VIRY.CZ

Ahoj,
Microsoft Defender pořád nachází hrozbu: Děkuji za pomoc

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022
Ran by RSlos (administrator) on RADOVAN (Gigabyte Technology Co., Ltd. P55-US3L) (04-09-2022 17:21:55)
Running from C:\Users\RSlos\Desktop
Loaded Profiles: RSlos
Platform: Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Miroslav Topolar -> Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <9>
(Piriform Software Ltd -> Piriform Software Ltd) D:\Programs\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Miroslav Topolar -> Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) D:\Programs\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) D:\Programs\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22062.543.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => D:\Programs\PDF24\pdf24.exe [220704 2015-09-14] (Geek Software GmbH -> Geek Software GmbH)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY (No File)
HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\Run: [CCleaner Smart Cleaning] => D:\Programs\CCleaner\CCleaner64.exe [37054552 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\Run: [SmartSwitchPDLR.exe] => D:\Programs\Samsung\SmartSwitchPC\SmartSwitchPDLR.exe [1117200 2022-06-14] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\Run: [Zoner Photo Studio Autoupdate] => D:\PROGRAMS\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software, a.s. -> ZONER software)
HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\Run: [MicrosoftEdgeAutoLaunch_C543EDFAD1B810FB9BE29157554F9BEC] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3827104 2022-08-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpress] => "C:\Program Files (x86)\Garmin\Express\express.exe" /minimized (No File)
HKLM\...\Windows x64\Print Processors\Canon MG3200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDB8.DLL [30208 2012-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3200 series: C:\WINDOWS\system32\CNMLMB8.DLL [389120 2012-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3200 series XPS: C:\WINDOWS\system32\CNMXLMB8.DLL [392192 2012-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-03-28] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\WINDOWS\system32\pxcpmL.dll [2376960 2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\105.0.5195.102\Installer\chrmstp.exe [2022-09-03] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02C77AE0-DA0C-4189-96A0-D76E4AAEBC1C} - System32\Tasks\CCleaner Update => D:\Programs\CCleaner\CCUpdate.exe [684976 2022-07-18] (Piriform Software Ltd -> Piriform)
Task: {0A65FB89-DBEB-4DA4-B2D3-9A256313DB68} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Programs\esetonlinescanner_csy.exe LOGON (No File)
Task: {120DEFE2-6AAA-42D1-998D-D5C6DAA5B1A7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {15645B1A-1830-410D-915A-C8A70F083D44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-26] (Google LLC -> Google LLC)
Task: {4DF05A27-CB34-40CA-8109-B2CC59D55B0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-26] (Google LLC -> Google LLC)
Task: {6090F69C-88BC-415D-8E64-D4C6B2E76171} - System32\Tasks\CCleanerSkipUAC - RSlos => D:\Programs\CCleaner\CCleaner.exe [31101528 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {711DE3C2-3819-44E9-89F1-FF9E4E1C3E97} - System32\Tasks\EOSv3 Scheduler onTime => D:\Programs\esetonlinescanner_csy.exe SCHED (No File)
Task: {BB0D6788-7F93-4654-BCEF-3BB536A13418} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {FECC0CBC-77F0-4008-AAA6-AA77A894BBAC} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f96d08c0-b74a-453f-ba6a-8c92c61a13bc}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\RSlos\AppData\Local\Microsoft\Edge\User Data\Default [2022-09-04]
Edge DownloadDir: Default -> D:\Downloads

FireFox:
========
FF DefaultProfile: 6ilvrogm.default
FF ProfilePath: C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default [2022-09-04]
FF DownloadDir: D:\Downloads
FF Homepage: Mozilla\Firefox\Profiles\6ilvrogm.default -> hxxps://www.seznam.cz/
FF Extension: (Google Translator for Firefox) - C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default\Extensions\translator@zoli.bod.xpi [2019-05-21]
FF Extension: (FormApps Extension) - C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default\Extensions\{69F080C9-A1D8-42F8-BD83-3D54D4BC81B3}.xpi [2021-03-01]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-08-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1484243458-1922150109-371872183-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1484243458-1922150109-371872183-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1484243458-1922150109-371872183-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1484243458-1922150109-371872183-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-11-19] (Ubisoft Massive -> Ubisoft)

Chrome:
=======
CHR Profile: C:\Users\RSlos\AppData\Local\Google\Chrome\User Data\Default [2022-09-03]
CHR DownloadDir: D:\Downloads
CHR Notifications: Default -> hxxps://www.facebook.com
CHR Extension: (Dokumenty Google offline) - C:\Users\RSlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\RSlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-26]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-08-26] (Malwarebytes Inc. -> Malwarebytes)
S3 Origin Client Service; D:\Hry\Origin\OriginClientService.exe [2575624 2022-06-30] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; D:\Hry\Origin\OriginWebHelperService.exe [3494672 2022-06-30] (Electronic Arts, Inc. -> Electronic Arts)
S2 PDF24; D:\Programs\PDF24\pdf24.exe [220704 2015-09-14] (Geek Software GmbH -> Geek Software GmbH)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2019-02-01] (Even Balance, Inc. -> )
R2 ss_conn_service; D:\Programs\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2021-09-24] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; D:\Programs\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2021-09-24] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Miroslav Topolar -> Mister Group)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 EverestDriver; D:\Programs\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [26752 2010-03-31] (LAVALYS -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-05-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
U5 UnlockerDriver5; D:\Programs\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-09-04 17:21 - 2022-09-04 17:22 - 000018860 _____ C:\Users\RSlos\Desktop\FRST.txt
2022-09-04 17:21 - 2022-09-04 17:22 - 000000000 ____D C:\FRST
2022-09-04 17:21 - 2022-09-04 16:22 - 002371072 _____ (Farbar) C:\Users\RSlos\Desktop\FRST64.exe
2022-09-04 17:14 - 2022-09-04 17:14 - 000000000 ____D C:\WINDOWS\system32\gf2engine
2022-09-04 16:45 - 2022-09-04 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2022-09-04 16:45 - 2022-09-04 16:45 - 000000000 ____D C:\Program Files\7-Zip
2022-09-04 16:23 - 2022-09-04 17:15 - 000000000 ____D C:\Users\RSlos\AppData\Local\Avast Software
2022-09-04 16:20 - 2022-09-04 17:15 - 000000000 ____D C:\ProgramData\Avast Software
2022-09-04 13:44 - 2022-09-04 13:44 - 000000000 ____D C:\AdwCleaner
2022-08-30 16:11 - 2022-09-04 17:15 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-08-21 08:29 - 2022-08-21 08:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2022-08-10 08:23 - 2022-08-10 08:23 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-08-10 08:23 - 2022-08-10 08:23 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-08-10 08:23 - 2022-08-10 08:23 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-08-10 08:23 - 2022-08-10 08:23 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-08-10 08:23 - 2022-08-10 08:23 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-10 08:23 - 2022-08-10 08:23 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-10 08:23 - 2022-08-10 08:23 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-08-10 08:23 - 2022-08-10 08:23 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-08-10 08:15 - 2022-08-10 08:15 - 000000000 ___HD C:\$WinREAgent
2022-08-07 09:14 - 2020-12-02 05:23 - 001027992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-08-07 09:14 - 2020-12-02 05:23 - 000674712 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-08-07 09:14 - 2020-12-02 05:23 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 002096880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 001159920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 000656112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-08-07 09:14 - 2020-12-02 05:22 - 000590576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-08-07 09:14 - 2020-12-02 05:22 - 000556440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2022-08-07 09:14 - 2020-12-02 05:21 - 007706352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-08-07 09:14 - 2020-12-02 05:21 - 006860184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-08-07 09:14 - 2020-12-02 05:21 - 004175256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-08-07 09:14 - 2020-12-02 05:21 - 002508528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-08-07 09:14 - 2020-12-02 05:21 - 000849648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-08-07 09:14 - 2020-12-02 05:21 - 000445848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-08-07 09:14 - 2020-12-02 05:20 - 005978008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-08-07 09:14 - 2020-12-02 04:52 - 000080930 _____ C:\WINDOWS\system32\nvinfo.pb
2022-08-07 08:07 - 2022-08-07 08:07 - 000002878 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - RSlos
2022-08-07 08:07 - 2022-08-07 08:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-08-06 11:13 - 2022-08-06 11:13 - 000000000 ____D C:\WINDOWS\system32\lxss
2022-08-06 11:12 - 2022-06-03 06:15 - 001905936 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-08-06 11:12 - 2022-06-03 06:15 - 001905936 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-08-06 11:12 - 2022-06-03 06:15 - 001478416 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-08-06 11:12 - 2022-06-03 06:15 - 001478416 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-08-06 11:12 - 2022-06-03 06:15 - 001467840 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-08-06 11:12 - 2022-06-03 06:15 - 001432320 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-08-06 11:12 - 2022-06-03 06:15 - 001432320 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-08-06 11:12 - 2022-06-03 06:15 - 001209408 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-08-06 11:12 - 2022-06-03 06:15 - 001145616 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-08-06 11:12 - 2022-06-03 06:15 - 001145616 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-08-06 11:12 - 2022-06-03 06:12 - 000057440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2022-08-06 11:12 - 2022-06-03 06:10 - 005729744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-09-04 17:20 - 2021-09-17 21:02 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-09-04 17:20 - 2019-12-07 16:41 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2022-09-04 17:20 - 2019-12-07 16:41 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2022-09-04 17:20 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2022-09-04 17:18 - 2018-09-28 18:05 - 000000000 ____D C:\Program Files (x86)\Google
2022-09-04 17:17 - 2019-05-21 11:50 - 000000000 ____D C:\Users\RSlos\AppData\LocalLow\Mozilla
2022-09-04 17:16 - 2021-11-15 18:26 - 000000000 ____D C:\Users\Public\Documents\NativeFus_Log
2022-09-04 17:16 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-09-04 17:15 - 2021-09-17 21:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-09-04 17:15 - 2020-07-20 19:56 - 000008192 ___SH C:\DumpStack.log.tmp
2022-09-04 17:15 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-09-04 17:15 - 2019-05-21 11:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-09-04 17:15 - 2018-09-28 07:13 - 000000000 ____D C:\ProgramData\NVIDIA
2022-09-04 17:13 - 2021-09-17 20:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-09-04 16:22 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-09-04 13:53 - 2020-11-07 00:44 - 000001384 _____ C:\Users\RSlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-09-03 12:52 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-09-03 12:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-09-03 08:48 - 2021-12-26 12:11 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-09-02 17:34 - 2019-12-07 16:42 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-08-31 18:43 - 2021-12-26 12:10 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-08-31 18:43 - 2021-12-26 12:10 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-08-31 16:23 - 2018-09-28 20:55 - 000000000 ____D C:\Users\RSlos\AppData\Roaming\Mp3tag
2022-08-31 12:51 - 2021-10-09 11:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-08-31 12:51 - 2019-05-21 11:50 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-08-29 08:05 - 2018-09-28 22:47 - 000000000 ____D C:\Users\RSlos\AppData\Local\D3DSCache
2022-08-28 08:18 - 2020-05-24 07:47 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-08-26 15:40 - 2022-04-15 11:09 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-08-26 15:39 - 2019-07-20 09:10 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-08-23 17:57 - 2021-09-17 21:03 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-08-23 17:57 - 2021-09-17 21:03 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-08-21 09:40 - 2020-11-06 20:23 - 000000000 ____D C:\Users\RSlos\AppData\Roaming\MyPhoneExplorer
2022-08-21 08:29 - 2021-11-15 18:26 - 000000958 _____ C:\Users\Public\Desktop\Smart Switch.lnk
2022-08-12 11:38 - 2021-09-17 21:03 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-08-12 11:37 - 2021-12-18 20:03 - 000002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-08-11 15:41 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-08-10 17:12 - 2021-09-17 20:54 - 000378800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-08-10 17:11 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-08-10 17:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-08-10 08:23 - 2021-09-17 20:55 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-08-10 08:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-08-10 08:14 - 2018-09-28 07:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-08-10 08:11 - 2018-09-28 07:37 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-08-07 11:57 - 2018-09-28 07:13 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-08-07 09:24 - 2018-09-28 07:13 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-08-07 09:15 - 2018-09-28 10:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2022-08-07 08:39 - 2021-10-10 18:12 - 000000000 ____D C:\Users\RSlos\AppData\Roaming\Kodi
2022-08-07 08:07 - 2021-09-17 21:03 - 000003926 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-08-06 11:13 - 2021-01-06 19:53 - 000000000 ____D C:\Users\RSlos\AppData\Local\NVIDIA
2022-08-06 11:13 - 2018-09-28 09:32 - 000000000 ____D C:\ProgramData\Packages
2022-08-06 11:13 - 2018-09-28 07:08 - 000000000 ____D C:\Users\RSlos\AppData\Local\Packages

==================== Files in the root of some directories ========

2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\092f18fa66a34290833ca0571d38d84c
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\092f18fa66a34290833ca0571d38d84cthumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\12457690df4946ef9d1ea393f4650692
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\12457690df4946ef9d1ea393f4650692thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\4aba0037ddf84da299c558c0448d9025
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\4aba0037ddf84da299c558c0448d9025thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\4ca244a8f7024139961b569a1db65d76
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\4ca244a8f7024139961b569a1db65d76thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\4f9aa4c78f5b41738e96d3d73c295f57
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\4f9aa4c78f5b41738e96d3d73c295f57thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\5a5bbd54f96e47509a5705e57fee2bef
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\5a5bbd54f96e47509a5705e57fee2befthumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\5a6ea6b025d34db981719e1d6a0d9d98
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\5a6ea6b025d34db981719e1d6a0d9d98thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\7636dfbdaa174a7dbd3d5a899fb8c4d7
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\7636dfbdaa174a7dbd3d5a899fb8c4d7thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\8dccf285f9244e2e9ef348c87c2bbbbf
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\8dccf285f9244e2e9ef348c87c2bbbbfthumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\9853072704654e9ab465a72d369525b4
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\9853072704654e9ab465a72d369525b4thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\9b8b96470bce43b0a067093729dfb51f
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\9b8b96470bce43b0a067093729dfb51fthumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\a6ba50dba2654a9dadd3e72bfedfc776
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\a6ba50dba2654a9dadd3e72bfedfc776thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\b4d2d7289e5c4c93a509c012e6f12531
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\b4d2d7289e5c4c93a509c012e6f12531thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\bdc578a1ed804f30b87363fdf82f35be
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\bdc578a1ed804f30b87363fdf82f35bethumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\bffdbc5f5bf342e1969c8174897ec69a
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\bffdbc5f5bf342e1969c8174897ec69athumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\c245e8da83814c75a344bc793c256247
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\c245e8da83814c75a344bc793c256247thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\cca8ef1cf5e94abd86248f38f29ac825
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\cca8ef1cf5e94abd86248f38f29ac825thumb
2019-08-21 16:51 - 2019-08-21 16:51 - 000095085 _____ () C:\Users\RSlos\AppData\Roaming\DefaultAlbumArt.png
2019-08-21 16:51 - 2019-08-21 16:51 - 000165847 _____ () C:\Users\RSlos\AppData\Roaming\DefaultArtistArt.png
2019-08-21 16:51 - 2019-08-21 16:51 - 000164313 _____ () C:\Users\RSlos\AppData\Roaming\DefaultPlaylistArt.png
2019-08-21 16:51 - 2019-08-21 16:51 - 000095085 _____ () C:\Users\RSlos\AppData\Roaming\DefaultTrackArt.png
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\e95f31fbf2dc4b06884486634a6421c9
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\e95f31fbf2dc4b06884486634a6421c9thumb
2019-08-22 17:50 - 2019-08-22 17:50 - 000050380 _____ () C:\Users\RSlos\AppData\Roaming\e9b56c0c6a3845f48498e6e624fc8857
2019-08-22 17:50 - 2019-08-22 17:50 - 000015426 _____ () C:\Users\RSlos\AppData\Roaming\e9b56c0c6a3845f48498e6e624fc8857thumb
2020-03-29 11:20 - 2021-02-13 12:55 - 000001829 _____ () C:\Users\RSlos\AppData\Roaming\RADOVAN.MTBF.txt
2020-03-29 11:20 - 2022-06-29 16:27 - 000005120 _____ () C:\Users\RSlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-12-22 14:26 - 2018-12-22 14:26 - 000000001 _____ () C:\Users\RSlos\AppData\Local\llftool.4.40.agreement
2018-09-28 11:04 - 2018-09-28 11:04 - 000000017 _____ () C:\Users\RSlos\AppData\Local\resmon.resmoncfg

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by RSlos (04-09-2022 17:23:27)
Running from C:\Users\RSlos\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1889 (X64) (2021-09-18 06:18:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1484243458-1922150109-371872183-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1484243458-1922150109-371872183-503 - Limited - Disabled)
Guest (S-1-5-21-1484243458-1922150109-371872183-501 - Limited - Disabled)
RSlos (S-1-5-21-1484243458-1922150109-371872183-1001 - Administrator - Enabled) => C:\Users\RSlos
WDAGUtilityAccount (S-1-5-21-1484243458-1922150109-371872183-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
7-Zip 22.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2201-000001000000}) (Version: 22.01.00.0 - Igor Pavlov)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 22.002.20191 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_STANDARD_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_STANDARD_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_STANDARD_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
ANT Drivers Installer x64 (HKLM\...\{15DDA7AF-3E5C-49CC-B57C-8926F09405A6}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.00 - Ubisoft)
Assassin's Creed III (HKLM-x32\...\Assassin's Creed III_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Assassin's Creed III 1.01 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.01 - Ubisoft)
Assassins Creed Syndicate (HKLM-x32\...\Assassins Creed Syndicate_is1) (Version: - )
Audacity 2.2.1 (HKLM-x32\...\Audacity_is1) (Version: 2.2.1 - Audacity Team)
Balíček ovladače systému Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Balíček ovladače systému Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
calibre (HKLM-x32\...\{CF5F9723-E951-4080-BF78-7263A1C9C396}) (Version: 3.32.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Car Mechanic Simulator 2014.v 1.0.6.0 (HKLM-x32\...\Car Mechanic Simulator 2014.v 1.0.6.0_is1) (Version: Car Mechanic Simulator 2014.v 1.0.6.0 - Repack by Fenixx (07.02.2014))
CCleaner (HKLM\...\CCleaner) (Version: 6.02 - Piriform)
Creative Pack Volume 1 (HKLM\...\{997BE27F-A97F-4EF4-B841-D20ABF1CD6DC}) (Version: 4.0.0 - Corel Corporation)
Dazzle Video Capture DVC100 X64 Driver 1.08 (HKLM-x32\...\{FB4B9EB9-68B2-4C42-8C38-B65F8FE5A5CA}) (Version: 1.08.0000 - Pinnacle)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
FastShare.cz verze 2.4.0 (HKLM-x32\...\FastShare.cz_is1) (Version: 2.4.0 - )
FormApps Signing Extension (HKLM-x32\...\{2ADAFEB7-56C5-497F-8960-67DA46A81838}) (Version: 2.27.0.46 - Software602 a.s.)
FormatFactory 4.3.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.3.0.0 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 105.0.5195.102 - Google LLC)
Hollywood FX Volumes 1-3 (HKLM\...\{48C2040D-B49F-4B4D-AE4A-0DCED3305692}) (Version: 3.0 - Corel Corporation)
iZotope Music & Speech Cleaner (HKLM-x32\...\iZotope Music & Speech Cleaner_is1) (Version: 1.00 - iZotope, Inc.)
Kodi (HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\Kodi) (Version: - XBMC-Foundation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{E496AFB7-CB04-46CF-8FBB-5D665BC8811B}) (Version: 3.3.2110.22002 - Microsoft Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes version 4.5.14.210 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.14.210 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 104.0.1293.70 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 105.0.1343.25 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_STANDARD_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_STANDARD_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0405-0000-0000000FF1CE}_STANDARD_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_STANDARD_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0405-1000-0000000FF1CE}_STANDARD_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}) (Version: - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0405-0000-0000000FF1CE}_STANDARD_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (Czech) 2007 (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Czech) 2007 (HKLM-x32\...\{90120000-001A-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Czech) 2007 (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Czech) 2007 (HKLM-x32\...\{90120000-001F-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2007 (HKLM-x32\...\{90120000-001F-041B-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2007 (HKLM-x32\...\{90120000-002C-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0405-0000-0000000FF1CE}_STANDARD_{0B7A4B67-2A38-42B1-9857-662FAB361E08}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-041B-0000-0000000FF1CE}_STANDARD_{FDF9A959-241A-4662-A8DE-7DED9C22D160}) (Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (Czech) 2007 (HKLM\...\{90120000-002A-0405-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2007 (HKLM-x32\...\{90120000-006E-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word MUI (Czech) 2007 (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Teams (HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\Teams) (Version: 1.4.00.11161 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Mozaik 3D Viewer S (HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\Mozaik 3D Viewer S) (Version: 2.0.255 - MOZAIK Education Ltd.)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 104.0.1 (x64 cs)) (Version: 104.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.5 - Mozilla)
Mp3tag v2.73 (HKLM-x32\...\Mp3tag) (Version: v2.73 - Florian Heidenreich)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
MyHarmony (HKLM-x32\...\{2AD8F8A1-ECE5-4890-BCC2-B4396370A0D4}) (Version: 1.0.308 - Logitech)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.15 - F.J. Wechselberger)
NewBlue Effects (HKLM\...\{C68BAB1A-C7DF-4D81-83FC-981B31921924}) (Version: 2.1.0 - Corel Corporation)
NVIDIA Ovladače grafiky 512.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.15 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.113.50894 - Electronic Arts, Inc.)
PDF24 Creator 7.3.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-XChange Editor (HKLM\...\{D0B4B563-918D-42CE-8ADF-1E1549A7DCF9}) (Version: 7.0.324.3 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{e63a1903-34cf-4f96-90f3-fb0c70694630}) (Version: 7.0.324.3 - Tracker Software Products (Canada) Ltd.)
Pinnacle MyDVD (HKLM-x32\...\{9E90B657-D5B4-40C0-AE05-B29DED063494}) (Version: 1.0.112 - Název společnosti:) Hidden
Pinnacle MyDVD (HKLM-x32\...\{E6D07A42-38B7-4AAF-A857-2DF7177244D7}) (Version: 1.0 - Pinnacle)
Pinnacle Studio 19 - Standard Content Pack (HKLM\...\{91D1B712-604F-49C8-943F-FD257D647161}) (Version: 19.1 - Corel Corporation)
Pinnacle Studio 19 (HKLM\...\{CF91A83C-B84F-43CE-BCCE-7247E6137173}) (Version: 19.1.2.299 - Corel Corporation)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon MG3200 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG3200 series) (Version: - Canon Inc.‎)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.48.0 - Samsung Electronics Co., Ltd.)
ScoreFitter Volumes 1-2 (HKLM\...\{5CA29919-6361-4A17-91C5-6819E43794B1}) (Version: 3.0 - Corel Corporation)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.22063.6 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.22063.6 - Samsung Electronics Co., Ltd.)
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.89.214.1030 - Electronic Arts Inc.)
Title Extreme (HKLM\...\{3B519225-B4B2-40B7-A431-3C6AAE2831B4}) (Version: 3.0 - Corel Corporation)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_CZ_is1) (Version: - ZONER software)

Packages:
=========
CUE Splitter -> C:\Program Files\WindowsApps\38812MedievalSoftware.CUESplitter_2.0.8.0_x64__qfb5004rcjhse [2022-08-12] (Medieval Software)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.14.67.0_x64__rz1tebttyb220 [2022-07-09] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-06] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-09-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-09-17] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-08-06] (NVIDIA Corp.)
Photo Editor | Polarr -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.10.220.0_x64__jb41c8remg0x2 [2021-09-04] (Polarr)
Rozšíření pro video HEVC -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.51122.0_x64__8wekyb3d8bbwe [2022-05-27] (Microsoft Corporation)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-04] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0 [2022-08-25] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1484243458-1922150109-371872183-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\RSlos\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21063.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => D:\Programs\Mp3tag\Mp3tagShell64.dll [2015-12-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => D:\Programs\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2018-02-27] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programs\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => D:\Programs\Mp3tag\Mp3tagShell64.dll [2015-12-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-22] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => D:\Programs\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => D:\Programs\Mp3tag\Mp3tagShell64.dll [2015-12-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programs\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\nvshext.dll [2020-12-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-22] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => D:\Programs\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programs\WinRAR\rarext64.dll [2005-06-07] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => pvmjpgx40.dll
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\SysWOW64\prodad-codec.dll [506312 2014-01-08] (proDAD GmbH -> proDAD GmbH)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-11-06 22:45 - 2005-06-07 13:26 - 000043008 _____ () [File not signed] D:\Programs\WinRAR\rarext64.dll
2018-09-28 21:11 - 2012-03-28 19:01 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2022-07-15 19:00 - 2022-07-15 19:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1484243458-1922150109-371872183-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 23:03 - 2019-05-20 20:10 - 000000841 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1484243458-1922150109-371872183-1001\Control Panel\Desktop\\Wallpaper -> D:\Obrázky\Auta\Škoda Popular Monte Carlo.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "$McRebootA5E6DEAA56$.lnk"
HKLM\...\StartupApproved\StartupFolder: => "APC UPS Status.lnk"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "Display"
HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-1484243458-1922150109-371872183-1001\...\StartupApproved\Run: => "Zoner Photo Studio Service 16"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{0F493B56-619C-4876-89FC-20C9F623A49F}D:\hry\assassin's creed iii\ac3sp.exe] => (Allow) D:\hry\assassin's creed iii\ac3sp.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [TCP Query User{E6F85EE6-8A3B-4786-97ED-92CBA0A8E9A5}D:\hry\assassin's creed iii\ac3sp.exe] => (Allow) D:\hry\assassin's creed iii\ac3sp.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [UDP Query User{7C271C67-A94D-4851-833A-9EA8360FF0A1}D:\hry\assassins creed brotherhood\acbsp.exe] => (Allow) D:\hry\assassins creed brotherhood\acbsp.exe (UBISOFT ENTERTAINMENT INC. -> ) [File not signed]
FirewallRules: [TCP Query User{CD6A4571-C125-4732-86D7-D03434652D74}D:\hry\assassins creed brotherhood\acbsp.exe] => (Allow) D:\hry\assassins creed brotherhood\acbsp.exe (UBISOFT ENTERTAINMENT INC. -> ) [File not signed]
FirewallRules: [UDP Query User{BC061566-0D83-41A8-8954-A444D691DE42}D:\programs\myphoneexplorer\myphoneexplorer.exe] => (Allow) D:\programs\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{3ACF5F02-35A4-452C-834D-8E7D16E8F565}D:\programs\myphoneexplorer\myphoneexplorer.exe] => (Allow) D:\programs\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{E67134F9-60D3-4323-9269-21CFF519394D}] => (Allow) D:\Programs\Pinnacle\Studio 19\programs\UMI.exe (Corel Corporation -> Pinnacle)
FirewallRules: [{62DC0103-B4E9-48CD-8661-2DE3905BE8D0}] => (Allow) D:\Programs\Pinnacle\Studio 19\programs\UMI.exe (Corel Corporation -> Pinnacle)
FirewallRules: [{009E0728-C4F9-4A06-BCEA-200AB5A2438D}] => (Allow) D:\Programs\Pinnacle\Studio 19\programs\NGStudio.exe (Corel Corporation -> Pinnacle)
FirewallRules: [{3AD4DA43-D518-429E-B0BB-A7E56E1BBFA3}] => (Allow) D:\Programs\Pinnacle\Studio 19\programs\NGStudio.exe (Corel Corporation -> Pinnacle)
FirewallRules: [{67D48E2F-13D1-421A-A11B-462BD342276C}] => (Allow) D:\Programs\Pinnacle\Studio 19\programs\RM.exe (Corel Corporation -> Pinnacle)
FirewallRules: [{0353E250-92F9-44A3-B5D0-A461DDE8D380}] => (Allow) D:\Programs\Pinnacle\Studio 19\programs\RM.exe (Corel Corporation -> Pinnacle)
FirewallRules: [UDP Query User{709B04A9-29CE-407A-A138-7BD07E737E0E}C:\users\rslos\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\rslos\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{E0156561-1258-4530-80D2-0EC4036596A2}C:\users\rslos\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\rslos\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B9132572-843E-4F17-A43B-36B22A63BDF3}C:\users\rslos\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\rslos\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{61894A6E-BF95-4D0A-A016-544B4210C61E}C:\users\rslos\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\rslos\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9B591E49-8163-4AFE-8800-724BE13ADA69}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{DA2F72E5-C68E-4203-B587-62C7FF602549}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Launcher.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{357AC1F2-29C6-403A-B442-BF12BE80BC9C}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe (Ubisoft) [File not signed]
FirewallRules: [{80FB702C-75F9-4D72-844A-D6495AFDF0B2}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx10.exe (Ubisoft) [File not signed]
FirewallRules: [{6C1211E1-A0E2-4C0B-A4A4-659F009C69F6}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe (Ubisoft) [File not signed]
FirewallRules: [{85AA27E1-C9FF-4694-AFC4-5136419B1176}] => (Allow) D:\Hry\Assassin's Creed\AssassinsCreed_Dx9.exe (Ubisoft) [File not signed]
FirewallRules: [{E6E2FF15-919D-4A34-8847-4B21FAEB8ECE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8BE97D4D-E454-4A02-83BD-DF2FCA88B6D8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E9AF68CD-B28C-4EBD-B851-BA085DD8AA3D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{E4A32F8A-BA32-49F5-BF6C-3F80723BF014}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{8217AB0E-1C5B-40E0-BB0C-8D575549B745}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{C8B4063E-D335-4704-92AA-A15BB09AD3A5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{45892470-C855-4931-BCA8-68F7F1AC0E66}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
FirewallRules: [{56D7B120-BB0C-4375-BA6F-5E3382887FD6}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
FirewallRules: [{8CB7840B-A404-4A4C-870C-3E919F1DFE30}] => (Allow) D:\Programs\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{B0320090-890D-410B-8D98-1DEB366C11C6}] => (Allow) D:\Programs\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{16CA10C9-5EF9-480C-8E3F-FF62BA38C270}] => (Allow) D:\Programs\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{9BB119B3-17CC-4871-A062-F8B5D96C2A8A}] => (Allow) D:\Programs\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{D41DAE36-B9BD-4D0A-A231-7052BAF74399}] => (Allow) D:\Programs\FormatFactory\FormatFactory.exe (暇光软件科技（上海）有限公司 -> Free Time Co., Ltd.) [File not signed]
FirewallRules: [{5D981017-F913-4CE0-BE96-EAC4119A74D9}] => (Allow) D:\Programs\FormatFactory\FormatFactory.exe (暇光软件科技（上海）有限公司 -> Free Time Co., Ltd.) [File not signed]
FirewallRules: [{7E4C7482-E2F4-45F0-860C-8FB6A69BEF01}] => (Allow) D:\Hry\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{80675DA5-6747-4DC9-A230-E120A87092EA}] => (Allow) D:\Hry\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [TCP Query User{613931F9-AB35-4505-8503-0218CCFA6A10}D:\programs\kodi\kodi.exe] => (Allow) D:\programs\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [UDP Query User{8D6775C5-0FCC-46AE-B9C8-767E82EDB507}D:\programs\kodi\kodi.exe] => (Allow) D:\programs\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [{343F7CC2-648F-4DC2-A75D-34CD83889A33}] => (Allow) D:\Hry\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{79E3746C-42B3-4D21-985F-0B20E92087AE}] => (Allow) D:\Hry\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{B32CBA98-06F9-4AA2-998F-EAD19832C3C9}] => (Allow) D:\Hry\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{828CEF35-EB41-48DF-B39A-2640A8DC2D7A}] => (Allow) D:\Hry\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{62E1125E-D43F-499A-A24E-CFC403AED23B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{92734CD1-362A-4556-8A2F-71B6DF658F36}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B5E0FDBB-BA98-4FB0-AF19-A122380A78E6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{48E77034-F38A-49CB-9E1B-6617CEF15908}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0FB78E53-3236-4FE7-B052-93018E902658}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{32322E59-67DD-49A4-8F9E-65119EEAD7C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FBEEC5BA-5068-4BEB-BBD8-EF7F7297BD10}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7F085F96-7F2F-40AA-B559-2264BAA34F28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F621D5FF-7947-480D-8AFC-5766840DCA7A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{7E1737DC-0E4D-431A-B034-31E425975CBF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\105.0.1343.25\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

21-08-2022 08:29:21 Instalováno Smart Switch
31-08-2022 14:20:53 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name: Multimediální video adaptér
Description: Multimediální video adaptér
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multimediální adaptér
Description: Multimediální adaptér
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multimediální adaptér
Description: Multimediální adaptér
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (09/04/2022 05:15:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_stisvc, verze: 10.0.19041.1806, časové razítko: 0x7dcad237
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000009b00000001
ID chybujícího procesu: 0x588
Čas spuštění chybující aplikace: 0x01d8c0713c18e4d0
Cesta k chybující aplikaci: C:\WINDOWS\system32\svchost.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 2fe1cb17-938f-4e37-b59e-a0386a7966ef
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/04/2022 11:36:10 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na DATA (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (08/31/2022 04:21:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro D:\Programs\Audacity\audacity.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest.

Error: (08/31/2022 03:34:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro D:\Programs\Audacity\audacity.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest.

Error: (08/28/2022 06:43:55 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na DATA (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (08/28/2022 06:36:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na DATA (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (08/28/2022 01:43:06 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na DATA (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (08/28/2022 01:26:19 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na DATA (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (09/04/2022 05:16:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Načítání obrázků (WIA) byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/04/2022 05:16:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba PDF24 neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (09/04/2022 05:16:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby PDF24 bylo dosaženo časového limitu (45000 ms).

Error: (09/04/2022 01:55:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (09/04/2022 01:55:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\RSlos\AppData\Local\Temp\ehdrv.sys

Error: (09/04/2022 01:55:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (09/04/2022 01:55:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\RSlos\AppData\Local\Temp\ehdrv.sys

Error: (09/04/2022 01:55:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba eapihdrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.


Windows Defender:
================
Date: 2022-09-04 17:17:08
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Hive.ZY
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid74439979291537
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.373.1508.0, AS: 1.373.1508.0, NIS: 1.373.1508.0
Verze modulu: AM: 1.1.19500.2, NIS: 1.1.19500.2

Date: 2022-09-04 17:16:26
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Hive.ZY
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:8000:74439979291537
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.373.1508.0, AS: 1.373.1508.0, NIS: 1.373.1508.0
Verze modulu: AM: 1.1.19500.2, NIS: 1.1.19500.2

Date: 2022-09-04 16:17:57
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Hive.ZY
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid74439979291537
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.373.1508.0, AS: 1.373.1508.0, NIS: 1.373.1508.0
Verze modulu: AM: 1.1.19500.2, NIS: 1.1.19500.2

Date: 2022-09-04 16:12:14
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Hive.ZY
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:6276:74439979291537
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.373.1508.0, AS: 1.373.1508.0, NIS: 1.373.1508.0
Verze modulu: AM: 1.1.19500.2, NIS: 1.1.19500.2

Date: 2022-09-04 15:57:14
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/Hive.ZY
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:6276:74439979291537
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.373.1508.0, AS: 1.373.1508.0, NIS: 1.373.1508.0
Verze modulu: AM: 1.1.19500.2, NIS: 1.1.19500.2

CodeIntegrity:
===============
Date: 2022-09-04 16:41:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Award Software International, Inc. FH 06/24/2010
Motherboard: Gigabyte Technology Co., Ltd. P55-US3L
Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 42%
Total physical RAM: 8183.48 MB
Available physical RAM: 4724.63 MB
Total Virtual: 9463.48 MB
Available Virtual: 4604.96 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:231.93 GB) (Free:172.69 GB) (Model: Samsung SSD 860 EVO 250GB ATA Device) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:393.74 GB) (Model: ST1000DM003-1CH162 ATA Device) NTFS

\\?\Volume{bce5a315-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{bce5a315-0000-0000-0000-a01a3a000000}\ () (Fixed) (Total:0.47 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 856E1FCF)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

AdwCleaner- vidím pouze skenovat, opravu nikde nenabízí.

-------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-08-22.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-04-2022
# Duration: 00:00:07
# OS: Windows 10 Home
# Scanned: 32101
# Detected: 6


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.SamsungSmartSwitch File C:\Users\Public\Desktop\Smart Switch.lnk
Preinstalled.SamsungSmartSwitch File C:\Users\RSlos\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Smart Switch.lnk
Preinstalled.SamsungSmartSwitch Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG\SMART SWITCH PC
Preinstalled.SamsungSmartSwitch Folder C:\Users\RSlos\AppData\Roaming\SAMSUNG\SMART SWITCH PC
Preinstalled.SamsungSmartSwitch Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}
Preinstalled.SamsungSmartSwitch Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}


AdwCleaner_Debug.log - [7794 octets] - [04/09/2022 18:22:22]

022-09-04 16:23:18 : <INFO> [Button clicked] Dashboard menu item
2022-09-04 16:23:21 : <INFO> [Button clicked] Dashboard menu item
2022-09-04 16:23:21 : <INFO> [Button clicked] Dashboard menu item
2022-09-04 16:23:22 : <INFO> [Application] Closing AdwCleaner
2022-09-04 16:23:31 : <INFO> [Application] AdwCleaner 8 . 3 . 2 launched
2022-09-04 16:23:32 : <INFO> [MBInstaller] Checking Iris
2022-09-04 16:23:32 : <INFO> [IRIS] Making request
2022-09-04 16:23:32 : <INFO> [SslCert] Issued by ("DigiCert TLS RSA SHA256 2020 CA1")
2022-09-04 16:23:32 : <INFO> [SslCert] Issued to ("*.mwbsys.com")
2022-09-04 16:23:32 : <INFO> [SslCert] Locality Name ("Santa Clara")
2022-09-04 16:23:32 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2022-09-04 16:23:32 : <INFO> [SslCert] Certificate EffectiveDate: "út dub 26 00:00:00 2022 GMT"
2022-09-04 16:23:32 : <INFO> [SslCert] Certificate ExpirationDate: "et dub 27 23:59:59 2023 GMT"
2022-09-04 16:23:32 : <INFO> [SslCert] ALPN: None
2022-09-04 16:23:32 : <INFO> [SslCert] Cipher: "TLS_AES_128_GCM_SHA256"
2022-09-04 16:23:32 : <INFO> [SslCert] KXE: "any"
2022-09-04 16:23:32 : <INFO> [SslCert] Protocol: "TLSv1.3"
2022-09-04 16:23:32 : <INFO> [Telemetry] Sending hello
2022-09-04 16:23:32 : <INFO> [AdwUpgrade] Checking application updates
2022-09-04 16:23:32 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::ContentNotFoundError )
2022-09-04 16:23:32 : <INFO> [IRIS] Failed
2022-09-04 16:23:32 : <INFO> [SslCert] Issued by ("DigiCert TLS RSA SHA256 2020 CA1")
2022-09-04 16:23:32 : <INFO> [SslCert] Issued to ("*.mwbsys.com")
2022-09-04 16:23:32 : <INFO> [SslCert] Locality Name ("Santa Clara")
2022-09-04 16:23:32 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2022-09-04 16:23:32 : <INFO> [SslCert] Certificate EffectiveDate: "út dub 26 00:00:00 2022 GMT"
2022-09-04 16:23:32 : <INFO> [SslCert] Certificate ExpirationDate: "et dub 27 23:59:59 2023 GMT"
2022-09-04 16:23:32 : <INFO> [SslCert] ALPN: None
2022-09-04 16:23:32 : <INFO> [SslCert] Cipher: "TLS_AES_128_GCM_SHA256"
2022-09-04 16:23:32 : <INFO> [SslCert] KXE: "any"
2022-09-04 16:23:32 : <INFO> [SslCert] Protocol: "TLSv1.3"
2022-09-04 16:23:32 : <INFO> [Telemetry] Status code: QVariant(int, 200)
2022-09-04 16:23:39 : <INFO> [Application] Closing AdwCleaner
2022-09-04 16:24:31 : <INFO> [Application] AdwCleaner 8 . 3 . 2 launched
2022-09-04 16:24:31 : <INFO> [MBInstaller] Checking Iris
2022-09-04 16:24:31 : <INFO> [IRIS] Making request
2022-09-04 16:24:31 : <INFO> [SslCert] Issued by ("DigiCert TLS RSA SHA256 2020 CA1")
2022-09-04 16:24:31 : <INFO> [SslCert] Issued to ("*.mwbsys.com")
2022-09-04 16:24:31 : <INFO> [SslCert] Locality Name ("Santa Clara")
2022-09-04 16:24:31 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2022-09-04 16:24:31 : <INFO> [SslCert] Certificate EffectiveDate: "út dub 26 00:00:00 2022 GMT"
2022-09-04 16:24:31 : <INFO> [SslCert] Certificate ExpirationDate: "et dub 27 23:59:59 2023 GMT"
2022-09-04 16:24:31 : <INFO> [SslCert] ALPN: None
2022-09-04 16:24:31 : <INFO> [SslCert] Cipher: "TLS_AES_128_GCM_SHA256"
2022-09-04 16:24:31 : <INFO> [SslCert] KXE: "any"
2022-09-04 16:24:31 : <INFO> [SslCert] Protocol: "TLSv1.3"
2022-09-04 16:24:31 : <INFO> [AdwUpgrade] Checking application updates
2022-09-04 16:24:31 : <INFO> [Telemetry] Sending hello
2022-09-04 16:24:31 : <WARNING> [File Downloader] Error downloading ( QNetworkReply::ContentNotFoundError )
2022-09-04 16:24:31 : <INFO> [IRIS] Failed
2022-09-04 16:24:31 : <INFO> [SslCert] Issued by ("DigiCert TLS RSA SHA256 2020 CA1")
2022-09-04 16:24:31 : <INFO> [SslCert] Issued to ("*.mwbsys.com")
2022-09-04 16:24:31 : <INFO> [SslCert] Locality Name ("Santa Clara")
2022-09-04 16:24:31 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2022-09-04 16:24:31 : <INFO> [SslCert] Certificate EffectiveDate: "út dub 26 00:00:00 2022 GMT"
2022-09-04 16:24:31 : <INFO> [SslCert] Certificate ExpirationDate: "et dub 27 23:59:59 2023 GMT"
2022-09-04 16:24:31 : <INFO> [SslCert] ALPN: None
2022-09-04 16:24:31 : <INFO> [SslCert] Cipher: "TLS_AES_128_GCM_SHA256"
2022-09-04 16:24:31 : <INFO> [SslCert] KXE: "any"
2022-09-04 16:24:31 : <INFO> [SslCert] Protocol: "TLSv1.3"
2022-09-04 16:24:31 : <INFO> [Telemetry] Status code: QVariant(int, 200)
2022-09-04 16:24:36 : <INFO> [Button clicked] Scan
2022-09-04 16:24:36 : <INFO> [Scan] Started
2022-09-04 16:24:36 : <INFO> [Database] Downloading database
2022-09-04 16:24:36 : <INFO> [Database] Checking integrity
2022-09-04 16:24:36 : <INFO> [Database] Found 2689 families
2022-09-04 16:24:36 : <INFO> [Database] Database v "2022-08-22.1"
2022-09-04 16:24:36 : <INFO> [Loading paths] Local paths loaded
2022-09-04 16:24:36 : <INFO> [Loading paths] Chrome paths loaded
2022-09-04 16:24:36 : <INFO> [Loading paths] Firefox paths loaded
2022-09-04 16:24:36 : <INFO> [Loading paths] User Keys loaded
2022-09-04 16:24:36 : <INFO> [Module initialized] "File"
2022-09-04 16:24:36 : <INFO> [Module initialized] "Folder"
2022-09-04 16:24:36 : <INFO> [Module initialized] "RegistryKey"
2022-09-04 16:24:36 : <INFO> [Module initialized] "RegistryValue"
2022-09-04 16:24:36 : <INFO> [Module initialized] "Winlogon"
2022-09-04 16:24:36 : <INFO> [Module initialized] "RegAppInit"
2022-09-04 16:24:36 : <INFO> [Module initialized] "RegClasses"
2022-09-04 16:24:36 : <INFO> [Module initialized] "DNS"
2022-09-04 16:24:36 : <INFO> [Module initialized] "RegGuid"
2022-09-04 16:24:36 : <INFO> [Module initialized] "RegSoftwar2022-09-04 16:24:36 : <INFO> [Module initialized] "RegIEElevationPolicy"
2022-09-04 16:24:36 : <INFO> [Module initialized] "HostsFile"
2022-09-04 16:24:36 : <INFO> [Module initialized] "TaskName"
2022-09-04 16:24:36 : <INFO> [Module initialized] "FirefoxExt"
2022-09-04 16:24:36 : <INFO> [Module initialized] "Service"
2022-09-04 16:24:36 : <INFO> [Module initialized] "WMI"
2022-09-04 16:24:36 : <INFO> [Module initialized] "RegFirewallPolicy"
2022-09-04 16:24:37 : <INFO> [Module initialized] "URL"
2022-09-04 16:24:37 : <INFO> [Scan] Exclusions loaded
2022-09-04 16:24:38 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2022-09-04 16:24:38 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "HKLM\\Software\\Wow6432Node\\\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}" [ "Registry" ]
2022-09-04 16:24:38 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\RSlos\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Smart Switch.lnk" [ "File" ]
2022-09-04 16:24:38 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\Public\\Desktop\\Smart Switch.lnk" [ "File" ]
2022-09-04 16:24:43 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\Users\\RSlos\\AppData\\Roaming\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2022-09-04 16:24:43 : <INFO> [Scan] Item detected: "Preinstalled.SamsungSmartSwitch" , "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\SAMSUNG\\SMART SWITCH PC" [ "Folder" ]
2022-09-04 16:24:43 : <INFO> [Telemetry] Sending to Influx
2022-09-04 16:24:43 : <INFO> [SslCert] Issued by ("DigiCert TLS RSA SHA256 2020 CA1")
2022-09-04 16:24:43 : <INFO> [SslCert] Issued to ("*.mwbsys.com")
2022-09-04 16:24:43 : <INFO> [SslCert] Locality Name ("Santa Clara")
2022-09-04 16:24:43 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2022-09-04 16:24:43 : <INFO> [SslCert] Certificate EffectiveDate: "út dub 26 00:00:00 2022 GMT"
2022-09-04 16:24:43 : <INFO> [SslCert] Certificate ExpirationDate: "et dub 27 23:59:59 2023 GMT"
2022-09-04 16:24:43 : <INFO> [SslCert] ALPN: Yes
2022-09-04 16:24:43 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
2022-09-04 16:24:43 : <INFO> [SslCert] KXE: "ECDH"
2022-09-04 16:24:43 : <INFO> [SslCert] Protocol: "TLSv1.2"
2022-09-04 16:24:43 : <INFO> [Telemetry] Status code: QVariant(int, 204)
2022-09-04 16:24:43 : <INFO> [Telemetry] Sending to DSE
2022-09-04 16:24:44 : <INFO> [SslCert] Issued by ("DigiCert TLS RSA SHA256 2020 CA1")
2022-09-04 16:24:44 : <INFO> [SslCert] Issued to ("*.mwbsys.com")
2022-09-04 16:24:44 : <INFO> [SslCert] Locality Name ("Santa Clara")
2022-09-04 16:24:44 : <INFO> [SslCert] Organization ("Malwarebytes Inc")
2022-09-04 16:24:44 : <INFO> [SslCert] Certificate EffectiveDate: "út dub 26 00:00:00 2022 GMT"
2022-09-04 16:24:44 : <INFO> [SslCert] Certificate ExpirationDate: "et dub 27 23:59:59 2023 GMT"
2022-09-04 16:24:44 : <INFO> [SslCert] ALPN: Yes
2022-09-04 16:24:44 : <INFO> [SslCert] Cipher: "ECDHE-RSA-AES256-GCM-SHA384"
2022-09-04 16:24:44 : <INFO> [SslCert] KXE: "ECDH"
2022-09-04 16:24:44 : <INFO> [SslCert] Protocol: "TLSv1.2"
2022-09-04 16:24:44 : <INFO> [Telemetry] Status code: QVariant(int, 201)

Preinstalled jsou v pořádku (utility od Samsung). Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKU\S-1-5-18\...\Run: [GarminExpress] => "C:\Program Files (x86)\Garmin\Express\express.exe" /minimized (No File)
Task: {15645B1A-1830-410D-915A-C8A70F083D44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-26] (Google LLC -> Google LLC)
Task: {4DF05A27-CB34-40CA-8109-B2CC59D55B0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-26] (Google LLC -> Google LLC)
Task: {711DE3C2-3819-44E9-89F1-FF9E4E1C3E97} - System32\Tasks\EOSv3 Scheduler onTime => D:\Programs\esetonlinescanner_csy.exe SCHED (No File)
Task: {0A65FB89-DBEB-4DA4-B2D3-9A256313DB68} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Programs\esetonlinescanner_csy.exe LOGON (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\RSlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by RSlos (04-09-2022 19:05:09) Run:1
Running from C:\Users\RSlos\Desktop
Loaded Profiles: RSlos
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-18\...\Run: [GarminExpress] => "C:\Program Files (x86)\Garmin\Express\express.exe" /minimized (No File)
Task: {15645B1A-1830-410D-915A-C8A70F083D44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-26] (Google LLC -> Google LLC)
Task: {4DF05A27-CB34-40CA-8109-B2CC59D55B0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-26] (Google LLC -> Google LLC)
Task: {711DE3C2-3819-44E9-89F1-FF9E4E1C3E97} - System32\Tasks\EOSv3 Scheduler onTime => D:\Programs\esetonlinescanner_csy.exe SCHED (No File)
Task: {0A65FB89-DBEB-4DA4-B2D3-9A256313DB68} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Programs\esetonlinescanner_csy.exe LOGON (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\RSlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File

EmptyTemp:
End
*****************

Processes closed successfully.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\GarminExpress" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15645B1A-1830-410D-915A-C8A70F083D44}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15645B1A-1830-410D-915A-C8A70F083D44}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4DF05A27-CB34-40CA-8109-B2CC59D55B0E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DF05A27-CB34-40CA-8109-B2CC59D55B0E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{711DE3C2-3819-44E9-89F1-FF9E4E1C3E97}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{711DE3C2-3819-44E9-89F1-FF9E4E1C3E97}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A65FB89-DBEB-4DA4-B2D3-9A256313DB68}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A65FB89-DBEB-4DA4-B2D3-9A256313DB68}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Users\RSlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1048576 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34207052 B
Java, Discord, Steam htmlcache => 0 B
Windows/system/drivers => 2895136 B
Edge => 9216 B
Chrome => 50175594 B
Firefox => 37309224 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7358 B
NetworkService => 19774 B
RSlos => 1488662 B

RecycleBin => 0 B
EmptyTemp: => 121.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:05:14 ====

Smazáno. Nastala nějaká změna?

Bohužel ne. Po restartu počítače hned 4x za sebou hlásil Defender hrozbu.

Zkusíme vyčistit ještě prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe , https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

provedeno za 1 a tď se pustím za 2

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by RSlos on 05.09.2022 at 15:08:31,33.
Microsoft Windows 10 Home 10.0.19044 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\RSlos\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

05.09.2022 15:09:19 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\COMMON~1\Pegasus Imaging deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\ssh deleted successfully
C:\Users\RSlos\AppData\Local\DBG deleted successfully
C:\Users\RSlos\AppData\Local\Ubisoft Game Launcher deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\DBG deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.seznam.cz/");
user_pref("browser.search.suggest.enabled", false);

Added to C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default

user.js not found
---- Lines Search removed from prefs.js ----
user_pref("browser.search.hiddenOneOffs", "Default Search Engine,DuckDuckGo,Heureka,Mapy.cz");
---- FireFox user.js and prefs.js backups ----

prefs__1521_.backup

==== Deleting Files \ Folders ======================

C:\Users\RSlos\AppData\Roaming\calibre deleted
C:\Users\RSlos\.android deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\RSlos\AppData\Local\Avast Software deleted
C:\Users\RSlos\AppData\Local\cache deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\CM29AC0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\CM2B978.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\CM2C3E.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-118661.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-118663.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-118675.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-118677.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-118688.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-11868a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-11868c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-11869e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186a0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186a2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186a4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186b6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186b8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186ba.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186cb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186cd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186cf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186e1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1194-2514-1186e3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16d0a1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16d12f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16d3c1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16d431.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16d52d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16d704.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16db8a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dbab.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dbfb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dc1c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dc8c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dcad.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dcce.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dce0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dd20.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dd32.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dd53.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dd75.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-11f0-1a5c-16dd96.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4de48.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4de89.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4de9a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4deac.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4deae.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4debf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4dec1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4ded3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df04.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df06.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df18.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df29.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df3b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df4c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df4e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df60.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4df72.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4dfa3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1284-1254-5a4dfa5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e421.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e442.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e463.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e475.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e496.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e498.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e4b9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e4cb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e4ec.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e4ee.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e50f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e531.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e533.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e535.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e546.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e577.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e579.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e59a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1348-1c10-32e5ac.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102de6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102de8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102df9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102dfb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e0d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e0f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e11.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e22.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e24.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e26.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e38.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e3a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e4c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e4e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e50.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e61.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e63.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e65.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-140c-136c-102e77.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f548.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f569.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f56b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f57d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f57f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f581.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f592.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f594.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5a6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5a8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5b9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5bb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5cd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5cf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5e1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5e3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5f4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f5f6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-16fc-1c90-11f608.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa2c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa3e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa40.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa61.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa63.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa65.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa77.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa79.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa8b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa8d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fa8f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17faa0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17faa2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17faa4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fab6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fab8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17fac9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17facb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c24-fc8-17facd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-98f32.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-98f53.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-98f74.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-98f86.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-98f98.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-98fa9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-98fca.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-98fec.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-9900d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-9901f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-99021.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-99032.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-99044.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-99046.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-99057.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-99069.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-9907b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-9909c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1c88-504-990ae.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-833885.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8338a6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8338c7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8338d9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8338db.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8338fc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-83391e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-83392f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-833941.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-833952.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-833983.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-833995.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8339a7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8339b8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8339ca.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8339cc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8339ed.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-8339ff.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1cf8-84-833a10.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cbdd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cbef.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc00.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc12.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc14.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc26.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc28.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc49.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc5a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc5c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc5e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc70.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc72.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc84.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc95.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cc97.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9cca9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9ccab.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f58-a58-9ccbd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-10630f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106321.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106323.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106334.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106336.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106338.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-10634a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-10634c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-10634e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106350.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106361.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106363.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106375.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106377.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-106379.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-10638b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-10638d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-10639e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1f84-15f0-1063a0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10ed7c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10ed8e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10eda0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10eda2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10edb3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10edb5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10edb7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10edc9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10edcb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10eddd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10eddf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10edf0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10edf2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10edf4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10ee06.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10ee08.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10ee0a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10ee1b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-208c-1dcc-10ee1d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd25.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd37.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd49.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd4b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd5c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd5e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd60.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd72.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd74.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd85.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd87.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd99.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd9b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bd9d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bdaf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bdb1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bdc2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bdc4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-227c-ac4-76bdc6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623e42.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623e83.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623e94.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623ec5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623ee6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623ef8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623f29.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623f5a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623f8b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623fbc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623fdd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-623ffe.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-62401f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-624060.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-624091.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-6240b2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-6240e3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-624114.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-23c4-1cf4-624145.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769bf58.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769c3ee.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769c4f9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769c72e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769c81a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769cdf8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d230.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d30d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d38c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d572.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d5f1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d632.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d70f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d74f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d82c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769d957.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769db4d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769dbeb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2504-d60-1769dca9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e4e2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e4f4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e515.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e517.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e529.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e52b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e53d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e54e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e550.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e562.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e564.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e575.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e587.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e589.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e59b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e5bc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e5ed.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e5fe.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2684-2ac0-62e600.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada826.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada838.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada859.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada86b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada87c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada88e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada89f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada8b1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada8c3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada8d4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada8e6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada8f8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada909.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada91b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada92c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada93e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada950.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada961.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-26d0-2fb4-4ada983.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-827234d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-827235f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-8272371.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-8272373.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-8272384.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-8272386.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-8272398.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-82723a9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-82723ab.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-82723bd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-82723cf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-82723d1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-82723e2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-82723f4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-82723f6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-8272417.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-8272429.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-827243a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-274c-1a84-827244c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ecf9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ed1b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ed2c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ed3e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ed50.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ed61.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ed73.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ed84.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ed96.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390eda8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390edb9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390edbb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390edcd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390edcf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ede1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ede3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390ede5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390edf6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2868-2348-390edf8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd2e7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd337.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd3b6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd416.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd486.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd497.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd4a9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd4ba.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd4bc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd4ce.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd4e0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd4f1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd4f3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd505.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd517.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd528.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd52a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd53c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2a44-7b0-55dd54d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cb9e4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cba24.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cba65.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cba96.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbb24.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbb55.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbbc4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbc05.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbc65.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbd90.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbde0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbe3f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbe9f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbed0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbf01.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbf80.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cbfef.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cc0ad.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2af4-21c-54cc255.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffbf86.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffbfb7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffbfc8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffbfe9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc078.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc08a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc09b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc0ad.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc0bf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc0e0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc0e2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc0f3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc105.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc117.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc128.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc12a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc13c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc14e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b38-1d40-9ffc15f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd65b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd67d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd68e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd6a0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd6c1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd6d3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd6e4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd6f6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd6f8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd70a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd70c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd71d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd71f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd731.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd733.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd745.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd747.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd768.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b5c-17f4-97bd779.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249bb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249cd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249cf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249e0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249e2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249e4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249f6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249f8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c249fa.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a0b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a0d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a0f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a21.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a23.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a35.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a37.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a58.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a5a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a6c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a6e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a8f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24a91.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24aa2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24ab4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24ac6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24ac8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24ad9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24aeb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24afd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24aff.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24b20.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24b22.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24b33.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24b45.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24b57.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2bd4-85c-c24b59.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e0e2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e113.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e125.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e1b3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e1e4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e205.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e217.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e257.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e279.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e29a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e2ac.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e2bd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e2cf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e300.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e311.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e313.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e335.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e375.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-378-1920-da0e396.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-377949.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-37795a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-37797c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-37797e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-37798f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-377991.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-3779a3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-3779a5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-3779b6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-3779c8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-3779da.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-3779eb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-3779ed.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-3779ff.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-377a11.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-377a13.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-377a24.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-377a36.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-408-36c-377a38.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962a4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962b5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962b7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962c9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962cb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962dc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962de.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962e0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962f2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962f4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-962f6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-96308.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-9630a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-9630c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-9631d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-9631f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-96321.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-96333.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-510-478-96335.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a45cd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a466b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a468c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a47d7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a4817.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a4838.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a485a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a489a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a48bb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a48dd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a48ee.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a491f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a4931.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a4981.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a49b2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a4a02.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a4a13.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a4a35.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-544-2af0-6a4a56.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a811.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a823.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a825.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a827.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a829.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a82b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a83d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a83f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a841.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a843.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a854.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a856.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a858.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a85a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a85c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a86e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a870.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a872.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5a8-5ac-4a874.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-9ff03.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-9ff34.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-9ff74.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-9ff95.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-9ff97.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-9ffb9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-9ffbb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-9ffdc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a001c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a007c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a009d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a009f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a00c1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a00c3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a00e4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a0105.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a0126.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a0148.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5e4-564-a0169.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0692.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a075f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a07bf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a088c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a090b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a096b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a09ea.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0a59.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0ab9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0aea.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0afb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0b1d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0b2e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0b5f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0bbf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0be0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0c21.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0c23.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-5f8-d74-a8a0c34.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d09.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d1b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d2c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d3e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d50.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d61.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d73.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d85.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d87.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4d98.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4daa.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4dbb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4ddd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4dee.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4e00.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4e12.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4e23.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4e35.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-750-2760-2d4e46.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ed66.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ed97.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2eda9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2edbb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2edcc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2eded.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2edff.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ee11.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ee32.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ee44.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ee55.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ee67.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ee78.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2ee8a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2eeab.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2eebd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2eecf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2eee0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-a0c-98c-4c2eef2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1a28.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1a78.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1a7a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1a7c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1a8e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1a90.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1aa1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1ab3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1ab5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1ab7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1ac9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1ada.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1adc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1ade.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1af0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1b02.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1b04.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1b15.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ba8-25ec-2f1b17.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d181c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d182e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d1830.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d1841.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d1853.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d1865.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d1876.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d1888.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d189a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d189c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18ad.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18af.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18b1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18c3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18d4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18e6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18e8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18fa.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-df8-c7c-1d18fc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e59a4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e59c5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e59e6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5a08.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5a39.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5a4a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5a6b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5a7d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5a9e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5ab0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5ac2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5ad3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5ae5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5af6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5af8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5b0a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5b0c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5b1e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-f38-520-8e5b2f.tmp deleted
C:\WINDOWS\Syswow64\is-CC0PJ.tmp deleted
C:\WINDOWS\Syswow64\is-R6O96.tmp deleted
"C:\Users\RSlos\AppData\Roaming\092f18fa66a34290833ca0571d38d84c" deleted
"C:\Users\RSlos\AppData\Roaming\092f18fa66a34290833ca0571d38d84cthumb" deleted
"C:\Users\RSlos\AppData\Roaming\12457690df4946ef9d1ea393f4650692" deleted
"C:\Users\RSlos\AppData\Roaming\12457690df4946ef9d1ea393f4650692thumb" deleted
"C:\Users\RSlos\AppData\Roaming\4aba0037ddf84da299c558c0448d9025" deleted
"C:\Users\RSlos\AppData\Roaming\4aba0037ddf84da299c558c0448d9025thumb" deleted
"C:\Users\RSlos\AppData\Roaming\4ca244a8f7024139961b569a1db65d76" deleted
"C:\Users\RSlos\AppData\Roaming\4ca244a8f7024139961b569a1db65d76thumb" deleted
"C:\Users\RSlos\AppData\Roaming\4f9aa4c78f5b41738e96d3d73c295f57" deleted
"C:\Users\RSlos\AppData\Roaming\4f9aa4c78f5b41738e96d3d73c295f57thumb" deleted
"C:\Users\RSlos\AppData\Roaming\5a5bbd54f96e47509a5705e57fee2bef" deleted
"C:\Users\RSlos\AppData\Roaming\5a5bbd54f96e47509a5705e57fee2befthumb" deleted
"C:\Users\RSlos\AppData\Roaming\5a6ea6b025d34db981719e1d6a0d9d98" deleted
"C:\Users\RSlos\AppData\Roaming\5a6ea6b025d34db981719e1d6a0d9d98thumb" deleted
"C:\Users\RSlos\AppData\Roaming\7636dfbdaa174a7dbd3d5a899fb8c4d7" deleted
"C:\Users\RSlos\AppData\Roaming\7636dfbdaa174a7dbd3d5a899fb8c4d7thumb" deleted
"C:\Users\RSlos\AppData\Roaming\8dccf285f9244e2e9ef348c87c2bbbbf" deleted
"C:\Users\RSlos\AppData\Roaming\8dccf285f9244e2e9ef348c87c2bbbbfthumb" deleted
"C:\Users\RSlos\AppData\Roaming\9853072704654e9ab465a72d369525b4" deleted
"C:\Users\RSlos\AppData\Roaming\9853072704654e9ab465a72d369525b4thumb" deleted
"C:\Users\RSlos\AppData\Roaming\9b8b96470bce43b0a067093729dfb51f" deleted
"C:\Users\RSlos\AppData\Roaming\9b8b96470bce43b0a067093729dfb51fthumb" deleted
"C:\Users\RSlos\AppData\Roaming\a6ba50dba2654a9dadd3e72bfedfc776" deleted
"C:\Users\RSlos\AppData\Roaming\a6ba50dba2654a9dadd3e72bfedfc776thumb" deleted
"C:\Users\RSlos\AppData\Roaming\b4d2d7289e5c4c93a509c012e6f12531" deleted
"C:\Users\RSlos\AppData\Roaming\b4d2d7289e5c4c93a509c012e6f12531thumb" deleted
"C:\Users\RSlos\AppData\Roaming\bdc578a1ed804f30b87363fdf82f35be" deleted
"C:\Users\RSlos\AppData\Roaming\bdc578a1ed804f30b87363fdf82f35bethumb" deleted
"C:\Users\RSlos\AppData\Roaming\bffdbc5f5bf342e1969c8174897ec69a" deleted
"C:\Users\RSlos\AppData\Roaming\bffdbc5f5bf342e1969c8174897ec69athumb" deleted
"C:\Users\RSlos\AppData\Roaming\c245e8da83814c75a344bc793c256247" deleted
"C:\Users\RSlos\AppData\Roaming\c245e8da83814c75a344bc793c256247thumb" deleted
"C:\Users\RSlos\AppData\Roaming\cca8ef1cf5e94abd86248f38f29ac825" deleted
"C:\Users\RSlos\AppData\Roaming\cca8ef1cf5e94abd86248f38f29ac825thumb" deleted
"C:\Users\RSlos\AppData\Roaming\e95f31fbf2dc4b06884486634a6421c9" deleted
"C:\Users\RSlos\AppData\Roaming\e95f31fbf2dc4b06884486634a6421c9thumb" deleted
"C:\Users\RSlos\AppData\Roaming\e9b56c0c6a3845f48498e6e624fc8857" deleted
"C:\Users\RSlos\AppData\Roaming\e9b56c0c6a3845f48498e6e624fc8857thumb" deleted
"C:\DumpStack.log.tmp" not deleted
"C:\Users\RSlos\AppData\Roaming\MPC-HC" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default
- Undetermined - %ProfilePath%\extensions\translator@zoli.bod.xpi
- Undetermined - %ProfilePath%\extensions\{69F080C9-A1D8-42F8-BD83-3D54D4BC81B3}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\RSlos\AppData\Roaming\Mozilla\Firefox\Profiles\6ilvrogm.default
C08AC183933D8FFD9BB7AB1AFB948B67 - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll - PDF-XChange Editor
02393A25A2191135268AD56817EC6ACD - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll - PDF-XChange Editor


==== Chromium Look ======================



==== Chromium Startpages ======================

C:\Users\RSlos\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
kahdhfohhjmg":"40647823D034FA8C91BC5DCBBA7DB4E42C4AE1D966215267C034B6ECD96F3E84","fogppepbgmgkpdkinbojbibkhoffpief":"B0B32791F586AD71C05286B5E26C830430279F899B10132F8BB3375E21270A0B","geiinlhabolacmdgdkbkppfmijlemjep":"BBDF5FEC3A2F64AF2F771CB47D2C5BDF79950FEA05D887704B28528DD7291D2B","iglcjdemknebjbklcgkfaebgojjphkec":"B72C090C2D9E3B2C60B72D8023D49059832350C115FDCEEB9B476F8BFE409DB0","ihmafllikibpmigkcoadcmckbfhibefp":"E4EB533684D534787516258C464813914F33E8B4A4086DB0FEA15B900B199C9B","jdiccldimpdaibmpdkjnbmckianbfold":"FBB22F3EF91EC7C1E65594F566C2EACE5EAFE81D04EE0F09D9751D08DD5EC532","kmendfapggjehodndflmmgagdbamhnfd":"0AF8E523AF6BAC305F51BA2A55593B77B065536B597CEA689428D35E3C3B958A","mhjfbmdgcfjbbpaeojofohoefgiehjai":"19338409AC0ADABB26EB001A54E0192428C478B0E6295C7935D4EFB72BAF60FE","ncbjelpjchkpbikbpkcchkhkblodoama":"AAA5A463A5DC9164CC32D47C96C8940032A04E0F3E68A125EA6E5783FA80A8CC","nkeimhogjdpnpccoofpliimaahmaaome":"1C33A76CD12A5CFAC9EA781CA73D124D2A6EA64EB06462EC3A2B46F04EA2B5AA"}},"homepage":"CF51B76CDE23E9FD66997B12842975A8A9CD899887DE000BE0674335D1647DF5","homepage_is_newtabpage":"A5061EB0F3F4206F3120320D2FCDF82F6F31FA5B3412A051D8F95B6E9A6AFA36","media":{"cdm":{"origin_data":"28D98AA278F9B150AA314BB833E2FBAD13CE3837C5BBF39F72456D48ADA57C8C"},"storage_id_salt":"A31E4C6455E2B3C4AFEEA4421FD27D7E6024992D7788F1EBC2F6F2D77F68625A"},"pinned_tabs":"F7870A54B904E0A4E8A85CB9EB9CC9E32E4CE9D48025D47E11B3BF0EB912FB40","prefs":{"preference_reset_time":"8F37B2BFEE085AE669D7E39A64D832C531BC25F16879E38D4A48AE8F8983958D"},"safebrowsing":{"incidents_sent":"8699D414C6D18C9730F5124881EB2FDBDDFC120F323B5F0DED9BED8C47EBAC5C"},"search_provider_overrides":"2D64D0BAB2DA5341547E9394EA12D49202D42583F752A214E0EFBBC92D8ACBD1","session":{"restore_on_startup":"4003038838A22EBF125636DD92A34B76E48ED9A9890237D01FE8A3A9BCEABCC2","startup_urls":"90C4C36D27814265C4678AD219B334376205CEA9BA3B9B9BBEC6223A95784423"},"settings_reset_prompt":{"last_triggered_for_default_search":"3BCD034B95F374A00A92FC7D5FA7FF35A7E0D2F2888BC926732977DEED55CBED","last_triggered_for_homepage":"84402241964CA6AA1E5896085D8AFBCB25A1E3A1FFA6FFE361E24333A5847365","last_triggered_for_startup_urls":"A2387E3DFDDA25B6DC345521CBE34F14AD86B31547E56463BF27DC8ED059C53A","prompt_wave":"099A87AA321702998972C6453B3290A920A310DEF31513134FCEDB021583C1FA"},"software_reporter":{"prompt_seed":"66EA6C11B122C9F93B124043F86FF6BAC6FB9966D4B7E6332879B9AED630159C","prompt_version":"CA4F16B85FAC93BDF61E0B69ADF92B7A8BF2A2C30254BB49C137E8264E9FF92D","reporting":"5707B0132BD3BB6D0A447694FD83B3C11B595B9F95B15091A7E12C31CA4C5F6F"}}},"reset_prepopulated_engines":false,"resolve_navigation_errors_use_web_service":{"enabled":false},"retention_collections_bubble_show_timer":1651153260.80647,"safebrowsing":{"advanced_protection_last_refresh":"13306856050014560","event_timestamps":{},"metrics_last_log_time":"13306777977","saw_interstitial_sber2":true,"unhandled_sync_password_reuses":{}},"savefile":{"default_directory":"D:\\Downloads"},"selectfile":{"last_directory":"D:\\Downloads\\4.Naskenované"},"session":{"restore_on_startup":4,"startup_urls":["http://www.seznam.cz/"]},"sessions":{"event_log":[{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13306699107268565","type":2,"window_count":0},{"crashed":false,"time":"13306746982455761","type":0},{"did_schedule_command":true,"first_session_service":true,"tab_count":0,"time":"13306765332499660","type":2,"window_count":1},{"crashed":false,"time":"13306765333189458","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13306778107707406","type":2,"window_count":0},{"crashed":false,"time":"13306778186940200","type":0},{"crashed":false,"time":"13306784789011368","type":0},{"did_schedule_command":true,"first_session_service":true,"tab_count":0,"time":"13306787799838908","type":2,"window_count":1},{"crashed":false,"time":"13306787800514192","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13306789419164393","type":2,"window_count":0},{"crashed":false,"time":"13306856049942774","type":0}],"session_data_status":1},"settings":{"a11y":{"caretbrowsing":{"enabled":false}}},"shopping":{"last_notification_time":"13303636880091381"},"show-no-internet-message":false,"signin":{"allowed":true},"spellcheck":{"dictionaries":["cs"],"dictionary":""},"sync":{"autofill":false,"bag_of_chips":"CgMxMDY=","birthday":"ProductionEnvironmentDefinition","bookmarks":true,"cache_guid":"f3s6B66NprdthtccNyv6fQ==","collections":false,"collections_edge_re_evaluated":true,"collections_edge_supported":true,"edge_account_type":1,"edge_promoted_types":["sync.extensions"],"encryption_bootstrap_token":"djEwS0RS8N1OtnUt/N9MEkzDW1bCsNVcpAHiYm7QHke6DZm3ErWwGsdyaVFladHMmXkIgt+ax+2W8/vlS1Dr8+lisCu1+j4GBNd0VWt6XGJw+UBepw==","extensions":false,"extensions_edge_supported":true,"gaia_id":"0003000096BF9B28","has_setup_completed":true,"history_edge_supported":true,"invalidation_versions2":{"154522":"1656422658267000","32904":"1593794722429000"},"keep_everything_synced":false,"keystore_encryption_key_state":"eyJleHBpcmF0aW9uX3RpbWUiOjE2NjIzNzc5NzMuNDQxNjEzfQ==","last_poll_time":"13306765278513798","last_synced_time":"13306787686558146","local_device_guids_with_timestamp":[{"cache_guid":"f3s6B66NprdthtccNyv6fQ==","timestamp":154014}],"passwords":false,"preferences":true,"requested":false,"short_poll_interval":"28800000000","tabs_edge_supported":true},"sync_consent_recorded":true,"sync_settings_iris_load_timestamp":"13256840081476441","third_party_search":{"consented":false},"tracking_prevention":{"strict_inprivate":true},"translate_accepted_count":{"en":0},"translate_allowlists":{},"translate_blocked_languages":["cs","en"],"translate_denied_count_for_language":{"en":1},"translate_ignored_count_for_language":{"en":0},"translate_recent_target":"cs","translate_site_blacklist":[],"translate_site_blacklist_with_time":{},"try_collections_bubble_shown_num_times":1,"try_collections_first_time":true,"unified_consent":{"migration_state":10},"user_experience_metrics":{"personalization_data_consent_enabled_last_known_value":false,"reporting_personalization_enabled":false},"variations":{"state_reset_on_profile_load":{"timestamp":"13249831608296960"}},"web_apps":{"daily_metrics":{"https://muj.cez.cz/col/":{"background_d ... hrome_apps":["MigrateDefaultChromeAppToWebAppsGSuite","MigrateDefaultChromeAppToWebAppsNonGSuite"],"last_preinstall_synchronize_version":"105","link_handling_info":{"enabled_for_installed_apps":true},"system_web_app_failure_count":0,"system_web_app_last_attempted_language":"cs","system_web_app_last_attempted_update":"104.0.1293.70","system_web_app_last_installed_language":"cs","system_web_app_last_update":"104.0.1293.70"},"webkit":{"webprefs":{"default_fixed_font_size":17,"default_font_size":20}},"zerosuggest":{"cachedresults":""}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="https://www.bing.com/search?q={searchTe ... 02&pc=UE00"

==== Reset Google Chrome ======================

C:\Users\RSlos\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\RSlos\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\RSlos\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\RSlos\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\RSlos\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\RSlos\AppData\Local\Microsoft\Edge\User Data\Default\Web Data will be reset at reboot
C:\Users\RSlos\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\RSlos\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\RSlos\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\RSlos\AppData\Local\Mozilla\Firefox\Profiles\6ilvrogm.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\RSlos\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\RSlos\AppData\Local\Microsoft\Edge\User Data\Default\Cache will be emptied at reboot

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=103 folders=729 157879626 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\RSlos\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\DumpStack.log.tmp" not deleted
"C:\Users\RSlos\AppData\Local\Microsoft\Edge\User Data\Default\Web Data" not found

==== EOF on 05.09.2022 at 15:25:32,82 ======================

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by RSlos (Administrator) on 05.09.2022 at 15:30:39,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.09.2022 at 15:32:36,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OK. Změnilo se něco nyní?

Vypadá to, že už je to v pořádku.
Výztraha od Defenderu se objevila jen po prvním spuštění počítače a teď to už dává cca 2,5hod pokoj.

Ještě bude potřeba něco vyčistit? Něco po použitých utilitách?

Moc děkuji. A určitě Vám přispěji.

Myslím, že je to vše.