Maminka\Desktop\1002562_4437333991295_1889097141_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\1025384_10202870660219847_49888386563297184_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10403097_10202871395558230_1785771478449425294_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10418493_10202871391438127_6616450470683584480_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10458993_10202870627419027_170774857220055740_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10487249_10201150167236108_3247067776297046836_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10513423_10201175598991886_3229205883465822546_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\1900434_10202871398118294_1828841530637484206_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\1964966_10200572759441274_533746769_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\257956_149018278502655_6371460_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\482aeb68c5_71787275_o2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\googleupdatesetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Desktop\IMG_20130908_103946.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\photo.php:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\Zdravá-chuze-po-celý-život.PDF:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Desktop\Zdravá-chuze-po-celý-život.PDF:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\100+2_tipu_pro_hubnuti_bez_hladoveni.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\100+2_tipu_pro_hubnuti_bez_hladoveni.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\14.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\14.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\1483341115-potvrzeni-lekare-o-diagnoze-2017(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\1483341115-potvrzeni-lekare-o-diagnoze-2017.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\2015-04-Cennik_lieky_CZ.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\2015-04-Cennik_lieky_CZ.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\2015-09-23_96581.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\2015-09-23_96581.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\23465164.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\23465164.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\23681034.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\23681034.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\alcatel-onetouchmanager-2-2-1305-2155.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\alcatel-onetouchmanager-2-2-1305-2155.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\cestinaA2.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\cestinaA2.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Download_Driver_1.0_Setup.rar:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Download_Driver_1.0_Setup.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\hakl-nove-trendy.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\hakl-nove-trendy.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\HYUSI331_N_CZ-SK-PL-ENG-HU.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\HYUSI331_N_CZ-SK-PL-ENG-HU.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\JmdXIF.jpg:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\JmdXIF.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Jídelní lístek č.3 13.2.-19.2.2017.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\kas---program-akci-06-2016.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\kas---program-akci-06-2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\kompletni_cenik.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\kompletni_cenik.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Kontaktní místa 2008_2.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\Kontaktní místa 2008_2.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Lyrica_75mg_SPC.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\magistra-leky-bez-doplatku-brezen-2017.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\magistra-leky-bez-doplatku-brezen-2017.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\magistra-leky-bez-doplatku-cerven-2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\MediaCreationTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\MediaCreationTool.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\mpsv_mikop_zap_letak_iap.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\mpsv_mikop_zap_letak_iap.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\nahled04_10161_program_akci_listopad_2015.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\nahled04_10161_program_akci_listopad_2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Neurontin_tabs_SPC.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Neurontin_tabs_SPC.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\ONE TOUCH Upgrade S 2.8.5 Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\ONE TOUCH Upgrade S 2.8.5 Setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\one-touch-upgrade-s-2-8-0-setup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\one-touch-upgrade-s-2-8-0-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Otázky k zápisu1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Otázky k zápisu1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\p4-2006e-53.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\p4-2006e-53.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\pdfshow.php:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\PI16251.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\poezjaani.republika.pl-zyczenia-urodziny.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Pravidla_o_nakladani_s_chemickymi_latkami.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\Pravidla_o_nakladani_s_chemickymi_latkami.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2012-01-01_-_2012-12-31.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2013-01-01_-_2013-12-31.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2015-01-01_-_2015-06-30.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2015-01-01_-_2015-09-30.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2015-01-01_-_2015-09-30.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\prilohy_86322.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\prilohy_86322.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\primulus-jidelnicek-e-book.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\primulus-jidelnicek-e-book.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\priprava_na_kolonoskopii.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\priprava_na_kolonoskopii.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\ptáček.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Sablona_plne_moci.doc:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Sablona_plne_moci.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\SandboxieInstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Soft_letters.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-200901-0008.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-200901-0008.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201001-0014.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201002-0010.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201002-0011.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201201-0005.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201201-0005.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\SPP_DUK_1_4_17.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\toc-20873-pdf.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\toc-20873-pdf.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\ubytovaci_rad.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Vypis.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Vypis.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\VZP-Antonie-hotel-partner.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Windows10Upgrade9252.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Documents\rodzina Staniszewskich.doc:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Documents\rodzina Staniszewskich.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Návštěvník\Downloads\OneDriveSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Návštěvník\Downloads\OneDriveSetup.exe:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-438729375-2292271272-1643045957-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
URLSearchHook: HKLM - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
URLSearchHook: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 - (No Name) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - No File
SearchScopes: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies SA -> Skype Technologies S.A.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> No Name - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> No Name - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies SA -> Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Software Sarl -> Skype Technologies)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\kuaiche.com -> hxxp://software.kuaiche.com
IE restricted site: HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\paltalk.com -> hxxp://advertising.paltalk.com
IE restricted site: HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\pno.net -> ads.pno.net
IE restricted site: HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\x10.com -> ads.x10.com
IE restricted site: HKU\S-1-5-21-438729375-2292271272-1643045957-1003\...\zendmedia.com -> ad1.zendmedia.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2019-01-15 09:25 - 000000029 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-438729375-2292271272-1643045957-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Maminka\Pictures\kvetiny---louka.jpg
HKU\S-1-5-21-438729375-2292271272-1643045957-1006\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-438729375-2292271272-1643045957-1011\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-438729375-2292271272-1643045957-501\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 213.46.172.38 - 213.46.172.39
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

Network Binding:
=============
Připojení k místní síti: Rawether NDIS 6.X SPR Protocol Driver -> PCA_PCASP60 (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: cmdvirth => 3
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: HotspotShieldService => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk => C:\Windows\pss\MiniEYE-MiniREAD Launch.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Comp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Comp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MultiSkypeLauncher.lnk => C:\Windows\pss\MultiSkypeLauncher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Karlíček^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^KillSkypeHome.lnk => C:\Windows\pss\KillSkypeHome.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Karlíček^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rizone Memory Booster.lnk => C:\Windows\pss\Rizone Memory Booster.lnk.Startup
MSCONFIG\startupfolder: C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files\Freecorder\FLVSrvc.exe" /run
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IPLA! => C:\Program Files\ipla\ipla.exe /autorun
MSCONFIG\startupreg: Monitor => C:\Windows\PixArt\PAC207\Monitor.exe
MSCONFIG\startupreg: NetWorx => "C:\Users\Karlíček\Documents\My Completed Downloads\Portable Programs\Unspecified\Měření Dat\networx_portable\32-bit\networx.exe" /auto
MSCONFIG\startupreg: Sidebar => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\...\StartupApproved\Run: => "PAC7302_Monitor"
HKLM\...\StartupApproved\Run: => "AMP WinOFF"
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.2.lnk"
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\...\StartupApproved\Run: => "Windows Shutdown Assistant"
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\StartupApproved\StartupFolder: => "MagicDisc.lnk"
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.2.lnk"
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\StartupApproved\Run: => "IPLA!"
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-438729375-2292271272-1643045957-1007\...\StartupApproved\Run: => "Windows Shutdown Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7A9E9F11-867A-4E9F-8768-1D7A39F279FA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FF6D9445-1866-4D4A-9E0D-6B38556161BB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F0F409B8-F45C-46E1-AAA9-3D6C116E9BBC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2387F56B-24CA-4FD0-BB7D-16D725EEAD87}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{999CCEE5-857E-4454-9A54-DDA81CC28C50}C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Block) C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [TCP Query User{574CEA63-7834-4531-AC07-5B777D39CC9D}C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Block) C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [UDP Query User{580C5090-673F-4E62-9BEB-168C0C23848A}C:\program files\gadu-gadu 10\gg.exe] => (Block) C:\program files\gadu-gadu 10\gg.exe (GG Network S.A. -> GG Network S.A.)
FirewallRules: [TCP Query User{ABDB5E4B-1212-4A7A-81B7-26DCE6EF111E}C:\program files\gadu-gadu 10\gg.exe] => (Block) C:\program files\gadu-gadu 10\gg.exe (GG Network S.A. -> GG Network S.A.)
FirewallRules: [UDP Query User{8F858FFD-C3BD-40F2-BEDF-53A8697C0F6A}C:\program files\gadu-gadu 10\gg.exe] => (Block) C:\program files\gadu-gadu 10\gg.exe (GG Network S.A. -> GG Network S.A.)
FirewallRules: [TCP Query User{4D75812D-0862-445F-AC10-AC2424115898}C:\program files\gadu-gadu 10\gg.exe] => (Block) C:\program files\gadu-gadu 10\gg.exe (GG Network S.A. -> GG Network S.A.)
FirewallRules: [{3A63E58D-AA26-41B4-9E9A-56897097B268}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{549F4456-7CBA-47B9-AA54-455BA78B95DB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6447B4DA-ACAE-40EA-97F6-B463F61A8247}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{56E67DA8-B48C-47A1-B309-410571BEE014}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B85DD786-9B2E-4ACF-B2E9-BE1B0DA304E0}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{64890CCB-D625-4B54-9949-69602A0CB391}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{05A0E037-5BA0-44CD-BEF0-050066EBE96F}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F09F43A-8D2C-4970-9242-55650427D5D8}] => (Allow) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{625DBD9B-8E75-45EE-A9ED-0C562260CDD8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{882F6343-5DAA-4560-A507-5CF114C2B254}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{F349770A-7A39-4BEF-8914-1D2BBEB697F1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{901CAC87-0BE8-4C5C-86F8-63AE06DC560D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{40648A97-2059-4D82-BF37-4205B0BDD86A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{E7E9E295-A096-43AD-968A-4332A3A3F89D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{0B3D532B-8E56-43C2-BAC7-295F5630F86C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{3C0D6B74-3C05-410C-95C5-03CFBC674011}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe () [File not signed]
FirewallRules: [{BB4FADED-85BB-46B8-8940-E3DFD1815A26}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{D1525FCF-D8BA-4DC4-9F95-92E3AEAECDBF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{F5470E43-F512-407A-84D6-6D01BECEA044}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{12F7C8F2-A6F1-4579-A5E9-CEB970789673}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{8B48D554-6C22-4EFF-975B-59A04E71A789}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{822EB9C7-85E0-41B8-AED3-9B40B2626BAC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{51CA044C-193E-41D0-9C46-4E7804B2A1CA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{3F80D350-9B1F-42BB-89CF-1A54CA8B8F6A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{723025DF-0C84-45F5-AE91-E94FD24D7C8B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{3D8A1CCB-A55C-4685-A200-A26053D9F468}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe (Hewlett Packard -> Hewlett-Packard Development Co. L.P.)
FirewallRules: [{E34B1BE3-FB8C-4A27-A287-392B7168BD5C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{1520D7AA-0D4C-4E50-AC4E-425B18E52F41}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{DCA8AE96-0344-464F-A38E-0DC56E123C1A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{BE88B33F-BF56-42F8-86AB-AE79D26E33F9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{974E43E6-95E7-4B9F-A86B-03189EBBFF4B}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{CFF0C41C-3CBC-40E7-982C-23B9AE0259BC}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{1159247B-CED3-4A5D-BD2E-74811AD8B092}] => (Allow) C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe (Multidmedia Limited) [File not signed]
FirewallRules: [{52B54E18-1227-43BD-8ADF-D0F25889D395}] => (Allow) C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe (Multidmedia Limited) [File not signed]
FirewallRules: [{B3AF624A-30D5-4011-8E18-08C78F4CA22F}] => (Allow) C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe (Rosetta Stone, Ltd -> Rosetta Stone Ltd.)
FirewallRules: [{0C52B372-F778-4263-81AC-C46D4879F913}] => (Allow) C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe (Rosetta Stone, Ltd -> Rosetta Stone Ltd.)
FirewallRules: [{3084890E-4497-4C24-A604-A024FFA906D7}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{0DCDC42C-40F7-4E02-967F-82E6A31C2FB4}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{A7F9CC4F-8873-416D-A366-5E0AD9C4B0B1}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6EFF662A-8D44-4C34-8F92-2CB82C7F0ECF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ED90CF99-720E-4E48-B213-2EAAEAAEB39D}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DBBEF674-DBE7-488F-BC4B-1B28EED86312}] => (Allow) LPort=2869
FirewallRules: [{FF9AA83E-5B5D-4077-BB0E-617748CCD051}] => (Allow) LPort=1900
FirewallRules: [{2C98887C-CDBA-40D2-820B-571A3F6A80C0}] => (Allow) D:\RouterSetup\QISWizard.exe => No File
FirewallRules: [{22BEF487-5EC0-43D3-9D7C-D1CA9BA6A4BA}] => (Allow) D:\RouterSetup\QISWizard.exe => No File
FirewallRules: [{89E5C05E-26FC-4F1D-8F5C-2A433F2F7133}] => (Allow) C:\Program Files\ASUS\RT-N12E Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{B5491A21-82F9-4BA0-9D77-65A25477F639}] => (Allow) C:\Program Files\ASUS\RT-N12E Wireless Router Utilities\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{0DEC1C79-B980-48D2-AEC2-4F639049A575}] => (Allow) C:\Program Files\ASUS\RT-N12E Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed]
FirewallRules: [{90D9559A-BCA8-4FF7-B2F7-A9AF1CCCEF39}] => (Allow) C:\Program Files\ASUS\RT-N12E Wireless Router Utilities\Rescue.exe (ASUSTek COMPUTER INC.) [File not signed]
FirewallRules: [{9E939255-810B-4A0A-86C5-C5F69E376B02}] => (Allow) C:\Program Files\ASUS\RT-N12E Wireless Router Utilities\LiveUpdate.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{20747054-E407-45DF-8971-6DEA88B0A105}] => (Allow) C:\Program Files\ASUS\RT-N12E Wireless Router Utilities\LiveUpdate.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{2FCE9208-0171-4F3B-B67F-1BDA2847067A}] => (Allow) C:\Program Files\ASUS\RT-N12E Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{203ABDC0-AA94-44A7-A2D3-15711DEE98EC}] => (Allow) C:\Program Files\ASUS\RT-N12E Wireless Router Utilities\QISWizard.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{7B242600-E4E7-48CE-97E2-AFBDB4933E9B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6651C2B0-2B47-435F-8BA7-A3408A97D379}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{328DC7E3-85BE-4C90-BBB7-C41967F77423}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4F2C7D99-26FD-44B5-A945-06E64D47C5F5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9B3F41FF-7D68-4057-A893-273D3C6546C6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F8E2438D-97F6-44AC-A172-74ED8B3256FE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6FCB16A9-6116-4BA3-B7BC-03E97935AA3F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0DFD6AA2-E328-4D63-B538-C886AD9E085E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D112556E-8BA2-4802-AF02-1FB7230CB947}] => (Allow) C:\Program Files\Apowersoft\Windows Shutdown Assistant\Windows Shutdown Assistant.exe (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [{71738135-C965-43ED-9946-A8844827C276}] => (Allow) C:\Program Files\Apowersoft\Windows Shutdown Assistant\Windows Shutdown Assistant.exe (APOWERSOFT LIMITED -> Apowersoft)
FirewallRules: [TCP Query User{56A66C42-8433-4DC7-886F-1495D315A853}C:\users\maminka\documents\přenosné programy\spik(portable)\spikonstick\spik.exe] => (Block) C:\users\maminka\documents\přenosné programy\spik(portable)\spikonstick\spik.exe (Wirtualna Polska S.A. -> )
FirewallRules: [UDP Query User{FA5BC5F3-8EC2-4C57-857D-6931A285CEEF}C:\users\maminka\documents\přenosné programy\spik(portable)\spikonstick\spik.exe] => (Block) C:\users\maminka\documents\přenosné programy\spik(portable)\spikonstick\spik.exe (Wirtualna Polska S.A. -> )
FirewallRules: [TCP Query User{712C6C7B-155D-4D98-A8E0-D455B3CF13FE}C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Block) C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe => No File
FirewallRules: [UDP Query User{F03146FF-7802-4EDE-AB77-BC8442EBE318}C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Block) C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe => No File
FirewallRules: [{24A86439-C589-4EEC-A0B7-E0C3948E0E14}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: HP LaserJet Professional P 1102w
Description: HP LaserJet Professional P 1102w
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/04/2021 11:23:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (05/04/2021 11:23:27 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (05/04/2021 11:23:27 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (05/04/2021 11:23:26 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/29/2021 05:06:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: sppsvc.exe, verze: 10.0.19041.662, časové razítko: 0xd54126cd
Název chybujícího modulu: sppsvc.exe, verze: 10.0.19041.662, časové razítko: 0xd54126cd
Kód výjimky: 0xc0000602
Posun chyby: 0x0022b259
ID chybujícího procesu: 0x260c
Čas spuštění chybující aplikace: 0x01d73d09187cb194
Cesta k chybující aplikaci: C:\WINDOWS\system32\sppsvc.exe
Cesta k chybujícímu modulu: C:\WINDOWS\system32\sppsvc.exe
ID zprávy: 81f931d8-ac34-43ee-a3f7-fc12e17cbdea
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/16/2021 09:33:54 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe, identifikátor PID: 2212, identifikátor PID ProfSvc: 1196.

Error: (04/15/2021 10:29:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (04/15/2021 10:29:03 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]


System errors:
=============
Error: (05/06/2021 01:28:25 PM) (Source: DCOM) (EventID: 10001) (User: MAIN-HOME-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/06/2021 01:27:55 PM) (Source: DCOM) (EventID: 10001) (User: MAIN-HOME-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/06/2021 01:27:25 PM) (Source: DCOM) (EventID: 10001) (User: MAIN-HOME-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/06/2021 01:26:56 PM) (Source: DCOM) (EventID: 10001) (User: MAIN-HOME-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/06/2021 11:51:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80240016): Aktualizace bezpečnostních informací pro produkt Microsoft Defender Antivirus - KB2267602 (verze 1.339.53.0).

Error: (05/06/2021 11:39:36 AM) (Source: DCOM) (EventID: 10001) (User: MAIN-HOME-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/06/2021 11:32:16 AM) (Source: DCOM) (EventID: 10001) (User: MAIN-HOME-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/06/2021 11:31:47 AM) (Source: DCOM) (EventID: 10001) (User: MAIN-HOME-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca


Windows Defender:
================
Date: 2021-05-05 11:21:49
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {79D4B7A2-5E70-4D90-83B6-FD378EE100DE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\NETWORK SERVICE

Date: 2021-05-05 09:37:55
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuerboos.B!cl
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Maminka\Downloads\FRST.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: MAIN-HOME-PC\Maminka
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.337.608.0, AS: 1.337.608.0, NIS: 1.337.608.0
Verze modulu: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-04 12:59:07
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/InstallCore
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Program Files\JDownloader\JDownloaderD3D.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\NETWORK SERVICE
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.337.572.0, AS: 1.337.572.0, NIS: 1.337.572.0
Verze modulu: AM: 1.1.18100.6, NIS: 1.1.18100.6

Date: 2021-05-04 11:55:06
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A90ECA61-D652-4D9A-A69F-30C2541A6A13}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: MAIN-HOME-PC\Maminka

Date: 2021-05-04 11:45:28
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.441.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80070643
Popis chyby: Při instalaci došlo k závažné chybě.

Date: 2021-05-04 11:45:25
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.337.572.0
Předchozí verze bezpečnostních informací: 1.335.441.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18100.6
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-05-04 11:45:25
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.337.572.0
Předchozí verze bezpečnostních informací: 1.335.441.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18100.6
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-05-04 11:45:25
Description:
Program Antivirová ochrana v programu Microsoft Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu: 1.1.18100.6
Předchozí verze modulu: 1.1.18000.5
Uživatel: NT AUTHORITY\SYSTEM
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-04-08 11:11:58
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.313.93.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16900.4
Kód chyby: 0x80070643
Popis chyby: Při instalaci došlo k závažné chybě.

CodeIntegrity:
===============
Date: 2021-05-04 11:08:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Users\Maminka\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. V4.3 10/21/2009
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD G31TM-P21 (MS-7529)
Processor: Intel(R) Celeron(R) CPU E3200 @ 2.40GHz
Percentage of memory in use: 86%
Total physical RAM: 3318.24 MB
Available physical RAM: 441.4 MB
Total Virtual: 6646.24 MB
Available Virtual: 2878.37 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:150.68 GB) (Free:10.79 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DKT-LP-1W3.1_DES) (CDROM) (Total:3.89 GB) (Free:0 GB) UDF
Drive e: (Linux Mint) (Fixed) (Total:50.72 GB) (Free:47.3 GB) NTFS
Drive f: (Moje Soubory) (Fixed) (Total:263.92 GB) (Free:261.76 GB) NTFS

\\?\Volume{2dff3591-0000-0000-0000-905474000000}\ () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 2DFF3591)
Partition 1: (Active) - (Size=150.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=314.6 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Vodafone mi oznámilo, že jsem v botnetu

#20 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{10D8693B-09F1-4595-8944-F8DFB825F11F}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{167FD956-39C3-374C-927A-1D3C47CB6663}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{4424021B-831C-4F50-A74F-1AF30ADA650C}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{62593C70-ACF0-44CC-8716-990919D46A85}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{68184D48-051A-311C-882D-30E8CDECFE3D}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Karlíček\AppData\Local\temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{78347620-4EAB-30D9-A0E0-17812FAFE927}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{7BD11BDB-D781-3B76-AB98-EAE7663D8644}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{A2D48AF1-951B-44FC-BA37-B27EBBF95C3B}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.4.154.333\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{AD125A81-9419-33B1-9FC7-71430C0CD9D9}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{B7AEE3D0-7829-4B16-853D-8A8062091FD2}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.5.245.0\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{E4441051-104A-32A7-AF72-D4C66D8CB61B}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserUpdateOnDemand.exe" => No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [IZArcCM] -> [CC]{BC593DF5-466F-44EC-8FFD-C4DBC603B917} => -> No File
ContextMenuHandlers1: [miranda.shlext] -> [CC]{72013A26-A94C-11d6-8540-A5E62932711D} => -> No File
ContextMenuHandlers1: [OpenWith.org] -> [CC]{1569D0D3-1127-48A2-A4BC-958553F472C5} => -> No File
ContextMenuHandlers1: [QuickSFV Shell Extension] -> [CC]{906b0e6e-61ce-11d3-8ee2-0060080a7242} => -> No File
ContextMenuHandlers4: [DAP_ShredMenu] -> [CC]{BED4C38B-F765-45AC-8C56-613F76BBF43E} => -> No File
ContextMenuHandlers4: [IZArcCM] -> [CC]{BC593DF5-466F-44EC-8FFD-C4DBC603B917} => -> No File
ContextMenuHandlers4: [miranda.shlext] -> [CC]{72013A26-A94C-11d6-8540-A5E62932711D} => -> No File
ContextMenuHandlers4: [QuickSFV Shell Extension] -> [CC]{906b0e6e-61ce-11d3-8ee2-0060080a7242} => -> No File
ContextMenuHandlers4: [SimpleShlExt] -> {03B54A4E-A635-418E-81FC-CF60CBB141AA} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\WINDOWS\system32\ampa.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ampa.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:157E1AD3 [131]
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA [126]
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [129]
AlternateDataStreams: C:\ProgramData\TEMP:CDF51F17 [490]
AlternateDataStreams: C:\ProgramData\TEMP:F87C192A [106]
AlternateDataStreams: C:\Users\Maminka\Desktop\1002562_4437333991295_1889097141_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\1025384_10202870660219847_49888386563297184_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10403097_10202871395558230_1785771478449425294_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10418493_10202871391438127_6616450470683584480_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10458993_10202870627419027_170774857220055740_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10487249_10201150167236108_3247067776297046836_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10513423_10201175598991886_3229205883465822546_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\1900434_10202871398118294_1828841530637484206_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\1964966_10200572759441274_533746769_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\257956_149018278502655_6371460_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\482aeb68c5_71787275_o2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\googleupdatesetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Desktop\IMG_20130908_103946.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\photo.php:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\Zdravá-chuze-po-celý-život.PDF:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Desktop\Zdravá-chuze-po-celý-život.PDF:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\100+2_tipu_pro_hubnuti_bez_hladoveni.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\100+2_tipu_pro_hubnuti_bez_hladoveni.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\14.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\14.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\1483341115-potvrzeni-lekare-o-diagnoze-2017(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\1483341115-potvrzeni-lekare-o-diagnoze-2017.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\2015-04-Cennik_lieky_CZ.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\2015-04-Cennik_lieky_CZ.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\2015-09-23_96581.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\2015-09-23_96581.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\23465164.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\23465164.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\23681034.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\23681034.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\alcatel-onetouchmanager-2-2-1305-2155.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\alcatel-onetouchmanager-2-2-1305-2155.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\cestinaA2.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\cestinaA2.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Download_Driver_1.0_Setup.rar:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Download_Driver_1.0_Setup.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\hakl-nove-trendy.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\hakl-nove-trendy.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\HYUSI331_N_CZ-SK-PL-ENG-HU.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\HYUSI331_N_CZ-SK-PL-ENG-HU.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\JmdXIF.jpg:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\JmdXIF.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Jídelní lístek č.3 13.2.-19.2.2017.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\kas---program-akci-06-2016.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\kas---program-akci-06-2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\kompletni_cenik.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\kompletni_cenik.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Kontaktní místa 2008_2.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\Kontaktní místa 2008_2.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Lyrica_75mg_SPC.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\magistra-leky-bez-doplatku-brezen-2017.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\magistra-leky-bez-doplatku-brezen-2017.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\magistra-leky-bez-doplatku-cerven-2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\MediaCreationTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\MediaCreationTool.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\mpsv_mikop_zap_letak_iap.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\mpsv_mikop_zap_letak_iap.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\nahled04_10161_program_akci_listopad_2015.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\nahled04_10161_program_akci_listopad_2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Neurontin_tabs_SPC.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Neurontin_tabs_SPC.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\ONE TOUCH Upgrade S 2.8.5 Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\ONE TOUCH Upgrade S 2.8.5 Setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\one-touch-upgrade-s-2-8-0-setup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\one-touch-upgrade-s-2-8-0-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Otázky k zápisu1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Otázky k zápisu1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\p4-2006e-53.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\p4-2006e-53.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\pdfshow.php:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\PI16251.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\poezjaani.republika.pl-zyczenia-urodziny.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Pravidla_o_nakladani_s_chemickymi_latkami.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\Pravidla_o_nakladani_s_chemickymi_latkami.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2012-01-01_-_2012-12-31.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2013-01-01_-_2013-12-31.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2015-01-01_-_2015-06-30.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2015-01-01_-_2015-09-30.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2015-01-01_-_2015-09-30.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\prilohy_86322.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\prilohy_86322.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\primulus-jidelnicek-e-book.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\primulus-jidelnicek-e-book.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\priprava_na_kolonoskopii.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\priprava_na_kolonoskopii.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\ptáček.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Sablona_plne_moci.doc:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Sablona_plne_moci.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\SandboxieInstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Soft_letters.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-200901-0008.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-200901-0008.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201001-0014.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201002-0010.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201002-0011.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201201-0005.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201201-0005.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\SPP_DUK_1_4_17.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\toc-20873-pdf.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\toc-20873-pdf.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\ubytovaci_rad.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Vypis.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Vypis.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\VZP-Antonie-hotel-partner.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Windows10Upgrade9252.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Documents\rodzina Staniszewskich.doc:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Documents\rodzina Staniszewskich.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Návštěvník\Downloads\OneDriveSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Návštěvník\Downloads\OneDriveSetup.exe:$CmdZnID [26]
URLSearchHook: HKLM - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
URLSearchHook: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 - (No Name) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - No File
SearchScopes: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> No Name - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> No Name - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [UDP Query User{999CCEE5-857E-4454-9A54-DDA81CC28C50}C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Block) C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [TCP Query User{574CEA63-7834-4531-AC07-5B777D39CC9D}C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Block) C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [{2C98887C-CDBA-40D2-820B-571A3F6A80C0}] => (Allow) D:\RouterSetup\QISWizard.exe => No File
FirewallRules: [{22BEF487-5EC0-43D3-9D7C-D1CA9BA6A4BA}] => (Allow) D:\RouterSetup\QISWizard.exe => No File
FirewallRules: [TCP Query User{712C6C7B-155D-4D98-A8E0-D455B3CF13FE}C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Block) C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe => No File
FirewallRules: [UDP Query User{F03146FF-7802-4EDE-AB77-BC8442EBE318}C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Block) C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe => No File
:\Program Files\JDownloader\JDownloaderD3D.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
AppInit_DLLs: C:\Windows\System32\guard32.dll => No File
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-438729375-2292271272-1643045957-1006\User: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {01A02A3B-F5CF-4060-B603-9DB9E97726E0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0B6A283E-9D3C-43D2-A858-C23455E817E0} - \User_Feed_Synchronization-{F6CE3E0C-74CC-46CF-8C45-DE2FE86C5794} -> No File <==== ATTENTION
Task: {10D35043-6050-486C-A622-F3A0BE2354CA} - System32\Tasks\GoogleUpdateTaskMachineCore1d5ff07347049de => C:\Program Files\Google\Update\GoogleUpdate.exe [154440 2016-07-12] (Google Inc -> Google Inc.)
Task: {18934300-EBAE-442F-89D4-A7FCE2F9D735} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {249109C3-27C3-47D5-AFAD-0B86AE985523} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {62981A1A-B20F-44BB-AB42-82FBEB428CBE} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {63964FE2-D964-4AA3-8EA9-7F398B160F82} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6AC715AE-BEBD-46F7-BBB9-B935C4BB5B82} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6E24FBDE-F099-4764-A196-DA75F21850AF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6F48DD67-5E4E-426C-8356-59D1E94CACA9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {8645CF15-736A-481C-872F-3DB682F6E636} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {883C1EF1-F845-4B48-BA9B-6F312BB8ACDD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8C01AA03-E6FB-489F-AA99-A642331A0F83} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8E40374D-17C7-4BC1-B2DE-7EFC96B336BF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A7948FFA-2DA2-4F40-86B8-558E381DBF21} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A7C54477-069E-43CD-A580-DF067FA4D12D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003Core => C:\Users\Karlíček\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-07-29] (Google Inc -> Google Inc.)
Task: {AA88399F-D4AF-4D5C-8D13-11A24193D9BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [154440 2016-07-12] (Google Inc -> Google Inc.)
Task: {C3B2E8E9-2725-4CDE-934A-43BAF780D90F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D7969268-B43F-4B73-8054-98E4F89030EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003UA => C:\Users\Karlíček\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-07-29] (Google Inc -> Google Inc.)
Task: {F0E52D99-A829-4587-8E6B-D2CA78493BCB} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {FB0D1C66-59FD-4653-92C3-253D5F56C008} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FD98795F-7464-4D8B-B206-ED9C90C93F6C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
U3 aspnet_state; no ImagePath
C:\WINDOWS\system32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
C:\WINDOWS\system32\Tasks\{CAC467AD-BA1D-49B2-8A8D-1B352D6EADCE}
C:\WINDOWS\system32\Tasks\{0EEC141E-753D-47FF-90FD-89DBD7AF9C16}
C:\WINDOWS\system32\Tasks\{44133E25-8CA6-44B6-B401-C336A0E15969}
C:\WINDOWS\system32\Tasks\{ACE7A557-8088-40F3-914A-358B1A8996BE}
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d5ff0734b56ec5
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d5ff07347049de
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003UA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003Core
C:\WINDOWS\system32\Tasks\{E15BCA64-7FA9-4477-9AE5-4312FB16ECCD}
C:\WINDOWS\system32\Tasks\{54EC03B7-AFE8-4202-8DEC-647233106BC8}

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

SGC
Návštěvník
Návštěvník
Příspěvky: 369
Registrován: 15 dub 2008 13:09

Re: Vodafone mi oznámilo, že jsem v botnetu

#21 Příspěvek od SGC »

Tak tady je:

Fix result of Farbar Recovery Scan Tool (x86) Version: 28-04-2021
Ran by Comp (06-05-2021 15:19:02) Run:1
Running from C:\Users\Maminka\Desktop
Loaded Profiles: Karlíček & Maminka & Návštěvník & Comp & Karol & Guest
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{10D8693B-09F1-4595-8944-F8DFB825F11F}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{167FD956-39C3-374C-927A-1D3C47CB6663}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{4424021B-831C-4F50-A74F-1AF30ADA650C}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{62593C70-ACF0-44CC-8716-990919D46A85}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{68184D48-051A-311C-882D-30E8CDECFE3D}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Karlíček\AppData\Local\temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{78347620-4EAB-30D9-A0E0-17812FAFE927}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{7BD11BDB-D781-3B76-AB98-EAE7663D8644}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{A2D48AF1-951B-44FC-BA37-B27EBBF95C3B}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.4.154.333\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{AD125A81-9419-33B1-9FC7-71430C0CD9D9}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{B7AEE3D0-7829-4B16-853D-8A8062091FD2}\InprocServer32 -> C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.5.245.0\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{E4441051-104A-32A7-AF72-D4C66D8CB61B}\localserver32 -> "C:\Users\Maminka\AppData\Local\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserUpdateOnDemand.exe" => No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [IZArcCM] -> [CC]{BC593DF5-466F-44EC-8FFD-C4DBC603B917} => -> No File
ContextMenuHandlers1: [miranda.shlext] -> [CC]{72013A26-A94C-11d6-8540-A5E62932711D} => -> No File
ContextMenuHandlers1: [OpenWith.org] -> [CC]{1569D0D3-1127-48A2-A4BC-958553F472C5} => -> No File
ContextMenuHandlers1: [QuickSFV Shell Extension] -> [CC]{906b0e6e-61ce-11d3-8ee2-0060080a7242} => -> No File
ContextMenuHandlers4: [DAP_ShredMenu] -> [CC]{BED4C38B-F765-45AC-8C56-613F76BBF43E} => -> No File
ContextMenuHandlers4: [IZArcCM] -> [CC]{BC593DF5-466F-44EC-8FFD-C4DBC603B917} => -> No File
ContextMenuHandlers4: [miranda.shlext] -> [CC]{72013A26-A94C-11d6-8540-A5E62932711D} => -> No File
ContextMenuHandlers4: [QuickSFV Shell Extension] -> [CC]{906b0e6e-61ce-11d3-8ee2-0060080a7242} => -> No File
ContextMenuHandlers4: [SimpleShlExt] -> {03B54A4E-A635-418E-81FC-CF60CBB141AA} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\WINDOWS\system32\ampa.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ampa.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:157E1AD3 [131]
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA [126]
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [129]
AlternateDataStreams: C:\ProgramData\TEMP:CDF51F17 [490]
AlternateDataStreams: C:\ProgramData\TEMP:F87C192A [106]
AlternateDataStreams: C:\Users\Maminka\Desktop\1002562_4437333991295_1889097141_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\1025384_10202870660219847_49888386563297184_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10403097_10202871395558230_1785771478449425294_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10418493_10202871391438127_6616450470683584480_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10458993_10202870627419027_170774857220055740_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10487249_10201150167236108_3247067776297046836_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\10513423_10201175598991886_3229205883465822546_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\1900434_10202871398118294_1828841530637484206_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\1964966_10200572759441274_533746769_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\257956_149018278502655_6371460_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\482aeb68c5_71787275_o2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\googleupdatesetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Desktop\IMG_20130908_103946.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\photo.php:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Desktop\Zdravá-chuze-po-celý-život.PDF:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Desktop\Zdravá-chuze-po-celý-život.PDF:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\100+2_tipu_pro_hubnuti_bez_hladoveni.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\100+2_tipu_pro_hubnuti_bez_hladoveni.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\14.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\14.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\1483341115-potvrzeni-lekare-o-diagnoze-2017(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\1483341115-potvrzeni-lekare-o-diagnoze-2017.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\2015-04-Cennik_lieky_CZ.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\2015-04-Cennik_lieky_CZ.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\2015-09-23_96581.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\2015-09-23_96581.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\23465164.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\23465164.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\23681034.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\23681034.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\alcatel-onetouchmanager-2-2-1305-2155.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\alcatel-onetouchmanager-2-2-1305-2155.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\cestinaA2.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\cestinaA2.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Download_Driver_1.0_Setup.rar:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Download_Driver_1.0_Setup.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\hakl-nove-trendy.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\hakl-nove-trendy.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\HYUSI331_N_CZ-SK-PL-ENG-HU.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\HYUSI331_N_CZ-SK-PL-ENG-HU.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\jidelnicek_11_2017.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\JmdXIF.jpg:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\JmdXIF.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Jídelní lístek č.3 13.2.-19.2.2017.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\kas---program-akci-06-2016.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\kas---program-akci-06-2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\kompletni_cenik.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\kompletni_cenik.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Kontaktní místa 2008_2.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\Kontaktní místa 2008_2.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Lyrica_75mg_SPC.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\magistra-leky-bez-doplatku-brezen-2017.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\magistra-leky-bez-doplatku-brezen-2017.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\magistra-leky-bez-doplatku-cerven-2016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\MediaCreationTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\MediaCreationTool.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\mpsv_mikop_zap_letak_iap.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\mpsv_mikop_zap_letak_iap.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\nahled04_10161_program_akci_listopad_2015.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\nahled04_10161_program_akci_listopad_2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Neurontin_tabs_SPC.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Neurontin_tabs_SPC.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\ONE TOUCH Upgrade S 2.8.5 Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\ONE TOUCH Upgrade S 2.8.5 Setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\one-touch-upgrade-s-2-8-0-setup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\one-touch-upgrade-s-2-8-0-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Otázky k zápisu1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Otázky k zápisu1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\p4-2006e-53.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\p4-2006e-53.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\pdfshow.php:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\PI16251.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\poezjaani.republika.pl-zyczenia-urodziny.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Pravidla_o_nakladani_s_chemickymi_latkami.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Downloads\Pravidla_o_nakladani_s_chemickymi_latkami.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2012-01-01_-_2012-12-31.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2013-01-01_-_2013-12-31.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2015-01-01_-_2015-06-30.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2015-01-01_-_2015-09-30.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\PrehledUhrad_2015-01-01_-_2015-09-30.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\prilohy_86322.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\prilohy_86322.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\primulus-jidelnicek-e-book.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\primulus-jidelnicek-e-book.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\priprava_na_kolonoskopii.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\priprava_na_kolonoskopii.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\ptáček.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Sablona_plne_moci.doc:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Sablona_plne_moci.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\SandboxieInstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Soft_letters.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-200901-0008.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-200901-0008.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201001-0014.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201002-0010.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201002-0011.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201201-0005.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Solen_der-201201-0005.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\SPP_DUK_1_4_17.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\toc-20873-pdf.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\toc-20873-pdf.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\ubytovaci_rad.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Vypis.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Downloads\Vypis.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\VZP-Antonie-hotel-partner.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Maminka\Downloads\Windows10Upgrade9252.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Maminka\Documents\rodzina Staniszewskich.doc:$CmdTcID [130]
AlternateDataStreams: C:\Users\Maminka\Documents\rodzina Staniszewskich.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Návštěvník\Downloads\OneDriveSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Návštěvník\Downloads\OneDriveSetup.exe:$CmdZnID [26]
URLSearchHook: HKLM - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
URLSearchHook: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 - (No Name) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - No File
SearchScopes: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> No Name - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1003 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> No Name - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1004 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-438729375-2292271272-1643045957-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-12] (Google Inc -> Google Inc.)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [UDP Query User{999CCEE5-857E-4454-9A54-DDA81CC28C50}C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Block) C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [TCP Query User{574CEA63-7834-4531-AC07-5B777D39CC9D}C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Block) C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [{2C98887C-CDBA-40D2-820B-571A3F6A80C0}] => (Allow) D:\RouterSetup\QISWizard.exe => No File
FirewallRules: [{22BEF487-5EC0-43D3-9D7C-D1CA9BA6A4BA}] => (Allow) D:\RouterSetup\QISWizard.exe => No File
FirewallRules: [TCP Query User{712C6C7B-155D-4D98-A8E0-D455B3CF13FE}C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Block) C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe => No File
FirewallRules: [UDP Query User{F03146FF-7802-4EDE-AB77-BC8442EBE318}C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe] => (Block) C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe => No File
:\Program Files\JDownloader\JDownloaderD3D.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
AppInit_DLLs: C:\Windows\System32\guard32.dll => No File
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-438729375-2292271272-1643045957-1006\User: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {01A02A3B-F5CF-4060-B603-9DB9E97726E0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0B6A283E-9D3C-43D2-A858-C23455E817E0} - \User_Feed_Synchronization-{F6CE3E0C-74CC-46CF-8C45-DE2FE86C5794} -> No File <==== ATTENTION
Task: {10D35043-6050-486C-A622-F3A0BE2354CA} - System32\Tasks\GoogleUpdateTaskMachineCore1d5ff07347049de => C:\Program Files\Google\Update\GoogleUpdate.exe [154440 2016-07-12] (Google Inc -> Google Inc.)
Task: {18934300-EBAE-442F-89D4-A7FCE2F9D735} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {249109C3-27C3-47D5-AFAD-0B86AE985523} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {62981A1A-B20F-44BB-AB42-82FBEB428CBE} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {63964FE2-D964-4AA3-8EA9-7F398B160F82} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6AC715AE-BEBD-46F7-BBB9-B935C4BB5B82} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6E24FBDE-F099-4764-A196-DA75F21850AF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6F48DD67-5E4E-426C-8356-59D1E94CACA9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {8645CF15-736A-481C-872F-3DB682F6E636} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {883C1EF1-F845-4B48-BA9B-6F312BB8ACDD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8C01AA03-E6FB-489F-AA99-A642331A0F83} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8E40374D-17C7-4BC1-B2DE-7EFC96B336BF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A7948FFA-2DA2-4F40-86B8-558E381DBF21} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A7C54477-069E-43CD-A580-DF067FA4D12D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003Core => C:\Users\Karlíček\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-07-29] (Google Inc -> Google Inc.)
Task: {AA88399F-D4AF-4D5C-8D13-11A24193D9BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [154440 2016-07-12] (Google Inc -> Google Inc.)
Task: {C3B2E8E9-2725-4CDE-934A-43BAF780D90F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D7969268-B43F-4B73-8054-98E4F89030EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003UA => C:\Users\Karlíček\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-07-29] (Google Inc -> Google Inc.)
Task: {F0E52D99-A829-4587-8E6B-D2CA78493BCB} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {FB0D1C66-59FD-4653-92C3-253D5F56C008} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FD98795F-7464-4D8B-B206-ED9C90C93F6C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
U3 aspnet_state; no ImagePath
C:\WINDOWS\system32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
C:\WINDOWS\system32\Tasks\{CAC467AD-BA1D-49B2-8A8D-1B352D6EADCE}
C:\WINDOWS\system32\Tasks\{0EEC141E-753D-47FF-90FD-89DBD7AF9C16}
C:\WINDOWS\system32\Tasks\{44133E25-8CA6-44B6-B401-C336A0E15969}
C:\WINDOWS\system32\Tasks\{ACE7A557-8088-40F3-914A-358B1A8996BE}
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d5ff0734b56ec5
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d5ff07347049de
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003UA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003Core
C:\WINDOWS\system32\Tasks\{E15BCA64-7FA9-4477-9AE5-4312FB16ECCD}
C:\WINDOWS\system32\Tasks\{54EC03B7-AFE8-4202-8DEC-647233106BC8}

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{10D8693B-09F1-4595-8944-F8DFB825F11F} => removed successfully.
HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{167FD956-39C3-374C-927A-1D3C47CB6663} => removed successfully.
HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{4424021B-831C-4F50-A74F-1AF30ADA650C} => removed successfully.
HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{62593C70-ACF0-44CC-8716-990919D46A85} => removed successfully.
HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{68184D48-051A-311C-882D-30E8CDECFE3D} => removed successfully.
HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b} => removed successfully.
HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{78347620-4EAB-30D9-A0E0-17812FAFE927} => removed successfully.
HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{7BD11BDB-D781-3B76-AB98-EAE7663D8644} => removed successfully.
HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{A2D48AF1-951B-44FC-BA37-B27EBBF95C3B} => removed successfully.
HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{AD125A81-9419-33B1-9FC7-71430C0CD9D9} => removed successfully.
HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{B7AEE3D0-7829-4B16-853D-8A8062091FD2} => removed successfully.
HKU\S-1-5-21-438729375-2292271272-1643045957-1004_Classes\CLSID\{E4441051-104A-32A7-AF72-D4C66D8CB61B} => removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IZArcCM => removed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\miranda.shlext => removed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\OpenWith.org => removed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\QuickSFV Shell Extension => removed successfully.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\DAP_ShredMenu => removed successfully.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IZArcCM => removed successfully.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\miranda.shlext => removed successfully.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\QuickSFV Shell Extension => removed successfully.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\SimpleShlExt => removed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully.
C:\WINDOWS\system32\ampa.sys => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\api-ms-win-eventing-provider-l1-1-0.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\cdpreference.exe => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\indexeddbserver.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\mshtmlmedia.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\powertracker.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\RdpGroupPolicyExtension.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\ampa.exe => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\avastSS.scr => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\ucrtbase.dll => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys => ":$CmdTcID" ADS removed successfully.
C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys => ":$CmdTcID" ADS removed successfully.
C:\ProgramData\TEMP => ":157E1AD3" ADS removed successfully.
C:\ProgramData\TEMP => ":553CA6CA" ADS removed successfully.
C:\ProgramData\TEMP => ":C8B8CEBD" ADS removed successfully.
C:\ProgramData\TEMP => ":CDF51F17" ADS removed successfully.
C:\ProgramData\TEMP => ":F87C192A" ADS removed successfully.
C:\Users\Maminka\Desktop\1002562_4437333991295_1889097141_n.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Desktop\1025384_10202870660219847_49888386563297184_o.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Desktop\10403097_10202871395558230_1785771478449425294_n.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Desktop\10418493_10202871391438127_6616450470683584480_n.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Desktop\10458993_10202870627419027_170774857220055740_o.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Desktop\10487249_10201150167236108_3247067776297046836_n.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Desktop\10513423_10201175598991886_3229205883465822546_n.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Desktop\1900434_10202871398118294_1828841530637484206_o.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Desktop\1964966_10200572759441274_533746769_n.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Desktop\257956_149018278502655_6371460_o.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Desktop\482aeb68c5_71787275_o2.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Desktop\googleupdatesetup.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Desktop\IMG_20130908_103946.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Desktop\photo.php => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Desktop\Zdravá-chuze-po-celý-život.PDF => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Desktop\Zdravá-chuze-po-celý-život.PDF => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\100+2_tipu_pro_hubnuti_bez_hladoveni.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\100+2_tipu_pro_hubnuti_bez_hladoveni.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\14.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\14.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\1483341115-potvrzeni-lekare-o-diagnoze-2017(1).pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\1483341115-potvrzeni-lekare-o-diagnoze-2017.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\2015-04-Cennik_lieky_CZ.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\2015-04-Cennik_lieky_CZ.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\2015-09-23_96581.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\2015-09-23_96581.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\23465164.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\23465164.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\23681034.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\23681034.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\alcatel-onetouchmanager-2-2-1305-2155.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\alcatel-onetouchmanager-2-2-1305-2155.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\cestinaA2.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\cestinaA2.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\Download_Driver_1.0_Setup.rar => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\Download_Driver_1.0_Setup.rar => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\hakl-nove-trendy.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\hakl-nove-trendy.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\HYUSI331_N_CZ-SK-PL-ENG-HU.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\HYUSI331_N_CZ-SK-PL-ENG-HU.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\jidelnicek_11_2017(1).pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\jidelnicek_11_2017(2).pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\jidelnicek_11_2017(3).pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\jidelnicek_11_2017(4).pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\jidelnicek_11_2017.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\JmdXIF.jpg => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\JmdXIF.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\Jídelní lístek č.3 13.2.-19.2.2017.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\kas---program-akci-06-2016.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\kas---program-akci-06-2016.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\kompletni_cenik.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\kompletni_cenik.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\Kontaktní místa 2008_2.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\Kontaktní místa 2008_2.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\Lyrica_75mg_SPC.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\magistra-leky-bez-doplatku-brezen-2017.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\magistra-leky-bez-doplatku-brezen-2017.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\magistra-leky-bez-doplatku-cerven-2016.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\MediaCreationTool.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\MediaCreationTool.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\mpsv_mikop_zap_letak_iap.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\mpsv_mikop_zap_letak_iap.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\nahled04_10161_program_akci_listopad_2015.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\nahled04_10161_program_akci_listopad_2015.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\Neurontin_tabs_SPC.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\Neurontin_tabs_SPC.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\ONE TOUCH Upgrade S 2.8.5 Setup.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\ONE TOUCH Upgrade S 2.8.5 Setup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\one-touch-upgrade-s-2-8-0-setup.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\one-touch-upgrade-s-2-8-0-setup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\Otázky k zápisu1.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\Otázky k zápisu1.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\p4-2006e-53.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\p4-2006e-53.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\pdfshow.php => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\PI16251.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\poezjaani.republika.pl-zyczenia-urodziny.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\Pravidla_o_nakladani_s_chemickymi_latkami.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\Pravidla_o_nakladani_s_chemickymi_latkami.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\PrehledUhrad_2012-01-01_-_2012-12-31.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\PrehledUhrad_2013-01-01_-_2013-12-31.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\PrehledUhrad_2015-01-01_-_2015-06-30.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\PrehledUhrad_2015-01-01_-_2015-09-30.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\PrehledUhrad_2015-01-01_-_2015-09-30.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\prilohy_86322.zip => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\prilohy_86322.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\primulus-jidelnicek-e-book.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\primulus-jidelnicek-e-book.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\priprava_na_kolonoskopii.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\priprava_na_kolonoskopii.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\ptáček.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\Sablona_plne_moci.doc => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\Sablona_plne_moci.doc => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\SandboxieInstall.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\Soft_letters.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\Solen_der-200901-0008.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\Solen_der-200901-0008.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\Solen_der-201001-0014.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\Solen_der-201002-0010.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\Solen_der-201002-0011.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\Solen_der-201201-0005.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\Solen_der-201201-0005.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\SPP_DUK_1_4_17.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\toc-20873-pdf.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\toc-20873-pdf.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\ubytovaci_rad.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\Vypis.pdf => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Downloads\Vypis.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\VZP-Antonie-hotel-partner.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\Maminka\Downloads\Windows10Upgrade9252.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Documents\rodzina Staniszewskich.doc => ":$CmdTcID" ADS removed successfully.
C:\Users\Maminka\Documents\rodzina Staniszewskich.doc => ":$CmdZnID" ADS removed successfully.
C:\Users\Návštěvník\Downloads\OneDriveSetup.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Návštěvník\Downloads\OneDriveSetup.exe => ":$CmdZnID" ADS removed successfully.
"HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612}" => removed successfully.
"HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}" => removed successfully.
HKU\S-1-5-21-438729375-2292271272-1643045957-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => removed successfully.
HKU\S-1-5-21-438729375-2292271272-1643045957-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => removed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully.
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => removed successfully.
"HKU\S-1-5-21-438729375-2292271272-1643045957-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}" => removed successfully.
"HKU\S-1-5-21-438729375-2292271272-1643045957-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully.
"HKU\S-1-5-21-438729375-2292271272-1643045957-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => removed successfully.
"HKU\S-1-5-21-438729375-2292271272-1643045957-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => removed successfully.
"HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}" => removed successfully.
"HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully.
"HKU\S-1-5-21-438729375-2292271272-1643045957-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => removed successfully.
"HKU\S-1-5-21-438729375-2292271272-1643045957-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully.
"HKU\S-1-5-21-438729375-2292271272-1643045957-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully.
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{999CCEE5-857E-4454-9A54-DDA81CC28C50}C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{574CEA63-7834-4531-AC07-5B777D39CC9D}C:\users\maminka\appdata\local\programs\opera\73.0.3856.344\opera.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C98887C-CDBA-40D2-820B-571A3F6A80C0}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{22BEF487-5EC0-43D3-9D7C-D1CA9BA6A4BA}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{712C6C7B-155D-4D98-A8E0-D455B3CF13FE}C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F03146FF-7802-4EDE-AB77-BC8442EBE318}C:\users\maminka\appdata\local\programs\opera\65.0.3467.78\opera.exe" => removed successfully.
:\Program Files\JDownloader\JDownloaderD3D.exe => Error: No automatic fix found for this entry.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk" => not found
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully.
"C:\Windows\System32\guard32.dll" => Value data removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-438729375-2292271272-1643045957-1006\User => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully.
HKLM\SOFTWARE\Policies\Google => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01A02A3B-F5CF-4060-B603-9DB9E97726E0}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01A02A3B-F5CF-4060-B603-9DB9E97726E0}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B6A283E-9D3C-43D2-A858-C23455E817E0}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B6A283E-9D3C-43D2-A858-C23455E817E0}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{F6CE3E0C-74CC-46CF-8C45-DE2FE86C5794}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10D35043-6050-486C-A622-F3A0BE2354CA}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10D35043-6050-486C-A622-F3A0BE2354CA}" => removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d5ff07347049de => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore1d5ff07347049de" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18934300-EBAE-442F-89D4-A7FCE2F9D735}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18934300-EBAE-442F-89D4-A7FCE2F9D735}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{249109C3-27C3-47D5-AFAD-0B86AE985523}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{249109C3-27C3-47D5-AFAD-0B86AE985523}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62981A1A-B20F-44BB-AB42-82FBEB428CBE}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62981A1A-B20F-44BB-AB42-82FBEB428CBE}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63964FE2-D964-4AA3-8EA9-7F398B160F82}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63964FE2-D964-4AA3-8EA9-7F398B160F82}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AC715AE-BEBD-46F7-BBB9-B935C4BB5B82}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AC715AE-BEBD-46F7-BBB9-B935C4BB5B82}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E24FBDE-F099-4764-A196-DA75F21850AF}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E24FBDE-F099-4764-A196-DA75F21850AF}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F48DD67-5E4E-426C-8356-59D1E94CACA9}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F48DD67-5E4E-426C-8356-59D1E94CACA9}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8645CF15-736A-481C-872F-3DB682F6E636}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8645CF15-736A-481C-872F-3DB682F6E636}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{883C1EF1-F845-4B48-BA9B-6F312BB8ACDD}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{883C1EF1-F845-4B48-BA9B-6F312BB8ACDD}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C01AA03-E6FB-489F-AA99-A642331A0F83}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C01AA03-E6FB-489F-AA99-A642331A0F83}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E40374D-17C7-4BC1-B2DE-7EFC96B336BF}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E40374D-17C7-4BC1-B2DE-7EFC96B336BF}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7948FFA-2DA2-4F40-86B8-558E381DBF21}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7948FFA-2DA2-4F40-86B8-558E381DBF21}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7C54477-069E-43CD-A580-DF067FA4D12D}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7C54477-069E-43CD-A580-DF067FA4D12D}" => removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003Core" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA88399F-D4AF-4D5C-8D13-11A24193D9BD}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA88399F-D4AF-4D5C-8D13-11A24193D9BD}" => removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C3B2E8E9-2725-4CDE-934A-43BAF780D90F}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3B2E8E9-2725-4CDE-934A-43BAF780D90F}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7969268-B43F-4B73-8054-98E4F89030EC}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7969268-B43F-4B73-8054-98E4F89030EC}" => removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003UA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003UA" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0E52D99-A829-4587-8E6B-D2CA78493BCB}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0E52D99-A829-4587-8E6B-D2CA78493BCB}" => removed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB0D1C66-59FD-4653-92C3-253D5F56C008}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB0D1C66-59FD-4653-92C3-253D5F56C008}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD98795F-7464-4D8B-B206-ED9C90C93F6C}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD98795F-7464-4D8B-B206-ED9C90C93F6C}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully.
HKLM\System\CurrentControlSet\Services\aspnet_state => removed successfully.
aspnet_state => service removed successfully.
C:\WINDOWS\system32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => moved successfully
C:\WINDOWS\system32\Tasks\{CAC467AD-BA1D-49B2-8A8D-1B352D6EADCE} => moved successfully
C:\WINDOWS\system32\Tasks\{0EEC141E-753D-47FF-90FD-89DBD7AF9C16} => moved successfully
C:\WINDOWS\system32\Tasks\{44133E25-8CA6-44B6-B401-C336A0E15969} => moved successfully
C:\WINDOWS\system32\Tasks\{ACE7A557-8088-40F3-914A-358B1A8996BE} => moved successfully
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d5ff0734b56ec5 => moved successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d5ff07347049de" => not found
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003UA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-438729375-2292271272-1643045957-1003Core" => not found
C:\WINDOWS\system32\Tasks\{E15BCA64-7FA9-4477-9AE5-4312FB16ECCD} => moved successfully
C:\WINDOWS\system32\Tasks\{54EC03B7-AFE8-4202-8DEC-647233106BC8} => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8010571 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 28994622 B
Edge => 1651943 B
Chrome => 0 B
Firefox => 148980091 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 23330 B
ProgramData => 23330 B
Public => 23330 B
systemprofile => 23330 B
LocalService => 46288 B
NetworkService => 4262810 B
Karlíček => 6212220 B
Maminka => 85620151 B
Návštěvník => 85824434 B
Comp => 92930491 B
Karol => 92954154 B
Guest => 92954154 B

RecycleBin => 3866760 B
EmptyTemp: => 632.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:20:59 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Vodafone mi oznámilo, že jsem v botnetu

#22 Příspěvek od Rudy »

Smazáno, log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

SGC
Návštěvník
Návštěvník
Příspěvky: 369
Registrován: 15 dub 2008 13:09

Re: Vodafone mi oznámilo, že jsem v botnetu

#23 Příspěvek od SGC »

Díky moc. Tak snad už to bude v pořádku. 👍

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Vodafone mi oznámilo, že jsem v botnetu

#24 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět