Přikládám log z FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by marpo (administrator) on DESKTOP-IQ3BUTG (Acer Nitro AN515-52) (15-05-2024 14:37:09)
Running from C:\Users\marpo\Desktop\FRST64.exe
Loaded Profiles: marpo
Platform: Microsoft Windows 11 Home Insider Preview Version 24H2 26212.5000 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\Macro Deck\Android Debug Bridge\adb.exe
(453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe <6>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Windows\Installer\$PatchCache$\Managed\68AB67CA920133017706CB5110E47A00\21.1.20135\_32bitmapibroker.exe
(C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe ->) (Thales DIS CPL USA, Inc. -> Thales Group) C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplmv.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\PostgreSQL\16\bin\pg_ctl.exe ->) (PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\16\bin\postgres.exe <7>
(C:\Program Files\PowerShell\7\pwsh.exe ->) (Microsoft Windows -> ) C:\Windows\System32\OpenSSH\ssh.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.CropAndLock.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.PowerAccent.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.PowerOCR.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe
(C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2080.9.229.0_x64__8xx8rvfyw5nnt\app\Messenger.exe ->) (6E08453F-9BA7-4311-999C-D22FBA2FB1B8 -> ) C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2080.9.229.0_x64__8xx8rvfyw5nnt\app\CrashpadHandlerWindows.exe
(C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.20.11271.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.20.11271.0_x64__8wekyb3d8bbwe\OpenConsole.exe
(C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.20.11271.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerShell\7\pwsh.exe
(C:\Program Files\WindowsApps\MSTeams_24091.214.2846.1452_x64__8wekyb3d8bbwe\ms-teams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.97\msedgewebview2.exe <8>
(C:\SysinternalsSuite\procexp.exe ->) (Microsoft Corporation -> Sysinternals -
www.sysinternals.com) C:\Users\marpo\AppData\Local\Temp\procexp64.exe
(C:\Users\marpo\AppData\Local\WebEx\WebexHost.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\marpo\AppData\Local\WebEx\WebEx64\Meetings\atmgr.exe
(C:\Users\marpo\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\marpo\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe
(Canva -> Canva Pty Ltd) C:\Users\marpo\AppData\Local\Programs\Canva\Canva.exe <2>
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(cmd.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_11.2404.195.0_x64__8wekyb3d8bbwe\PAD.BrowserNativeMessageHost.exe <2>
(Discord Inc. -> Discord Inc.) C:\Users\marpo\AppData\Local\Discord\app-1.0.9147\Discord.exe <6>
(DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
(explorer.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\marpo\AppData\Local\WebEx\WebexHost.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <45>
(explorer.exe ->) (Macro Deck) [File not signed] C:\Program Files\Macro Deck\Macro Deck 2.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2402.22.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.20.11271.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe <2>
(explorer.exe ->) (Microsoft Corporation -> Sysinternals -
www.sysinternals.com) C:\SysinternalsSuite\procexp.exe
(explorer.exe ->) (Proton AG -> Proton AG) C:\Program Files\Proton\Drive\ProtonDrive.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(explorer.exe ->) (ShareX Team) [File not signed] C:\Program Files\ShareX\ShareX.exe
(explorer.exe ->) (Yubi Software (Linyi) Co., Ltd. -> Yubsoft) C:\Program Files\ImgDrive\imgdrive.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.091.0505.0001\Microsoft.SharePoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MSTeams_24091.214.2846.1452_x64__8wekyb3d8bbwe\ms-teams.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Proton AG -> ) C:\Program Files\Proton\VPN\v3.2.11\ProtonVPN.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (AnyDesk Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2>
(services.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.091.0505.0001\FileSyncHelper.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WSL\wslservice.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_24ac56529e6b54d3\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Open Source Developer, Frans van Dorsselaer -> Frans van Dorsselaer) C:\Program Files\usbipd-win\usbipd.exe
(services.exe ->) (PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\16\bin\pg_ctl.exe
(services.exe ->) (Proton AG -> ProtonVPN) C:\Program Files\Proton\VPN\v3.2.11\ProtonVPNService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Thales DIS CPL USA, Inc. -> Thales Group) C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(services.exe ->) (VMware Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\marpo\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
(sihost.exe ->) (6E08453F-9BA7-4311-999C-D22FBA2FB1B8 -> Meta Platforms, Inc.) C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2080.9.229.0_x64__8xx8rvfyw5nnt\app\Messenger.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_11.2404.195.0_x64__8wekyb3d8bbwe\PAD.Console.Host.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\ShellHost.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2418.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.091.0505.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (SonicLayer Innovations) [File not signed] C:\Users\Public\Libraries\updatechecl_17e9ac5b78ef4c0b8cb9685d4edcd073\datasett.exe <2>
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Y Soft Corporation, a.s. -> Y Soft Corporation) C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319520 2018-10-23] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RtHDVBg_ASC] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617568 2020-03-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677472 2020-03-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617568 2020-03-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [126403424 2022-03-22] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2044568 2023-04-28] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [SafeQ Client] => C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe [262328 2020-01-03] (Y Soft Corporation, a.s. -> Y Soft Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114112 2024-02-12] (VMware, Inc. -> VMware, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [3851168 2024-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [3851168 2024-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2627463175-853102151-1697756495-1001\...\Run: [Discord] => C:\Users\marpo\AppData\Local\Discord\Update.exe [1526504 2024-04-16] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2627463175-853102151-1697756495-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4379496 2024-05-14] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2627463175-853102151-1697756495-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\marpo\AppData\Local\Microsoft\Teams\Update.exe [2591360 2023-12-06] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2627463175-853102151-1697756495-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [3851168 2024-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2627463175-853102151-1697756495-1001\...\Run: [MicrosoftEdgeAutoLaunch_36A38FD6B2AC4E4BE9AA25A24D59AA39] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4072504 2024-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2627463175-853102151-1697756495-1001\...\Run: [ImgDrive] => C:\Program Files\ImgDrive\imgdrive.exe [915360 2024-04-23] (Yubi Software (Linyi) Co., Ltd. -> Yubsoft)
HKU\S-1-5-21-2627463175-853102151-1697756495-1001\...\Run: [CiscoSpark] => C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1434 2023-10-03] () [File not signed]
HKU\S-1-5-21-2627463175-853102151-1697756495-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\marpo\AppData\Local\WebEx\WebexHost.exe [7272032 2024-04-01] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-2627463175-853102151-1697756495-1001\...\Run: [CanvaAutoLaunchAvailabilityCheckAgent] => C:\Users\marpo\AppData\Local\Programs\Canva\Canva.exe [166402192 2024-02-05] (Canva -> Canva Pty Ltd)
HKU\S-1-5-21-2627463175-853102151-1697756495-1001\...\Run: [Macro Deck] => C:\Program Files\Macro Deck\Macro Deck 2.exe [169984 2024-05-01] (Macro Deck) [File not signed]
HKU\S-1-5-21-2627463175-853102151-1697756495-1001\...\Run: [ProtonVPN] => C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe [12287472 2024-03-27] (Proton AG -> ProtonVPN)
HKU\S-1-5-21-2627463175-853102151-1697756495-1001\...\Run: [Proton Drive] => C:\Program Files\Proton\Drive\ProtonDrive.exe [211248040 2024-03-26] (Proton AG -> Proton AG)
HKU\S-1-5-21-2627463175-853102151-1697756495-1001\...\Run: [(457046ab80bdb4cbbd5ef70ad6a61244)sm-trial-online.exe] => C:\Users\Public\AccountPictures\(457046ab80bdb4cbbd5ef70ad6a61244)sm-trial-online.exe [26892800 2024-05-14] (MiniTool Software Limited) [File not signed]
HKLM\...\Print\Monitors\RICOH Language Monitor2: C:\Windows\system32\rc4mon64.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\...\Print\Monitors\SafeQ: C:\Windows\system32\SAFEQVS64.DLL [4889600 2019-12-23] () [File not signed]
HKLM\...\Print\Monitors\Virtual Port Monitor: C:\Windows\system32\VirtualMon.dll [192512 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{00a8ce68-cb2e-4652-aecd-c05c0d9d53a7}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{00a8ce68-cb2e-4652-aecd-c05c0d9d53a7}.sdb [2011-12-11]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\124.0.6367.203\Installer\chrmstp.exe [2024-05-14] (Google LLC -> Google LLC)
HKLM\Software\...\Winlogon\GPExtensions: [{9F02E2F5-5A41-4D1A-B473-4617E84BC957}] -> C:\WINDOWS\system32\WindowsProtectedPrintConfiguration.dll [2024-05-04] (Microsoft Windows -> Microsoft Corporation)
Startup: C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2023-06-28]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed]
Startup: C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\X.lnk [2024-05-01]
ShortcutTarget: X.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2024-05-15]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {FDA38250-66E6-4814-A904-95B4884B4BEC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {7BF44225-52A8-4FD5-88C7-4FFD695279B8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [4148816 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
Task: {CD2699D2-BBE3-493B-B370-EDEEE4DA8D5F} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem126.0.6462.0{9E60BAA1-FB29-4F64-BCA5-9E9A43C65CC5} => C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)
Task: {1EE437CA-DCF3-459A-BD23-700D757A4EF4} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-2627463175-853102151-1697756495-1001 => C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2080.9.229.0_x64__8xx8rvfyw5nnt\app\MessengerHelper.exe [2171640 2024-03-29] (6E08453F-9BA7-4311-999C-D22FBA2FB1B8 -> Meta Platforms, Inc.)
Task: {CD895B5B-6CEA-4F31-9BB3-E00E6EEBD236} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28492288 2024-04-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {9F1BAAE3-4E9A-4CB4-BA14-BE7380E24363} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28492288 2024-04-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {157B4E00-9401-486D-BE97-55458DFF66BC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309184 2024-04-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {CA91E2B7-A7F9-4C7E-BB49-57F13D159CE9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309184 2024-04-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {090EC5C9-53D7-4A61-B0B7-3B9287424E12} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [170136 2024-04-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {54DE30C2-7A4E-44AD-8958-48331EA4147A} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4446616 2024-04-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {5A9DBACE-5444-4F1E-9922-94DC674339AE} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [253368 2024-02-25] (Microsoft Corporation -> Microsoft)
Task: {64874138-508B-4614-A1F2-E99DAA39A28C} - System32\Tasks\Microsoft\Windows\Diagnosis\UnexpectedCodepath => C:\WINDOWS\system32\UCConfigTask.exe [57344 2024-05-04] (Microsoft Windows -> )
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {917786B8-624E-47AD-975A-5769EFF0B21A} - System32\Tasks\Microsoft\Windows\Management\Connectivity\ESIMPM => %windir%\system32\esimpm.exe /taskscheduler (No File)
Task: {65F0C96D-C275-4CE0-9266-A6C0524218A7} - System32\Tasks\Microsoft\Windows\PDE\Conversion Maintenance Task => C:\Windows\system32\efsui.exe [40960 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
Task: {08ABCB0D-F6BB-473E-93EC-8A369D4D1547} - System32\Tasks\Microsoft\Windows\PerformanceTrace\RequestTrace => {9EFEB182-2EE3-4AF9-AFFA-521410D110D1} C:\WINDOWS\system32\PerformanceTraceHandler.dll [114688 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
Task: {B7C54F07-F4B9-465B-8A22-03F2A78818BA} - System32\Tasks\Microsoft\Windows\ReFsDedupSvc\Initialization => {DCFF735B-64F7-45F3-B39C-6C66BBE2120F} C:\WINDOWS\System32\ReFsDedupSvc.exe [2158592 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
Task: {BEB0C769-1776-4FBA-8313-79F01941CADB} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => {7750564D-D61C-4557-8A9D-7DF56BDCFF96} C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [245760 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
Task: {06A73B23-3E7E-4187-9937-46D788AD523A} - System32\Tasks\Microsoft\Windows\Sustainability\PowerGridForecastTask => {251E5B1F-E370-4E12-B5BD-B7AD2A8EE810} C:\WINDOWS\system32\PowerGridForecastTask.dll [331776 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
Task: {BD480BE1-C89D-43BF-B91A-F4369FABC608} - System32\Tasks\Microsoft\Windows\Sustainability\SustainabilityTelemetry => {6EE41D75-D091-4FB7-9AD5-018760DD25D4} C:\WINDOWS\system32\EcoScoreTask.dll [90112 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
Task: {D7DF1B74-146C-43A4-AE74-F3B04B9C2CA6} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {00AA33E4-BDF3-4AA5-B258-B92F7BA48E49} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UUS Failover Task => C:\WINDOWS\System32\MLEngineStub.exe [86016 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
Task: {D5F4A470-D6CC-4D9C-859F-52F34ADB94D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EC0868CE-5D75-44F4-9585-82E9A72F4EF6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3393D663-559B-4BC4-9269-3B771CF23FF0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E8833E64-0E96-4F19-9907-262498DF5905} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6BA143CD-62FD-4346-9203-3DAB80D609F7} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2627463175-853102151-1697756495-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-14] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {A7F37B64-FB79-490A-A7F2-6312A48D09A4} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [33696 2024-05-14] (Mozilla Corporation -> Mozilla Foundation)
Task: {602B3DAE-CAC0-421A-A269-252D8C85BA93} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [File not signed]
Task: {56B2DEEF-4FE3-4198-9CB7-C18AF7507F79} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1277480 2024-04-10] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {2657CEB0-16EB-4DB2-9948-9B2EE7002E05} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3347496 2024-04-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {68E17BD2-8CBA-424D-B3BC-6F3F7EE56072} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646696 2024-04-10] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {1DC3D03A-B64F-41AC-B7F4-34E55C311A07} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-04-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {275223AB-023D-4C58-A9E5-F431BFF929CC} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-04-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {311F43B6-3E88-4390-944F-D02BB1AF35C3} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-04-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A1FF0478-B3D8-4ADA-A74C-1C527DB49CBB} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-04-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {35260003-BC36-47C5-B501-A17BB6B1BEE0} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-04-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A319FD8F-BE0D-4897-8ED7-D7A8EE6BFFB2} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-04-10] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {676E8CC7-55E7-4BFC-BA43-9553064423BB} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209056 2024-05-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {478121A1-FBD4-42D9-B97A-CB9AE1DC9D85} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2627463175-853102151-1697756495-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209056 2024-05-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {34FC2270-5826-4EF7-8523-008B8002B3B1} - System32\Tasks\PowerToys\Autorun for marpo => C:\Program Files\PowerToys\PowerToys.exe [1224112 2024-01-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {F1875093-E704-45CA-BC20-D43188995A50} - System32\Tasks\VirboUpd => C:\Users\Public\Libraries\updatechecl_17e9ac5b78ef4c0b8cb9685d4edcd073\datasett.exe [11185705 2024-05-14] (SonicLayer Innovations) [File not signed]
Task: {4FF93FCE-DC20-448F-8D5B-7774D9055D1B} - System32\Tasks\YT Simp Cron => C:\Python312\\python.exe [103192 2024-02-06] (Python Software Foundation -> Python Software Foundation) -> C:\Users\marpo\OneDrive\Scripts\simp\\"C:\Users\marpo\OneDrive\Scripts\simp\simp.py" <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 158.196.0.53 158.196.99.166
Tcpip\..\Interfaces\{239303de-8421-4094-a2f7-4e5785839e5f}: [DhcpNameServer] 158.196.0.53 158.196.99.166
Tcpip\..\Interfaces\{239303de-8421-4094-a2f7-4e5785839e5f}: [DhcpDomain] vsb.cz
Tcpip\..\Interfaces\{2f09bd4f-3ef2-4115-9029-8691b218a2e4}: [DhcpNameServer] 158.196.0.53 158.196.99.166
Tcpip\..\Interfaces\{2f09bd4f-3ef2-4115-9029-8691b218a2e4}: [DhcpDomain] vsb.cz
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\marpo\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-15]
Edge Notifications: Default -> hxxps://twitter.com
Edge Extension: (Dokumenty Google offline) - C:\Users\marpo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]
Edge Extension: (Edge relevant text changes) - C:\Users\marpo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (Microsoft Power Automate) - C:\Users\marpo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kagpabjoboikccfdghpdlaaopmgpgfdc [2024-02-22]
Edge Extension: (Microsoft Edge DevTools Enhancements) - C:\Users\marpo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh [2023-05-16]
Edge HKU\S-1-5-21-2627463175-853102151-1697756495-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [kagpabjoboikccfdghpdlaaopmgpgfdc]
FireFox:
========
FF DefaultProfile: rsduyq8w.default
FF ProfilePath: C:\Users\marpo\AppData\Roaming\Mozilla\Firefox\Profiles\rsduyq8w.default [2024-02-26]
FF ProfilePath: C:\Users\marpo\AppData\Roaming\Mozilla\Firefox\Profiles\xl4tcznp.default-release [2024-05-15]
FF Homepage: Mozilla\Firefox\Profiles\xl4tcznp.default-release -> hxxps://google.cz/
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-03-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-03-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-03-16] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default [2024-05-15]
CHR Notifications: Default -> hxxps://[2001; hxxps://app.element.io; hxxps://business.facebook.com; hxxps://calendar.google.com; hxxps://camellot.eu; hxxps://drive.google.com; hxxps://filmora.wondershare.net; hxxps://lichess.org; hxxps://matrix.cs.vsb.cz; hxxps://mcc.live; hxxps://meet.google.com; hxxps://teams.microsoft.com; hxxps://twitter.com; hxxps://
www.chess.com; hxxps://
www.duolingo.com; hxxps://
www.facebook.com; hxxps://
www.instagram.com; hxxps://
www.reddit.com; hxxps://
www.tiktok.com
CHR Extension: (Překladač Google) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2023-03-22]
CHR Extension: (BetterTTV) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2024-05-02]
CHR Extension: (DuckDuckGo) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-05-14]
CHR Extension: (MYKI Password Manager & Authenticator) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmikpgodpkclnkgmnpphehdgcimmided [2023-01-23]
CHR Extension: (FlowCrypt: Encrypt Gmail with PGP) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjglocicdkmhmoohhfkfkbbkejdhdgc [2024-03-10]
CHR Extension: (Nimbus snímky obrazovky a záznam videa) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2024-05-15]
CHR Extension: (Tampermonkey) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2024-04-27]
CHR Extension: (Adobe Acrobat: nástroje pro úpravu, převod a podpis souborů PDF) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-05-15]
CHR Extension: (VT4Browsers) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2024-04-18]
CHR Extension: (Indie Wiki Buddy) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkagelmloambgokoeokbpihmgpkbgbfm [2024-05-05]
CHR Extension: (Wayback Machine) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpnmgdkabkmnadcjpehmlllkndpkmiak [2023-11-22]
CHR Extension: (Return YouTube Dislike) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbhagfogifgggkldgodflihgfeippi [2024-04-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-20]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2024-05-10]
CHR Extension: (Full Page Screenshot) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\glgomjpomoahpeekneidkinhcfjnnhmb [2023-02-22]
CHR Extension: (JSONView) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmegofmjomhknnokphhckolhcffdaihd [2024-01-11]
CHR Extension: (Uložit na Pinterest) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2024-05-10]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2023-02-20]
CHR Extension: (Cookie-Editor) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlkenndednhfkekhgcdicdfddnkalmdm [2024-05-15]
CHR Extension: (Bitly | Short links and QR Codes) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2023-11-28]
CHR Extension: (Dropbox) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2023-01-23]
CHR Extension: (Save to Facebook) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2023-01-23]
CHR Extension: (Microsoft Power Automate) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljglajjnnkapghbckkcmodicjhacbfhk [2024-02-23]
CHR Extension: (Rozšíření Google Keep pro Chrome) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2024-05-15]
CHR Extension: (Kiwi IRC) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\malkpgopfalejggcogglkiemcknbiphe [2023-01-23]
CHR Extension: (TubeBuddy) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2024-05-10]
CHR Extension: (Shazam: Hledejte názvy skladeb v prohlížeči) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmioliijnhnoblpgimnlajmefafdfilb [2024-05-02]
CHR Extension: (Citace PRO) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncpfaidppllikakgbjppnjfidjkpafmp [2024-03-01]
CHR Extension: (ShareX) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlkoigbdolhchiicbonbihbphgamnaoc [2024-03-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-01-23]
CHR Extension: (Bitwarden Password Manager) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2024-05-08]
CHR Extension: (Charset) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oenllhgkiiljibhfagbfogdbchhdchml [2023-01-23]
CHR Extension: (Canvas Rider) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2023-01-23]
CHR Extension: (Avast AntiTrack Premium) - C:\Users\marpo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppdidpcihajhihmghhhkfnpklgdehold [2023-01-23]
CHR HKU\S-1-5-21-2627463175-853102151-1697756495-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-2627463175-853102151-1697756495-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljglajjnnkapghbckkcmodicjhacbfhk]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [5328200 2024-05-14] (AnyDesk Software GmbH -> AnyDesk Software GmbH)
S3 ApxSvc; C:\WINDOWS\System32\ApxSvc.dll [73728 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14098944 2024-04-08] (Microsoft Corporation -> Microsoft Corporation)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.091.0505.0001\FileSyncHelper.exe [3508144 2024-05-11] (Microsoft Corporation -> Microsoft Corporation)
S2 GoogleUpdaterInternalService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)
S2 GoogleUpdaterService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)
R2 hasplms; C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe [6295776 2020-12-30] (Thales DIS CPL USA, Inc. -> Thales Group)
S3 LocalKdc; C:\WINDOWS\system32\localkdcsvc.dll [151552 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NativePushService; C:\Users\marpo\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [595352 2023-08-22] (Wondershare Technology Group Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_24ac56529e6b54d3\Display.NvContainer\NVDisplay.Container.exe [1275440 2024-05-08] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.091.0505.0001\OneDriveUpdaterService.exe [3848096 2024-05-11] (Microsoft Corporation -> Microsoft Corporation)
R2 postgresql-x64-16; C:\Program Files\PostgreSQL\16\bin\pg_ctl.exe [122368 2024-02-06] (PostgreSQL Global Development Group) [File not signed]
S3 PrintDeviceConfigurationService; C:\WINDOWS\System32\PrintDeviceConfigurationService.dll [167936 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
S3 PrintScanBrokerService; C:\WINDOWS\System32\PrintScanBrokerService.dll [155648 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
R3 ProtonVPN Service; C:\Program Files\Proton\VPN\v3.2.11\ProtonVPNService.exe [474824 2024-03-27] (Proton AG -> ProtonVPN)
S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v3.2.10\ProtonVPN.WireGuardService.exe [474312 2024-02-01] (Proton AG -> ProtonVPN)
S3 refsdedupsvc; C:\WINDOWS\System32\ReFsDedupSvc.exe [2158592 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [21242680 2024-02-19] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 usbipd; C:\Program Files\usbipd-win\usbipd.exe [167352 2023-09-11] (Open Source Developer, Frans van Dorsselaer -> Frans van Dorsselaer)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [805224 2023-01-11] (Oracle Corporation -> Oracle and/or its affiliates)
S3 VmwareAutostartService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe [64960 2024-02-12] (VMware, Inc. -> )
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-05-01] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [36800 2022-06-02] (Acer Incorporated -> Acer Incorporated)
R3 acpipagr; C:\WINDOWS\System32\DriverStore\FileRepository\acpipagr.inf_amd64_9f2df44dbc51f75a\acpipagr.sys [49152 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
S3 AcpiPmi; C:\WINDOWS\System32\DriverStore\FileRepository\acpipmi.inf_amd64_aaefe793ee8b893f\acpipmi.sys [53248 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
R3 acsock; C:\WINDOWS\system32\DRIVERS\acsock64.sys [310216 2023-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Cisco Systems, Inc.)
R2 aksdf; C:\WINDOWS\system32\drivers\aksdf.sys [389560 2020-12-30] (Gemalto, Inc. -> SafeNet, Inc.)
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [510800 2020-12-30] (Gemalto, Inc. -> SafeNet, Inc.)
R0 amdwps; C:\WINDOWS\System32\drivers\amdwps.sys [61704 2024-05-04] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
R3 CDD; C:\WINDOWS\System32\cdd.dll [331776 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
S3 devmap; C:\WINDOWS\System32\DriverStore\FileRepository\devmap.inf_amd64_93ecc82878062042\devmap.sys [53248 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
S3 DisplayMux; C:\WINDOWS\System32\DriverStore\FileRepository\displaymux.inf_amd64_08fb867267ec04dc\DisplayMux.sys [57344 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [217312 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [1970104 2020-12-30] (Gemalto, Inc. -> SafeNet, Inc.)
R2 hcmon; C:\WINDOWS\system32\DRIVERS\hcmon.sys [72144 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S3 I3CHost; C:\WINDOWS\System32\DriverStore\FileRepository\i3chost.inf_amd64_3b42c58f3a992f46\I3CHost.sys [61664 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
R3 imgdrive; C:\WINDOWS\System32\drivers\imgdrive.sys [142536 2024-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Yubsoft)
S3 kdnic_legacy; C:\WINDOWS\System32\drivers\kdnic_legacy.sys [65760 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
S2 l1vhlwf; C:\WINDOWS\System32\drivers\l1vhlwf.sys [94432 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
R3 MpKsl02ac31ca; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3693A9B3-C72A-4979-9CEB-BB600AB196EC}\MpKslDrv.sys [271648 2024-05-15] (Microsoft Windows -> Microsoft Corporation)
S2 NetworkPrivacyPolicy; C:\WINDOWS\System32\DriverStore\FileRepository\networkprivacypolicy.inf_amd64_cdd365fcf405805d\NetworkPrivacyPolicy.sys [102400 2024-05-04] (Microsoft Windows -> )
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [77792 2023-10-19] (Nmap Software LLC -> Insecure.Com LLC.)
S3 npcap_wifi; C:\WINDOWS\system32\DRIVERS\npcap.sys [77792 2023-10-19] (Nmap Software LLC -> Insecure.Com LLC.)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys [47240 2024-04-03] (NVIDIA Corporation -> NVIDIA Corporation)
S3 PlutonHeci; C:\WINDOWS\System32\DriverStore\FileRepository\pluton-heci.inf_amd64_68834cd95c30bba3\pluton-heci.sys [53472 2024-05-04] (Microsoft Windows -> )
S3 PlutonHsp2; C:\WINDOWS\System32\DriverStore\FileRepository\plutonhsp2.inf_amd64_7964e42feed8511d\PlutonHsp2.sys [53472 2024-05-04] (Microsoft Windows -> )
S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v3.2.11\Resources\ProtonVPN.CalloutDriver.sys [34176 2023-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (OOO Sfera-Tehno -> Atola) [File not signed]
R1 uiomap; C:\WINDOWS\System32\DriverStore\FileRepository\uiomap.inf_amd64_1f8857d35fbed7b0\uiomap.sys [69632 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
S3 UmPass; C:\WINDOWS\System32\DriverStore\FileRepository\umpass.inf_amd64_94b1ec57bfc3f24f\umpass.sys [53248 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
R2 UnionFS; C:\WINDOWS\system32\drivers\UnionFS.sys [487648 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [52872 2020-05-22] (Tomasz Moń -> USBPcap)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [265488 2023-01-11] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1061392 2023-01-11] (Oracle Corporation -> Oracle and/or its affiliates)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [187752 2023-09-10] (Oracle Corporation -> Oracle and/or its affiliates)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [98304 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
R0 vmci; C:\WINDOWS\System32\drivers\vmci.sys [104888 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [60344 2024-02-12] (VMware, Inc. -> VMware, Inc.)
R3 VMnetAdapter; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [31120 2024-02-12] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [53704 2024-02-12] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\DRIVERS\vmnetuserif.sys [30664 2024-02-12] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmx86; C:\WINDOWS\system32\DRIVERS\vmx86.sys [100776 2024-02-12] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S3 VoiceAIDriver; C:\WINDOWS\System32\DriverStore\FileRepository\voiceaidriver.inf_amd64_214d6aacf9c41414\voiceaidriver.sys [73616 2023-06-20] (Voice AI LLC -> Windows (R) Win 7 DDK provider)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74064 2023-04-28] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [88976 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 vwifibus; C:\WINDOWS\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_99019c67f95a7f7f\vwifibus.sys [65536 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
R3 vwifimp; C:\WINDOWS\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_a4290db47ec74df3\vwifimp.sys [86016 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-05-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-05-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-15] (Microsoft Windows -> Microsoft Corporation)
S3 WinAccelCx0101; C:\WINDOWS\System32\drivers\WinAccelCx.sys [139488 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
S3 WinI3C; C:\WINDOWS\System32\DriverStore\FileRepository\wini3c.inf_amd64_3189e589fa132269\WinI3C.sys [69856 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
R0 WinSetupMon; C:\WINDOWS\System32\DRIVERS\WinSetupMon.sys [164080 2024-05-03] (Microsoft Windows -> Microsoft Corporation)
S3 ZTDNS; C:\WINDOWS\System32\drivers\ztdns.sys [98528 2024-05-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-05-15 14:37 - 2024-05-15 14:37 - 000055271 _____ C:\Users\marpo\Desktop\FRST.txt
2024-05-15 14:36 - 2024-05-15 14:37 - 000000000 ____D C:\FRST
2024-05-15 14:36 - 2024-05-15 14:36 - 002394112 _____ (Farbar) C:\Users\marpo\Desktop\FRST64.exe
2024-05-15 12:49 - 2024-05-15 12:49 - 000002358 _____ C:\Users\marpo\Desktop\Virtuální PC VIR1 (PC1).lnk
2024-05-15 06:52 - 2024-05-15 06:52 - 000000000 ____D C:\rsit
2024-05-15 06:52 - 2024-05-15 06:52 - 000000000 ____D C:\Program Files\trend micro
2024-05-15 06:51 - 2014-05-24 19:27 - 001222144 _____ C:\Users\marpo\Desktop\RSITx64.exe
2024-05-15 01:36 - 2024-05-15 01:36 - 000000000 ____D C:\WINDOWS\LastGood
2024-05-15 00:40 - 2024-05-15 00:40 - 000001957 _____ C:\Users\Public\Desktop\AnyDesk.lnk
2024-05-15 00:40 - 2024-05-15 00:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2024-05-15 00:40 - 2024-05-15 00:40 - 000000000 ____D C:\ProgramData\AnyDesk
2024-05-15 00:40 - 2024-05-15 00:40 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2024-05-14 23:58 - 2024-05-15 00:40 - 000000000 ____D C:\Users\marpo\AppData\Roaming\AnyDesk
2024-05-14 23:58 - 2024-05-14 23:58 - 005328200 _____ (AnyDesk Software GmbH) C:\Users\marpo\Downloads\AnyDesk.exe
2024-05-14 23:58 - 2024-05-14 23:58 - 000394240 _____ (Google Inc.) C:\Users\marpo\Downloads\gcapi.dll
2024-05-14 23:02 - 2024-05-14 23:03 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-05-14 21:17 - 2024-05-08 03:52 - 002031376 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-05-14 21:17 - 2024-05-08 03:52 - 002031376 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-05-14 21:17 - 2024-05-08 03:52 - 001578872 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-05-14 21:17 - 2024-05-08 03:52 - 001578872 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-05-14 21:17 - 2024-05-08 03:52 - 001445240 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-05-14 21:17 - 2024-05-08 03:52 - 001295224 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-05-14 21:17 - 2024-05-08 03:49 - 001045528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2024-05-14 21:17 - 2024-05-08 03:49 - 000669824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2024-05-14 21:17 - 2024-05-08 03:49 - 000505368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2024-05-14 21:17 - 2024-05-08 03:48 - 002174080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2024-05-14 21:17 - 2024-05-08 03:48 - 001626240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2024-05-14 21:17 - 2024-05-08 03:48 - 001543728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2024-05-14 21:17 - 2024-05-08 03:48 - 001199640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2024-05-14 21:17 - 2024-05-08 03:48 - 001024128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2024-05-14 21:17 - 2024-05-08 03:48 - 000842392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2024-05-14 21:17 - 2024-05-08 03:48 - 000787592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2024-05-14 21:17 - 2024-05-08 03:47 - 016034328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2024-05-14 21:17 - 2024-05-08 03:47 - 012929672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2024-05-14 21:17 - 2024-05-08 03:47 - 006780544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2024-05-14 21:17 - 2024-05-08 03:47 - 000459392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2024-05-14 21:17 - 2024-05-08 03:46 - 005913648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2024-05-14 21:17 - 2024-05-08 03:46 - 005772936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2024-05-14 21:17 - 2024-05-08 03:46 - 000853544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2024-05-14 21:17 - 2024-05-08 03:45 - 006034632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2024-05-14 21:17 - 2024-05-07 17:35 - 000119466 _____ C:\WINDOWS\system32\nvinfo.pb
2024-05-14 21:15 - 2024-05-14 21:15 - 000759166 _____ C:\WINDOWS\system32\perfh019.dat
2024-05-14 21:15 - 2024-05-14 21:15 - 000716794 _____ C:\WINDOWS\system32\perfh005.dat
2024-05-14 21:15 - 2024-05-14 21:15 - 000160996 _____ C:\WINDOWS\system32\perfc019.dat
2024-05-14 21:15 - 2024-05-14 21:15 - 000154996 _____ C:\WINDOWS\system32\perfc005.dat
2024-05-14 21:11 - 2024-03-26 21:11 - 000059928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2024-05-14 21:11 - 2024-03-26 19:21 - 000060240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2024-05-14 10:09 - 2024-05-14 13:37 - 000000000 ____D C:\Users\marpo\Documents\Voice.ai
2024-05-14 10:05 - 2024-05-15 06:26 - 000000000 ____D C:\Users\marpo\AppData\Local\GreenTech Innovations
2024-05-14 10:05 - 2024-05-15 06:09 - 000003648 _____ C:\WINDOWS\system32\Tasks\VirboUpd
2024-05-14 10:04 - 2024-05-15 06:47 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Voice ai
2024-05-14 10:04 - 2024-05-15 06:47 - 000000000 ____D C:\Users\marpo\AppData\Local\Voice.ai
2024-05-14 10:03 - 2024-05-15 06:47 - 000000000 ____D C:\Program Files\Voice.ai
2024-05-14 09:41 - 2024-05-14 09:41 - 000000000 ____D C:\Users\marpo\Downloads\__QUARANT
2024-05-10 17:36 - 2024-05-10 17:36 - 000007795 _____ C:\Users\marpo\AppData\Local\recently-used.xbel
2024-05-10 08:23 - 2024-05-14 21:15 - 002624300 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-05-10 08:17 - 2024-05-10 08:17 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-05-10 08:16 - 2024-05-10 08:16 - 000000270 __RSH C:\ProgramData\ntuser.pol
2024-05-10 08:16 - 2024-05-10 08:16 - 000000020 ___SH C:\Users\marpo\ntuser.ini
2024-05-10 00:54 - 2024-05-15 06:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2024-05-10 00:54 - 2024-05-14 21:11 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-10 00:54 - 2024-05-14 21:11 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-10 00:54 - 2024-05-14 21:11 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-10 00:54 - 2024-05-14 21:11 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-10 00:54 - 2024-05-14 21:11 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-10 00:54 - 2024-05-14 21:11 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-10 00:54 - 2024-05-14 21:11 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-10 00:54 - 2024-05-14 21:11 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-10 00:54 - 2024-05-14 21:11 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-05-10 00:54 - 2024-05-11 11:13 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2627463175-853102151-1697756495-1001
2024-05-10 00:54 - 2024-05-11 11:13 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-05-10 00:54 - 2024-05-10 08:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-05-10 00:54 - 2024-05-10 00:54 - 000003568 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-05-10 00:54 - 2024-05-10 00:54 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-05-10 00:54 - 2024-05-10 00:54 - 000003344 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-05-10 00:54 - 2024-05-10 00:54 - 000003126 _____ C:\WINDOWS\system32\Tasks\YT Simp Cron
2024-05-10 00:54 - 2024-05-10 00:54 - 000002588 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2024-05-10 00:54 - 2024-05-10 00:54 - 000002160 _____ C:\WINDOWS\system32\Tasks\npcapwatchdog
2024-05-10 00:54 - 2024-05-10 00:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-05-10 00:54 - 2024-05-10 00:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Meta
2024-05-10 00:54 - 2024-05-10 00:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2024-05-10 00:54 - 2024-05-10 00:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2024-05-10 00:53 - 2024-05-10 00:53 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2024-05-10 00:51 - 2024-05-15 11:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-05-10 00:51 - 2024-05-10 08:16 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2024-05-10 00:51 - 2024-05-10 08:16 - 000000000 ____D C:\Windows.old
2024-05-10 00:51 - 2024-05-10 00:51 - 000472176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-05-09 19:30 - 2024-05-09 19:30 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Network
2024-05-09 19:29 - 2024-05-10 00:51 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Crypto
2024-05-09 19:29 - 2024-05-09 19:29 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\SystemCertificates
2024-05-09 18:58 - 2024-05-10 00:51 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2024-05-09 18:57 - 2024-05-10 08:16 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows
2024-05-09 18:57 - 2024-05-10 08:16 - 000000000 ____D C:\Users\marpo
2024-05-09 18:57 - 2024-05-10 00:51 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Spelling
2024-05-09 18:57 - 2024-05-09 18:57 - 000000000 _SHDL C:\Users\marpo\Šablony
2024-05-09 18:57 - 2024-05-09 18:57 - 000000000 _SHDL C:\Users\marpo\Soubory cookie
2024-05-09 18:57 - 2024-05-09 18:57 - 000000000 _SHDL C:\Users\marpo\Poslední
2024-05-09 18:57 - 2024-05-09 18:57 - 000000000 _SHDL C:\Users\marpo\Okolní tiskárny
2024-05-09 18:57 - 2024-05-09 18:57 - 000000000 _SHDL C:\Users\marpo\Okolní síť
2024-05-09 18:57 - 2024-05-09 18:57 - 000000000 _SHDL C:\Users\marpo\Nabídka Start
2024-05-09 18:57 - 2024-05-09 18:57 - 000000000 _SHDL C:\Users\marpo\Dokumenty
2024-05-09 18:57 - 2024-05-09 18:57 - 000000000 _SHDL C:\Users\marpo\Documents\Obrázky
2024-05-09 18:57 - 2024-05-09 18:57 - 000000000 _SHDL C:\Users\marpo\Documents\Hudba
2024-05-09 18:57 - 2024-05-09 18:57 - 000000000 _SHDL C:\Users\marpo\Documents\Filmy
2024-05-09 18:57 - 2024-05-09 18:57 - 000000000 _SHDL C:\Users\marpo\Data aplikací
2024-05-09 18:57 - 2024-05-09 18:57 - 000000000 _SHDL C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2024-05-09 18:57 - 2024-05-09 18:57 - 000000000 _SHDL C:\Users\marpo\AppData\Local\Data aplikací
2024-05-09 18:56 - 2024-05-09 18:56 - 000000000 ____D C:\WINDOWS\Firmware
2024-05-09 18:54 - 2024-05-09 18:57 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2024-05-09 18:46 - 2024-05-10 00:51 - 000000000 ____D C:\Program Files (x86)\MSBuild
2024-05-09 18:46 - 2024-05-09 18:46 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2024-05-09 18:46 - 2024-05-09 18:46 - 000000000 ____D C:\Program Files\Reference Assemblies
2024-05-09 18:46 - 2024-05-09 18:46 - 000000000 ____D C:\Program Files\MSBuild
2024-05-09 18:46 - 2024-05-09 18:46 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2024-05-09 18:43 - 2024-05-09 18:43 - 000000000 ____D C:\WINDOWS\system32\sk
2024-05-09 18:41 - 2024-05-09 18:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ru
2024-05-09 18:41 - 2024-05-09 18:41 - 000000000 ____D C:\WINDOWS\system32\ru
2024-05-09 18:23 - 2024-05-09 18:23 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2024-05-09 18:06 - 2024-05-11 09:48 - 000000000 ___DC C:\WINDOWS\Panther
2024-05-07 08:45 - 2024-05-08 00:15 - 000000000 ___RD C:\Users\marpo\Downloads\MicrosoftWindows.Client.CBS_cw5n1h2txyewy!InputApp
2024-05-04 12:08 - 2024-05-09 18:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-05-04 12:08 - 2024-05-09 18:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-05-04 12:07 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2024-05-04 12:07 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2024-05-04 12:07 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-05-04 12:07 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2024-05-04 12:07 - 2024-05-04 12:07 - 000000000 ____D C:\ProgramData\ssh
2024-05-04 12:06 - 2024-05-09 18:44 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2024-05-04 12:06 - 2024-05-09 18:44 - 000000000 ____D C:\WINDOWS\system32\WCN
2024-05-04 12:06 - 2024-05-09 18:41 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2024-05-04 12:06 - 2024-05-09 18:41 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2024-05-04 12:06 - 2024-05-09 18:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2024-05-04 12:06 - 2024-05-09 18:41 - 000000000 ____D C:\WINDOWS\system32\winrm
2024-05-04 12:06 - 2024-05-09 18:41 - 000000000 ____D C:\WINDOWS\system32\slmgr
2024-05-04 12:06 - 2024-05-09 18:41 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2024-05-04 12:06 - 2024-05-04 12:06 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2024-05-04 12:06 - 2024-05-04 12:06 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2024-05-04 12:06 - 2024-05-04 12:06 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2024-05-04 12:06 - 2024-05-04 12:06 - 000000000 ____D C:\WINDOWS\system32\cs
2024-05-04 12:06 - 2024-05-04 12:06 - 000000000 ____D C:\WINDOWS\system32\0409
2024-05-04 12:06 - 2024-05-04 12:06 - 000000000 ____D C:\WINDOWS\DigitalLocker
2024-05-04 06:56 - 2024-05-04 06:56 - 000000000 _SHDL C:\Users\Default User
2024-05-04 06:56 - 2024-05-04 06:56 - 000000000 _SHDL C:\Users\All Users
2024-05-04 06:51 - 2024-05-09 19:35 - 000000000 ____D C:\WINDOWS\Setup
2024-05-04 06:48 - 2024-05-15 14:38 - 000000000 __RHD C:\Users\Public\Libraries
2024-05-04 06:48 - 2024-05-15 14:04 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-05-04 06:48 - 2024-05-15 11:16 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-05-04 06:48 - 2024-05-15 07:27 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-05-04 06:48 - 2024-05-15 07:26 - 000000000 ___HD C:\Program Files\WindowsApps
2024-05-04 06:48 - 2024-05-15 00:40 - 000000000 ___RD C:\Program Files (x86)
2024-05-04 06:48 - 2024-05-14 17:29 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2024-05-04 06:48 - 2024-05-10 10:10 - 000000000 ____D C:\WINDOWS\appcompat
2024-05-04 06:48 - 2024-05-10 08:32 - 000000000 ____D C:\ProgramData\USOPrivate
2024-05-04 06:48 - 2024-05-10 08:18 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2024-05-04 06:48 - 2024-05-10 08:16 - 000000000 ____D C:\Program Files\Windows NT
2024-05-04 06:48 - 2024-05-10 00:54 - 000000000 ___RD C:\Program Files\Windows Defender
2024-05-04 06:48 - 2024-05-10 00:52 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2024-05-04 06:48 - 2024-05-10 00:51 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2024-05-04 06:48 - 2024-05-10 00:51 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2024-05-04 06:48 - 2024-05-10 00:51 - 000000000 ____D C:\WINDOWS\system32\WebThreatDefSvc
2024-05-04 06:48 - 2024-05-10 00:51 - 000000000 ____D C:\WINDOWS\system32\spool
2024-05-04 06:48 - 2024-05-10 00:51 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-05-04 06:48 - 2024-05-10 00:51 - 000000000 ____D C:\WINDOWS\system32\NDF
2024-05-04 06:48 - 2024-05-10 00:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2024-05-04 06:48 - 2024-05-10 00:51 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-05-04 06:48 - 2024-05-10 00:51 - 000000000 ____D C:\WINDOWS\ServiceState
2024-05-04 06:48 - 2024-05-10 00:51 - 000000000 ____D C:\WINDOWS\Registration
2024-05-04 06:48 - 2024-05-10 00:51 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-05-04 06:48 - 2024-05-10 00:51 - 000000000 ____D C:\WINDOWS\IME
2024-05-04 06:48 - 2024-05-10 00:51 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-05-04 06:48 - 2024-05-09 19:23 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2024-05-04 06:48 - 2024-05-09 18:58 - 000000000 ____D C:\WINDOWS\schemas
2024-05-04 06:48 - 2024-05-09 18:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-05-04 06:48 - 2024-05-09 18:49 - 000000000 ____D C:\WINDOWS\OCR
2024-05-04 06:48 - 2024-05-09 18:46 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2024-05-04 06:48 - 2024-05-09 18:46 - 000000000 ____D C:\WINDOWS\system32\MUI
2024-05-04 06:48 - 2024-05-09 18:44 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-05-04 06:48 - 2024-05-09 18:44 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-05-04 06:48 - 2024-05-09 18:44 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-05-04 06:48 - 2024-05-09 18:44 - 000000000 ___RD C:\Program Files (x86)\Windows Defender
2024-05-04 06:48 - 2024-05-09 18:44 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-05-04 06:48 - 2024-05-09 18:44 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-05-04 06:48 - 2024-05-09 18:44 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-05-04 06:48 - 2024-05-09 18:44 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-05-04 06:48 - 2024-05-09 18:44 - 000000000 ____D C:\Program Files\Common Files\System
2024-05-04 06:48 - 2024-05-09 18:43 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2024-05-04 06:48 - 2024-05-09 18:41 - 000000000 ___SD C:\WINDOWS\system32\dsc
2024-05-04 06:48 - 2024-05-09 18:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2024-05-04 06:48 - 2024-05-09 18:41 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-05-04 06:48 - 2024-05-09 18:41 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-05-04 06:48 - 2024-05-09 18:41 - 000000000 ____D C:\WINDOWS\system32\Com
2024-05-04 06:48 - 2024-05-04 12:08 - 000000000 ____D C:\WINDOWS\SystemResources
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\qps-plocm
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\qps-ploc
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\te-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\qps-plocm
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\qps-ploc
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\or-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\km-KH
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\is-IS
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\id-ID
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\be-BY
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\as-IN
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\am-ET
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2024-05-04 06:48 - 2024-05-04 12:07 - 000000000 ____D C:\WINDOWS\Globalization
2024-05-04 06:48 - 2024-05-04 12:06 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-05-04 06:48 - 2024-05-04 12:06 - 000000000 ____D C:\WINDOWS\system32\setup
2024-05-04 06:48 - 2024-05-04 12:06 - 000000000 ____D C:\WINDOWS\Help
2024-05-04 06:48 - 2024-05-04 12:06 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-05-04 06:48 - 2024-05-04 12:06 - 000000000 ____D C:\Program Files (x86)\Windows NT
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 __SHD C:\Program Files\Windows Sidebar
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 __RSD C:\WINDOWS\Media
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ___SD C:\WINDOWS\SysWOW64\lxss
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ___SD C:\WINDOWS\system32\Nui
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ___SD C:\WINDOWS\system32\lxss
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\WUModels
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\Web
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\WaaS
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\Vss
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\UUS
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\tracing
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\TAPI
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\ShellExperiences
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\DDFs
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SystemApps
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\winevt
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\ras
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\Pbr
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\Keywords
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\IME
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\icsxml
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\ias
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\DriverState
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\downlevel
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\System
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SKB
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\SchCache
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\security
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\Resources
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\rescache
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\Provisioning
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\PLA
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\Performance
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\ModemLogs
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\L2Schemas
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\InputMethod
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\InboxApps
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\IdentityCRL
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\Cursors
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\Branding
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Spelling
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\ProgramData\USOShared
2024-05-04 06:48 - 2024-05-04 06:48 - 000000000 ____D C:\Program Files\ModifiableWindowsApps
2024-05-04 06:46 - 2024-05-15 07:27 - 000000000 ____D C:\WINDOWS\INF
2024-05-04 06:46 - 2024-05-10 00:51 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2024-05-04 06:46 - 2024-05-04 06:46 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config
2024-05-04 06:46 - 2024-05-04 06:46 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config
2024-05-04 06:46 - 2024-05-04 06:46 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2024-05-04 06:44 - 2024-05-04 06:44 - 000089761 _____ C:\WINDOWS\system32\DiskSnapshot.conf
2024-05-04 06:44 - 2024-05-04 06:44 - 000066984 _____ C:\WINDOWS\SysWOW64\ctac.json
2024-05-04 06:44 - 2024-05-04 06:44 - 000066984 _____ C:\WINDOWS\system32\ctac.json
2024-05-04 06:44 - 2024-05-04 06:44 - 000049152 _____ (Microsoft) C:\WINDOWS\system32\oflc-nz.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000049152 _____ (Microsoft) C:\WINDOWS\system32\csrr.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000045056 _____ (Microsoft) C:\WINDOWS\system32\fpb.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000040960 _____ (Microsoft) C:\WINDOWS\system32\esrb.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000040960 _____ (Microsoft) C:\WINDOWS\system32\cero.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000040448 _____ (Microsoft) C:\WINDOWS\SysWOW64\csrr.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000038400 _____ (Microsoft) C:\WINDOWS\SysWOW64\oflc-nz.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000038128 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaLPSSi_GPIO.sys
2024-05-04 06:44 - 2024-05-04 06:44 - 000037888 _____ (Microsoft) C:\WINDOWS\SysWOW64\fpb.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000036864 _____ (Microsoft) C:\WINDOWS\system32\usk.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000036864 _____ (Microsoft) C:\WINDOWS\system32\cob-au.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000036256 _____ C:\WINDOWS\system32\Microsoft.Management.Deployment.winmd
2024-05-04 06:44 - 2024-05-04 06:44 - 000033280 _____ (Microsoft) C:\WINDOWS\SysWOW64\cero.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000030208 _____ (Microsoft) C:\WINDOWS\SysWOW64\esrb.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000028672 _____ (Microsoft) C:\WINDOWS\system32\pegi-pt.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000028672 _____ (Microsoft) C:\WINDOWS\system32\pegi.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000028672 _____ (Microsoft) C:\WINDOWS\system32\grb.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000027648 _____ (Microsoft) C:\WINDOWS\SysWOW64\usk.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000027648 _____ (Microsoft) C:\WINDOWS\SysWOW64\cob-au.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000024821 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-05-04 06:44 - 2024-05-04 06:44 - 000024821 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-05-04 06:44 - 2024-05-04 06:44 - 000024576 _____ (Microsoft) C:\WINDOWS\system32\pcbp.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000024576 _____ (Microsoft) C:\WINDOWS\system32\djctq.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000019456 _____ (Microsoft) C:\WINDOWS\SysWOW64\pegi-pt.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000019456 _____ (Microsoft) C:\WINDOWS\SysWOW64\pegi.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000017920 _____ (Microsoft) C:\WINDOWS\SysWOW64\grb.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000014336 _____ (Microsoft) C:\WINDOWS\SysWOW64\djctq.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000013824 _____ (Microsoft) C:\WINDOWS\SysWOW64\pcbp.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000012288 _____ (Microsoft) C:\WINDOWS\system32\WEB.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000010576 _____ C:\WINDOWS\system32\TransformPPSToWlan.xslt
2024-05-04 06:44 - 2024-05-04 06:44 - 000005059 _____ C:\WINDOWS\system32\ecoscore_config.json
2024-05-04 06:44 - 2024-05-04 06:44 - 000004608 _____ (Microsoft) C:\WINDOWS\SysWOW64\WEB.rs
2024-05-04 06:44 - 2024-05-04 06:44 - 000004488 _____ C:\WINDOWS\system32\ResPriUHMImageList
2024-05-04 06:44 - 2024-05-04 06:44 - 000004488 _____ C:\WINDOWS\system32\ResPriLMImageList
2024-05-04 06:44 - 2024-05-04 06:44 - 000004488 _____ C:\WINDOWS\system32\ResPriImageListLowCost
2024-05-04 06:44 - 2024-05-04 06:44 - 000004488 _____ C:\WINDOWS\system32\ResPriImageList
2024-05-04 06:44 - 2024-05-04 06:44 - 000004488 _____ C:\WINDOWS\system32\ResPriHMImageListLowCost
2024-05-04 06:44 - 2024-05-04 06:44 - 000004488 _____ C:\WINDOWS\system32\ResPriHMImageList
2024-05-04 06:44 - 2024-05-04 06:44 - 000001820 _____ C:\WINDOWS\SysWOW64\rasctrnm.h
2024-05-04 06:44 - 2024-05-04 06:44 - 000001820 _____ C:\WINDOWS\system32\rasctrnm.h
2024-05-04 06:44 - 2024-05-04 06:44 - 000001688 _____ C:\WINDOWS\system32\TransformPPSToWlanCredentials.xslt
2024-05-04 06:44 - 2024-05-04 06:44 - 000000670 ___RH C:\WINDOWS\WindowsShell.Manifest
2024-05-04 06:43 - 2024-05-15 08:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-05-04 06:43 - 2024-05-10 00:55 - 179044352 _____ C:\WINDOWS\system32\config\SOFTWARE
2024-05-04 06:43 - 2024-05-10 00:55 - 023592960 _____ C:\WINDOWS\system32\config\SYSTEM
2024-05-04 06:43 - 2024-05-10 00:55 - 001048576 _____ C:\WINDOWS\system32\config\DEFAULT
2024-05-04 06:43 - 2024-05-10 00:55 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-05-04 06:43 - 2024-05-10 00:55 - 000131072 _____ C:\WINDOWS\system32\config\SAM
2024-05-04 06:43 - 2024-05-10 00:55 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY
2024-05-04 06:43 - 2024-05-09 18:44 - 000000000 ____D C:\WINDOWS\servicing
2024-05-04 06:43 - 2024-05-04 06:48 - 000000000 ____D C:\WINDOWS\system32\SMI
2024-05-04 06:43 - 2024-05-04 06:43 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2024-05-01 08:41 - 2024-05-01 08:41 - 000003349 _____ C:\Users\marpo\Desktop\X.lnk
2024-04-24 18:16 - 2024-04-24 18:16 - 000022328 _____ C:\Users\marpo\Documents\spypetserversfound.txt
2024-04-21 15:51 - 2024-04-21 15:51 - 000000130 _____ C:\Users\marpo\.gitconfig
2024-04-21 15:49 - 2024-04-21 15:49 - 000000020 _____ C:\Users\marpo\.lesshst
2024-04-21 15:05 - 2024-04-21 15:07 - 000000179 _____ C:\Users\marpo\.pypirc
2024-04-21 14:59 - 2024-04-21 14:59 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Python
2024-04-21 14:57 - 2024-04-21 14:57 - 000000000 ____D C:\Users\marpo\AppData\Local\pip
2024-04-21 14:22 - 2024-04-21 14:22 - 000000000 ____D C:\Users\marpo\.crossnote
2024-04-21 11:18 - 2024-05-15 14:03 - 000000000 ____D C:\Users\marpo\AppData\Local\Discord
2024-04-21 11:15 - 2024-04-21 11:15 - 113064680 _____ (Discord Inc.) C:\Users\marpo\Downloads\DiscordSetup.exe
2024-04-21 11:09 - 2024-04-21 11:09 - 011588560 _____ (Martin Prikryl ) C:\Users\marpo\Downloads\WinSCP-6.3.3-Setup.exe
2024-04-21 02:56 - 2024-04-21 02:56 - 000000000 ____D C:\ProgramData\Dolby
2024-04-21 02:56 - 2024-04-21 02:56 - 000000000 ____D C:\Program Files\Dolby
2024-04-19 21:29 - 2024-04-19 21:29 - 000012192 _____ C:\Users\marpo\Downloads\crash-2024-02-10_00.01.15-client.txt
2024-04-18 21:33 - 2024-04-18 21:33 - 000000000 ____D C:\Users\marpo\AppData\LocalLow\Innersloth
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-05-15 14:39 - 2024-03-03 14:34 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Macro Deck
2024-05-15 14:36 - 2023-01-23 15:53 - 000000000 ____D C:\Program Files (x86)\Steam
2024-05-15 13:05 - 2023-06-28 18:06 - 000000000 ____D C:\Users\marpo\Documents\ShareX
2024-05-15 13:04 - 2023-03-24 19:30 - 000000128 _____ C:\Users\marpo\AppData\Roaming\winscp.rnd
2024-05-15 12:25 - 2023-01-23 12:18 - 000000000 ____D C:\ProgramData\NVIDIA
2024-05-15 11:06 - 2023-01-19 13:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-05-15 11:04 - 2023-01-23 15:43 - 000000000 ____D C:\Users\marpo\AppData\Roaming\discord
2024-05-15 07:29 - 2023-01-19 14:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-05-15 07:27 - 2023-01-19 14:11 - 000000000 ____D C:\Users\marpo\AppData\Local\D3DSCache
2024-05-15 07:26 - 2023-01-19 14:26 - 196465576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-05-15 06:51 - 2023-07-03 20:29 - 000000444 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2024-05-15 06:46 - 2023-11-22 16:01 - 000002323 _____ C:\Users\marpo\AppData\Roaming\hexplorer.dat
2024-05-15 06:46 - 2023-11-22 16:01 - 000000004 _____ C:\Users\marpo\AppData\Roaming\mclip.dat
2024-05-15 06:08 - 2024-02-26 10:29 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-05-15 06:03 - 2023-10-03 07:09 - 000000000 ____D C:\Users\marpo\AppData\Local\WebEx
2024-05-15 06:03 - 2023-08-27 17:57 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Canva
2024-05-15 06:03 - 2023-01-24 14:36 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Teams
2024-05-15 06:03 - 2023-01-23 17:01 - 000000000 ___RD C:\Users\marpo\OneDrive - VSB-TUO
2024-05-15 06:03 - 2023-01-19 14:12 - 000000000 ___RD C:\Users\marpo\OneDrive
2024-05-15 06:02 - 2023-01-19 15:11 - 000000000 __SHD C:\Users\marpo\IntelGraphicsProfiles
2024-05-15 01:37 - 2023-01-23 17:04 - 000000000 ____D C:\Users\marpo\AppData\Local\NVIDIA
2024-05-15 01:36 - 2023-08-12 11:42 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2024-05-14 23:52 - 2024-03-02 16:45 - 000000000 ____D C:\Program Files\TeamViewer
2024-05-14 23:52 - 2023-01-23 11:45 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-05-14 23:52 - 2023-01-23 11:45 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-05-14 23:03 - 2023-06-23 16:39 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-05-14 21:11 - 2023-08-12 11:43 - 000001443 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2024-05-14 21:11 - 2023-01-23 12:18 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2024-05-14 21:11 - 2023-01-23 12:17 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-05-14 21:11 - 2023-01-23 12:17 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2024-05-14 10:05 - 2023-01-19 14:11 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-05-14 08:46 - 2023-01-23 15:43 - 000002243 _____ C:\Users\marpo\Desktop\Discord.lnk
2024-05-13 23:19 - 2023-01-24 10:37 - 000000000 ____D C:\Users\marpo\AppData\Local\CrashDumps
2024-05-13 23:16 - 2023-11-11 12:21 - 000000000 ____D C:\Users\marpo\AppData\Local\VMware
2024-05-13 23:16 - 2023-02-24 01:03 - 000000000 ____D C:\Users\marpo\AppData\Roaming\VMware
2024-05-13 22:03 - 2023-02-24 01:03 - 000000000 ____D C:\ProgramData\VMware
2024-05-13 15:21 - 2023-01-23 17:09 - 000000000 ____D C:\Users\marpo\AppData\Roaming\.minecraft
2024-05-12 15:07 - 2023-03-30 19:10 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Blockbench
2024-05-12 09:05 - 2023-06-28 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2024-05-12 09:05 - 2023-06-28 18:06 - 000000000 ____D C:\Program Files\ShareX
2024-05-11 11:13 - 2023-12-07 21:27 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-05-11 11:13 - 2023-01-25 12:10 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-05-10 20:26 - 2023-01-23 20:13 - 000000000 ____D C:\Users\marpo\AppData\Roaming\obs-studio
2024-05-10 17:36 - 2023-02-03 19:14 - 000000000 ____D C:\Users\marpo\AppData\Local\babl-0.1
2024-05-10 13:02 - 2023-01-26 15:35 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Excel
2024-05-10 10:23 - 2024-02-18 12:29 - 000267784 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy_4.dll
2024-05-10 10:23 - 2023-01-23 17:00 - 002729592 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-05-10 10:23 - 2023-01-23 17:00 - 000722440 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-05-10 10:23 - 2023-01-23 17:00 - 000218632 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-05-10 10:23 - 2023-01-23 17:00 - 000206344 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-05-10 10:23 - 2023-01-23 17:00 - 000145008 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-05-10 10:23 - 2023-01-23 17:00 - 000108040 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-05-10 10:23 - 2023-01-23 17:00 - 000075272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-05-10 09:18 - 2023-01-24 14:32 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Word
2024-05-10 08:16 - 2023-07-15 00:26 - 000013286 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2024-05-10 08:16 - 2023-01-19 14:03 - 000000000 ____D C:\Intel
2024-05-10 08:16 - 2023-01-19 13:54 - 000012288 ___SH C:\DumpStack.log.tmp
2024-05-10 00:53 - 2023-01-19 13:54 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-05-10 00:53 - 2023-01-19 13:54 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-05-10 00:52 - 2023-01-19 14:06 - 000000000 _____ C:\WINDOWS\system32\fpfftResultsFile.txt
2024-05-10 00:52 - 2023-01-19 14:05 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2024-05-10 00:52 - 2023-01-19 14:05 - 000000000 ____D C:\WINDOWS\system32\DAX3
2024-05-10 00:52 - 2023-01-19 14:05 - 000000000 ____D C:\WINDOWS\system32\DAX2
2024-05-10 00:51 - 2024-04-13 11:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-05-10 00:51 - 2024-04-03 16:55 - 000000000 ____D C:\ProgramData\regid.2019-02.io.clockworklabs
2024-05-10 00:51 - 2024-04-03 16:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitCraft
2024-05-10 00:51 - 2024-03-31 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerShell
2024-05-10 00:51 - 2024-03-31 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2024-05-10 00:51 - 2024-03-31 09:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2024-05-10 00:51 - 2024-03-31 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3
2024-05-10 00:51 - 2024-03-30 14:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proton
2024-05-10 00:51 - 2024-03-22 10:53 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Element
2024-05-10 00:51 - 2024-03-13 16:52 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WAV-PRG
2024-05-10 00:51 - 2024-03-06 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2024-05-10 00:51 - 2024-03-02 23:58 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImHex
2024-05-10 00:51 - 2024-03-02 12:26 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kong
2024-05-10 00:51 - 2024-03-02 11:33 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Burp Suite Community Edition
2024-05-10 00:51 - 2024-02-25 18:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.12
2024-05-10 00:51 - 2024-02-25 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2024-05-10 00:51 - 2024-02-25 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 16
2024-05-10 00:51 - 2024-01-30 23:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerToys (Preview)
2024-05-10 00:51 - 2024-01-18 23:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Npcap
2024-05-10 00:51 - 2024-01-18 23:14 - 000000000 ____D C:\WINDOWS\system32\Npcap
2024-05-10 00:51 - 2023-11-17 23:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hexplorer
2024-05-10 00:51 - 2023-11-09 14:02 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raspberry Pi
2024-05-10 00:51 - 2023-11-06 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2024-05-10 00:51 - 2023-10-21 07:32 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-05-10 00:51 - 2023-10-13 00:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenfish Icon Editor Pro 4.2
2024-05-10 00:51 - 2023-10-03 07:16 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex
2024-05-10 00:51 - 2023-08-12 11:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2024-05-10 00:51 - 2023-07-30 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBTExplorer
2024-05-10 00:51 - 2023-07-24 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2024-05-10 00:51 - 2023-07-03 20:29 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubuntu
2024-05-10 00:51 - 2023-05-23 22:03 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2024-05-10 00:51 - 2023-03-29 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
2024-05-10 00:51 - 2023-03-29 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rtools 4.2
2024-05-10 00:51 - 2023-03-29 17:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
2024-05-10 00:51 - 2023-03-29 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
2024-05-10 00:51 - 2023-03-17 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNX
2024-05-10 00:51 - 2023-03-16 17:10 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2024-05-10 00:51 - 2023-02-28 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strawberry Perl (64-bit)
2024-05-10 00:51 - 2023-02-25 08:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNU Octave 7.3.0
2024-05-10 00:51 - 2023-02-24 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2024-05-10 00:51 - 2023-02-13 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontForge
2024-05-10 00:51 - 2023-02-13 17:17 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Inkscape
2024-05-10 00:51 - 2023-02-10 23:59 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2024-05-10 00:51 - 2023-02-05 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2024-05-10 00:51 - 2023-02-04 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2024-05-10 00:51 - 2023-02-04 10:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2019 Tools for Unity
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\WINDOWS\SysWOW64\3082
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\WINDOWS\SysWOW64\1055
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\WINDOWS\SysWOW64\1049
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\WINDOWS\SysWOW64\1046
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\WINDOWS\SysWOW64\1045
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\WINDOWS\SysWOW64\1040
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\WINDOWS\SysWOW64\1036
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\WINDOWS\SysWOW64\1029
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\WINDOWS\system32\3082
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\WINDOWS\system32\1055
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\WINDOWS\system32\1049
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\WINDOWS\system32\1046
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\WINDOWS\system32\1045
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\WINDOWS\system32\1040
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\WINDOWS\system32\1036
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\WINDOWS\system32\1029
2024-05-10 00:51 - 2023-02-04 09:47 - 000000000 ____D C:\Program Files\IIS
2024-05-10 00:51 - 2023-02-04 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2024-05-10 00:51 - 2023-02-04 09:46 - 000000000 ____D C:\WINDOWS\system32\1033
2024-05-10 00:51 - 2023-02-04 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2024-05-10 00:51 - 2023-02-03 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2024-05-10 00:51 - 2023-01-24 14:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2024-05-10 00:51 - 2023-01-24 14:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2024-05-10 00:51 - 2023-01-24 10:39 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2024-05-10 00:51 - 2023-01-23 20:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2024-05-10 00:51 - 2023-01-23 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2024-05-10 00:51 - 2023-01-23 16:18 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-05-10 00:51 - 2023-01-23 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2024-05-10 00:51 - 2023-01-23 15:43 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2024-05-10 00:51 - 2023-01-23 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Find and Mount
2024-05-10 00:51 - 2023-01-23 12:36 - 000000000 ____D C:\WINDOWS\oem
2024-05-10 00:51 - 2023-01-23 12:03 - 000000000 ____D C:\Program Files\Intel
2024-05-10 00:51 - 2022-05-07 12:14 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2024-05-10 00:51 - 2022-05-07 07:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2024-05-10 00:51 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2024-05-09 19:24 - 2024-03-29 17:48 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wondershare
2024-05-09 19:24 - 2023-12-06 01:07 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2024-05-09 19:23 - 2023-01-19 14:11 - 000000000 ____D C:\Users\marpo\AppData\Local\Packages
2024-05-09 18:58 - 2023-10-21 07:32 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-05-09 18:58 - 2023-09-23 16:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2024-05-09 18:58 - 2023-02-04 10:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2024-05-09 18:58 - 2023-02-04 00:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019
2024-05-09 18:58 - 2023-01-19 14:05 - 000000000 ____D C:\Program Files\Realtek
2024-05-09 18:58 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-05-08 08:44 - 2023-01-23 15:54 - 000000000 ____D C:\Users\marpo\AppData\Local\Steam
2024-05-08 03:47 - 2024-02-27 23:23 - 003721352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2024-05-08 03:45 - 2024-02-27 23:23 - 006948672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2024-05-06 23:34 - 2023-07-04 16:59 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-05-06 23:34 - 2023-07-04 16:59 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-05-05 12:36 - 2024-03-03 14:34 - 000000899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macro Deck.lnk
2024-05-05 12:36 - 2024-03-03 14:34 - 000000887 _____ C:\Users\Public\Desktop\Macro Deck.lnk
2024-05-05 12:36 - 2024-03-03 14:34 - 000000000 ____D C:\Program Files\Macro Deck
2024-05-01 08:41 - 2023-01-19 13:56 - 000000000 ____D C:\ProgramData\Packages
2024-05-01 08:22 - 2023-01-23 11:41 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-30 12:56 - 2023-02-10 23:59 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Code
2024-04-28 12:03 - 2024-03-15 19:50 - 000000000 ____D C:\Users\marpo\AppData\Local\ElevatedDiagnostics
2024-04-26 19:16 - 2023-02-03 19:48 - 000000000 ____D C:\Users\marpo\AppData\Local\gtk-2.0
2024-04-23 19:38 - 2023-01-23 12:17 - 000000000 ____D C:\ProgramData\Package Cache
2024-04-21 18:00 - 2023-01-24 14:32 - 000000000 ____D C:\Users\marpo\AppData\Roaming\Microsoft\Office
2024-04-21 11:18 - 2023-01-23 15:42 - 000000000 ____D C:\Users\marpo\AppData\Local\SquirrelTemp
2024-04-21 11:11 - 2023-03-24 19:30 - 000001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2024-04-21 11:11 - 2023-03-24 19:30 - 000001110 _____ C:\Users\Public\Desktop\WinSCP.lnk
2024-04-21 11:11 - 2023-03-24 19:30 - 000000000 ____D C:\Program Files (x86)\WinSCP
==================== Files in the root of some directories ========
2023-11-22 16:01 - 2024-05-15 06:46 - 000002323 _____ () C:\Users\marpo\AppData\Roaming\hexplorer.dat
2023-11-22 16:01 - 2024-05-15 06:46 - 000000004 _____ () C:\Users\marpo\AppData\Roaming\mclip.dat
2023-03-24 19:30 - 2024-05-15 13:04 - 000000128 _____ () C:\Users\marpo\AppData\Roaming\winscp.rnd
2024-05-10 17:36 - 2024-05-10 17:36 - 000007795 _____ () C:\Users\marpo\AppData\Local\recently-used.xbel
==================== FLock ==============================
2023-01-19 13:54 C:\WINDOWS\system32\config\BFS
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================