Dobrý den,
při psaní na klávesnici se píší občas nesmyslné znaky.
Například:
¨no … ano
Märcon … marcon
n´dobí … nádobí
s¨znam ... seznam
b¨dejvice … budějovice
Přikládám log z FRST a prosím o kontrolu.
Děkuji
Marek
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.02.2024 02
Ran by Petr (administrator) on OEM-PC (21-02-2024 11:05:25)
Running from C:\Users\oem\Desktop\Antispyware\FRST\FRST64.exe
Loaded Profiles: Petr
Platform: Microsoft Windows 10 Home Version 22H2 19045.4046 (X64) Language: Čeština (Česko)
Default browser: Opera
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ABBYY SOLUTIONS LIMITED -> ABBYY.) C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(C:\Program Files (x86)\Mobo\Service\MoboDeviceService.exe ->) (BoYuan(Hong Kong) Wireless Websoft Technology Limited -> Mobo) C:\Program Files (x86)\Mobo\Service\MoboDeviceProxy.exe
(C:\Program Files\ESET\ESET Smart Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Smart Security\eguiProxy.exe
(C:\Program Files\ESET\ESET Smart Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Smart Security\eOppFrame.exe
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(explorer.exe ->) (Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe
(explorer.exe ->) (Ashampoo GmbH & Co. KG -> Ashampoo Media GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe
(explorer.exe ->) (Bartels Media GmbH -> Bartels Media GmbH) C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
(explorer.exe ->) (EnTech Taiwan -> EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
(explorer.exe ->) (Franz Josef Wechselberger -> F.J. Wechselberger) C:\Program Files (x86)\MyPhoneExplorer-1-8-5\MyPhoneExplorer.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <65>
(explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(explorer.exe ->) (Logitech -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(explorer.exe ->) (LW-WORKS Software) [File not signed] C:\sw\clipboard_recorder_portable\$RGCBVYN.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe <3>
(explorer.exe ->) (Samsung Electronics CO., LTD. -> Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(explorer.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(services.exe ->) (ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(services.exe ->) (Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(services.exe ->) (Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (BoYuan(Hong Kong) Wireless Websoft Technology Limited -> Mobo, Inc.) C:\Program Files (x86)\Mobo\Service\MoboDeviceService.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Smart Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(services.exe ->) (Geek Software GmbH -> Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(services.exe ->) (Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Software602 -> Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(services.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(services.exe ->) (Xerox Corporation -> Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe
(Software602 -> Software602) C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Windows.Media.BackgroundPlayback.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Služba Acronis Scheduler2] => C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe [358832 2011-02-03] (Acronis, Inc -> Acronis)
HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmdS.exe [196264 2024-01-24] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5119600 2012-05-11] (VIA Technologies Inc. -> VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5133968 2011-02-03] (Acronis, Inc -> )
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Print2PDF Print Monitor] => C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe [222776 2011-04-12] (Software602 -> Software602)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [925960 2011-08-18] (ABBYY SOLUTIONS LIMITED -> ABBYY.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [STCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [771968 2011-08-29] (Splashtop Inc. -> Splashtop Inc.)
HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc. -> Splashtop Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [483976 2020-09-07] (Geek Software GmbH -> Geek Software GmbH)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\86.0.9.0\GoogleDriveFS.exe [59669792 2024-02-11] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\86.0.9.0\GoogleDriveFS.exe [59669792 2024-02-11] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe [3860304 2013-10-29] (Ashampoo GmbH & Co. KG -> Ashampoo Media GmbH & Co. KG)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [MyPhoneExplorer] => C:\Program Files (x86)\MyPhoneExplorer-1-8-5\MyPhoneExplorer.exe [5945504 2019-06-17] (Franz Josef Wechselberger -> F.J. Wechselberger)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\86.0.9.0\GoogleDriveFS.exe [59669792 2024-02-11] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45018016 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [DPDApp] => C:\Users\oem\AppData\Local\Programs\DPD-electron\DPDApp.exe [111036928 2023-05-30] (DPDGroup) [File not signed]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [MicrosoftEdgeAutoLaunch_C3C43DE3D7532B85F72FDD7AC8AEB537] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\MountPoints2: {a144871f-59a1-11e8-a65d-806e6f6e6963} - "H:\Windows Utilities\Installer64\Install.exe"
HKU\S-1-5-21-2864334784-1603053625-3890222848-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45018016 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1003\...\Run: [MicrosoftEdgeAutoLaunch_F19A02299990B1ACC5CF1F78FEF0F08C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1003\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\86.0.9.0\GoogleDriveFS.exe [59669792 2024-02-11] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\Run: [CCleanerBrowserAutoLaunch_05192599E3C059BF391BBC4A7D0D69CA] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3134904 2024-02-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\Run: [MicrosoftEdgeAutoLaunch_3B84CBD7EA3C00F28296F546D5781130] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\86.0.9.0\GoogleDriveFS.exe [59669792 2024-02-11] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 19.043.0304.0013\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64" [0 2022-01-27] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 19.043.0304.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\19.043.0304.0013" [0 2022-01-27] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" [0 2022-01-28] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" [0 2022-01-28] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Veronika\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Veronika\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\86.0.9.0\GoogleDriveFS.exe [59669792 2024-02-11] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [CCleanerBrowserAutoLaunch_D044A33C65C42DB1B59A1BB59C616934] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3134904 2024-02-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [MicrosoftEdgeAutoLaunch_506F8CB68E93DC616BE746E510433970] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Veronika\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [42164600 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Veronika\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\RunOnce: [Uninstall 19.232.1124.0008\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Veronika\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64" [0 2022-07-08] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\RunOnce: [Uninstall 19.232.1124.0008] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Veronika\AppData\Local\Microsoft\OneDrive\19.232.1124.0008" [0 2022-07-08] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\RunOnce: [SeznamInstall-uninstall:8352b3ec6aab5907bacfaeb1917627b7] => C:\Users\Veronika\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [534528 2022-07-08] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\Run: [MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\Run: [CCleanerBrowserAutoLaunch_3CDF41FB87688E5FC1D0DFF54D877FE1] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3134904 2024-02-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\86.0.9.0\GoogleDriveFS.exe [59669792 2024-02-11] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Uninstall 19.043.0304.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.043.0304.0013" (No File)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\86.0.9.0\GoogleDriveFS.exe [59669792 2024-02-11] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\hpcpp093: C:\Windows\System32\spool\prtprocs\x64\hpcpp093.DLL [300032 2010-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp190: C:\Windows\System32\spool\prtprocs\x64\hpcpp190.dll [651176 2016-11-04] (HP Inc. -> HP Inc.)
HKLM\...\Windows x64\Print Processors\hpcpp270: C:\Windows\System32\spool\prtprocs\x64\hpcpp270.dll [873168 2023-05-30] (HP Inc. -> HP Inc.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppwn7: C:\Windows\System32\spool\prtprocs\x64\hpzppwn7.dll [101376 2009-07-14] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\LXKPTPRC: C:\Windows\System32\spool\prtprocs\x64\LXKPTPRC.DLL [99840 2009-07-14] (Lexmark International Inc.) [File not signed]
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2008-03-03] (Hewlett Packard) [File not signed]
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [127912 2016-11-04] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM190: C:\WINDOWS\system32\hpmlm190.dll [310512 2016-11-04] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM225: C:\WINDOWS\system32\hpmlm225.dll [318160 2023-05-30] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\WINDOWS\system32\hpz3llhn.dll [34816 2008-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PDF Print Monitor BZ101: C:\WINDOWS\system32\bzpdf101.dll [196608 2008-06-09] (STORMWARE) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\121.0.23861.160\Installer\chrmstp.exe [2024-02-14] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\121.0.6167.185\Installer\chrmstp.exe [2024-02-16] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\$RGCBVYN – zástupce.lnk [2012-11-05]
ShortcutTarget: $RGCBVYN – zástupce.lnk -> C:\sw\clipboard_recorder_portable\$RGCBVYN.exe (LW-WORKS Software) [File not signed]
Startup: C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2023-10-20]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2015-07-01]
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan -> EnTech Taiwan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2020-02-25]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare Technology Co.,Ltd -> Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk [2017-12-19]
ShortcutTarget: PhraseExpress.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH -> Bartels Media GmbH)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {366513EB-A3F1-4115-B909-47780227A137} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {3B2CB242-8E01-41EF-B1A5-DAA751A6353D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3EA422DE-C1B7-45EA-B906-A063E2C84C6E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {45CC0FF2-055C-4DA9-B889-239A93C87DE5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {63EEFCE1-2AB4-4607-BACF-402D6F019872} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6FDA50FF-47AB-4248-848F-F11AB7C8E94F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8D7F2F72-3ACC-4E8D-B054-E10E19C7DB3F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93988D4D-32D0-4C24-A881-67FDA83E6469} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE38DABA-627A-4E8F-B385-CF75CECA845F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AF447DEB-0BAC-4111-A635-75BB34F0C0F5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B6B44D9C-0E56-4189-A142-DB5E66CB6ABD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CD459309-4164-4E79-82AF-7C7E0873183E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EA8D1844-D04B-4F74-9443-1A9947230ACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EE816DA6-387E-49F3-8624-3586618C80F8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FC7CC874-1D21-4622-8040-7C3F33833EAD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FD95BF76-9E4E-4123-A5C1-53B238C4A34B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8DBBBB37-F6C0-49A1-8D8C-A8F014ACEF9D} - System32\Tasks\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1} => D:\Setup.exe (No File)
Task: {36800DFD-F228-4BDD-889E-6FBDCA1A2EC3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (No File)
Task: {A2F29343-B3C2-4CB6-A714-843CAB7B3A0E} - System32\Tasks\{679E49C3-82EA-4689-BF84-5EBFC20B1F17} => D:\Setup.exe (No File)
Task: {94D653CE-031A-4EC4-9DB2-ED95E341E35D} - System32\Tasks\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4} => C:\Windows\system32\pcalua.exe [53760 2023-11-19] (Microsoft Windows -> Microsoft Corporation) -> -a D:\Setup.exe -d D:\
Task: {5A498D04-4150-4DB5-8C99-0FA58820929E} - System32\Tasks\{E4941AFC-DD14-462C-A1D7-77331DD70F4B} => D:\Setup.exe (No File)
Task: {CA7ED97D-9C6F-421F-90FF-FF301E5EEA1C} - System32\Tasks\{EB7609EB-79A9-4BAB-BF2E-5E172C7BC9F2} => C:\Windows\system32\pcalua.exe [53760 2023-11-19] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Users\oem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WLH8SAQJ\Evernote_5.2.0.2946.exe" -d C:\Users\oem\Desktop
Task: {A13CF9C9-FCCE-44B5-8C45-CE50FCA69102} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {DD37F4DF-43EA-43A2-B451-48C4831CBBD1} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3134904 2024-02-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {1A6FCD82-8C77-4D45-AF95-497741C3F6A0} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3134904 2024-02-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {36A17099-0E33-4B91-A032-3D8AE080882E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {12E94EED-18E5-4D5A-B823-672F224497B4} - System32\Tasks\CCleanerBrowserProtectS-1-5-21-2864334784-1603053625-3890222848-1000 => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowserProtect.exe [1709664 2024-02-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) <==== ATTENTION
Task: {02FFEBFE-04A6-4129-8CF9-0972A4AC158F} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "bf83c256-b1ed-409b-b265-2819d48a2d11" --version "6.21.10918" --silent
Task: {31E802EA-3100-4839-B077-7BF46F9A1AF2} - System32\Tasks\CCleanerSkipUAC - Petr => C:\Program Files\CCleaner\CCleaner.exe [38778272 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {F769DDCF-7CEC-444F-9B9D-128F67CB4608} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-14] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {810F3542-3E9B-40EB-A7BD-AD5C8AFEDE01} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-14] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {BB5849BA-2F14-4B15-B477-F5EA41609F1E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{A0FC9BB1-195E-415F-B89C-FF1FE5EA9F49} => C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
Task: {ACB46EB4-96F1-4033-8C64-F54E4CD2C8C7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {4C358F93-E81E-4815-AC4F-9635B021E9C1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {C049E931-AAD2-4D96-8773-2AAB7E5AEE68} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {4DAB47DC-27E3-4619-934C-2D27951C2E45} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {F46D13F9-D9FF-4F8B-A477-90A8C9756997} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {132F2982-FE2A-4D65-8DDE-AE4BFD2DF749} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {C63C6A56-982A-4263-9BFE-70BF01352A42} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 (No File)
Task: {751937BF-86C3-4C83-BB40-3A9C81F8BE86} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {08C59951-8CD5-4372-AED6-93B970B7DB44} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {3D01FF46-B79D-42EC-8291-3A71205572E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {99E85D64-C752-4ADD-A882-E55B3E09601B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {44EAA82D-3F5B-48AB-8B69-7E0696ED65D4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {049053D8-AF62-4415-BEB2-9C823901709C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {2C64B32A-5D67-47AE-93AE-1AB76E4B885F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {DCAFEADD-F070-499A-BF27-DCBD1A51A77B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {EA731C16-8D1F-4FAE-8868-18EF280B4F16} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {613ACE8F-D4A5-45A1-820D-F0222F099C6E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {9EA37728-7DB0-4720-9B0A-3627A45435A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {CD4057D5-7C9A-45CD-A78B-E8C0380A58D2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {D3265386-94E3-4D75-82FA-B37C0F76D04C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {FE008B62-188A-4D81-9403-6EF4C4028D13} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {9CD195A8-02CE-485F-AAF1-106054CDA0CC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {979AD175-1F57-4B0B-BD1B-E9A20ED6D785} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {A8E13BB5-DC00-4CCD-B145-8F3E63C531B9} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {C9E51842-9C23-4A18-BCCA-172B1E8A31DF} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {95065416-1849-496B-AA60-3750F6C04B1C} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {0316680B-CE98-4303-8370-F870C83A9EF8} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {C5FD11CA-B388-48F3-A517-C1082B17D55A} - System32\Tasks\Opera scheduled Autoupdate 1648322131 => C:\Users\oem\AppData\Local\Programs\Opera\launcher.exe [2358688 2024-02-12] (Opera Norway AS -> Opera Software)
Task: {CCA25A6B-E3EC-462A-B226-A51C30478547} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {F21E88A7-45D6-45F7-9EE7-BFF2EC976B01} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {71D01C7B-DFB7-4705-8DC5-8FC0B5DBEA74} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {A7C5A736-9391-4A1E-BECF-0454A73BF43B} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [414664 2024-01-11] (Xerox Corporation -> Xerox Corporation)
Task: {4F23ACC7-5E21-4E94-BF55-2F2F3A7789ED} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [414664 2024-01-11] (Xerox Corporation -> Xerox Corporation)
Task: {0251D007-4380-457F-BDAC-FFF724E22D31} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [414664 2024-01-11] (Xerox Corporation -> Xerox Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0d6ba809-e86f-4779-9522-d0af7ab65932}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{5849cbe0-538e-4163-b2aa-206517080857}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5849cbe0-538e-4163-b2aa-206517080857}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-21]
Edge Notifications: Default -> hxxps://www.aliexpress.com; hxxps://www.facebook.com
Edge HomePage: Default -> hxxp://eshop.jezirkabanat.cz/search/search/
Edge Session Restore: Default -> is enabled.
Edge Extension: (OneTab) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2023-10-09]
Edge Extension: (Aliexpress SuperStar česky, Historie cen) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2023-11-08]
Edge Extension: (Tipli do prohlížeče) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dbnfnbehhjknomdbfhcobpgpphnlnikp [2022-06-17]
Edge Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2020-11-09]
Edge Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-22]
Edge Extension: (OneTab) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hoimpamkkoehapgenciaoajfkfkpgfop [2023-10-09]
Edge Extension: (Edge relevant text changes) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (Evernote Web Clipper) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llhcnbijpnechllogkacbcjmkcgjbjfi [2023-11-28]
Edge Extension: (ESET Browser Privacy & Security) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nkapkmklnmidbbgjaipbgpcnbomnaakc [2024-02-15]
Edge Extension: (TabCloud) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2021-12-06]
Edge HKLM-x32\...\Edge\Extension: [nkapkmklnmidbbgjaipbgpcnbomnaakc]
FireFox:
========
FF ProfilePath: C:\Users\oem\AppData\Roaming\Nvu\Profiles\rc2qx344.default [2021-08-13]
FF ProfilePath: C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default [2021-11-19]
FF Homepage: Mozilla\Firefox\Profiles\dqjh2a50.default -> hxxp://www.google.cz/
FF Extension: (No Name) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: (No Name) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default\extensions\sko-extension@firma.seznam.cz [not found]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-11-14] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-10] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google Inc -> Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> R:\SW\FormFiller-Software602\Filler\npfiller.dll [2011-03-15] (Software602 -> Software602 a.s.)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2022-12-14] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2022-12-14] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN) [File not signed]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default [2024-02-21]
CHR Notifications: Default -> hxxps://andro-conseil.com; hxxps://automobile-conseil.fr; hxxps://business.facebook.com; hxxps://calendar.google.com; hxxps://cz.pinterest.com; hxxps://drive.google.com; hxxps://eshop.tescoma.cz; hxxps://gw.lightinthebox.com; hxxps://ibb.co; hxxps://mail.google.com; hxxps://my.timocom.com; hxxps://paleosnadno.cz; hxxps://plumbber.ru; hxxps://smartandroid.fr; hxxps://upcr.cz; hxxps://webmail.forpsi.com; hxxps://www.aliexpress.com; hxxps://www.banggood.com; hxxps://www.facebook.com; hxxps://www.heureka.cz; hxxps://www.hitprace.cz; hxxps://www.idoklad.cz; hxxps://www.instagram.com; hxxps://www.kasafik.cz; hxxps://www.kupi.cz; hxxps://www.letemsvetemapplem.eu; hxxps://www.letgo.cz; hxxps://www.lightinthebox.com; hxxps://www.megaknihy.cz; hxxps://www.mesec.cz; hxxps://www.milujeme-slevy.cz; hxxps://www.monsterinsights.com; hxxps://www.netflix.com; hxxps://www.oranews.tv; hxxps://www.penize.cz; hxxps://www.reddit.com; hxxps://www.rt.com; hxxps://www.sejda.com; hxxps://www.spektrumzdravi.cz; hxxps://www.svetandroida.cz; hxxps://www.trenyrkarna.cz; hxxps://www.vybaven.cz
CHR Session Restore: Default -> is enabled.
CHR Extension: (Aliexpress SuperStar česky, Historie cen) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2023-11-08]
CHR Extension: (Tipli do prohlížeče) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnfnbehhjknomdbfhcobpgpphnlnikp [2022-06-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-19]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-10]
CHR Extension: (TabCloud) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2019-12-10]
CHR Extension: (ESET Browser Privacy & Security) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\oombnmpbbhbakfpfgdflaajkhicgfaam [2024-02-09]
CHR Extension: (Evernote Web Clipper) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2023-11-28]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-02-04]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-02-02]
CHR DownloadDir: C:\Users\oem\Downloads
CHR Notifications: Profile 1 -> hxxps://app.smartsupp.com; hxxps://calendar.google.com; hxxps://coshair.ru; hxxps://cs.animalthai.com; hxxps://cs.erch2014.com; hxxps://cs.joecomp.com; hxxps://cs.omatomeloanhikaku.com; hxxps://cz.gearbest.com; hxxps://cz.sputniknews.com; hxxps://finmag.penize.cz; hxxps://fr.aliexpress.com; hxxps://ibb.co; hxxps://marek44.oncollabim.com; hxxps://meet.google.com; hxxps://pt.aliexpress.com; hxxps://twitter.com; hxxps://web.telegram.org; hxxps://wp.aliexpress.com; hxxps://www.agatinsvet.cz; hxxps://www.alibaba.com; hxxps://www.b2bpartner.cz; hxxps://www.banggood.com; hxxps://www.collabim.cz; hxxps://www.dailymail.co.uk; hxxps://www.dobre-knihy.cz; hxxps://www.evernote.com; hxxps://www.facebook.com; hxxps://www.gearbest.com; hxxps://www.hudy.cz; hxxps://www.inizio.cz; hxxps://www.instagram.com; hxxps://www.kupi.cz; hxxps://www.lightinthebox.com; hxxps://www.mall.tv; hxxps://www.megaknihy.cz; hxxps://www.nej-ceny.cz; hxxps://www.netflix.com; hxxps://www.penize.cz; hxxps://www.rt.com; hxxps://www.tipsport.cz; hxxps://www.ubuy.cz; hxxps://www.viry.cz; hxxps://www.wish.com; hxxps://www.youtube.com
CHR DefaultSearchURL: Profile 1 -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> duckduckgo.com
CHR DefaultSuggestURL: Profile 1 -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Session Restore: Profile 1 -> is enabled.
CHR Extension: (DuckDuckGo) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-02-02]
CHR Extension: (YouTube) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-11-12]
CHR Extension: (Pushbullet) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2023-07-26]
CHR Extension: (OneTab) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2024-02-02]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2020-01-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-26]
CHR Extension: (Weby Google) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmandedkgonhldbnjpikffdnneenijnd [2020-04-12]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2024-02-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Evernote Web Clipper) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2024-02-02]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2 [2024-02-02]
CHR Extension: (YouTube) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-01-19]
CHR Extension: (Adobe Acrobat: nástroje pro úpravu, převod a podpis souborů PDF) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-07-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-26]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2024-02-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-09]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3 [2023-07-26]
CHR Extension: (Prezentace) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-05]
CHR Extension: (Dokumenty) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-05]
CHR Extension: (Disk Google) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-03-13]
CHR Extension: (YouTube) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-05]
CHR Extension: (Adobe Acrobat: nástroje pro úpravu, převod a podpis souborů PDF) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-07-26]
CHR Extension: (Tabulky) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-26]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-07-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-13]
CHR Extension: (Gmail) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-03-13]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 4 [2023-07-26]
CHR Extension: (Adobe Acrobat: nástroje pro úpravu, převod a podpis souborů PDF) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-07-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-26]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-07-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-07-26]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\System Profile [2024-02-02]
CHR HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [oombnmpbbhbakfpfgdflaajkhicgfaam]
Opera:
=======
OPR DefaultProfile: Default
StartMenuInternet: (HKU\S-1-5-21-2864334784-1603053625-3890222848-1000) OperaStable - "C:\Users\oem\AppData\Local\Programs\Opera\Launcher.exe"
==================== Services (Whitelisted) ===================
===================== Drivers (Whitelisted) ===================
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-02-21 11:03 - 2024-02-21 11:03 - 002386944 _____ (Farbar) C:\Users\oem\Downloads\FRST64.exe
2024-02-21 10:21 - 2024-02-21 10:21 - 000004284 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon
2024-02-21 10:21 - 2024-02-21 10:21 - 000004154 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed
2024-02-21 10:21 - 2024-02-21 10:21 - 000004064 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh
2024-02-21 10:21 - 2024-02-21 10:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox
2024-02-21 10:21 - 2024-02-21 10:21 - 000000000 ____D C:\Program Files\Xerox
2024-02-19 11:25 - 2024-02-19 11:25 - 000086592 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240219T112504.pdf
2024-02-19 11:21 - 2024-02-19 11:21 - 000000767 _____ C:\Users\oem\Downloads\export_dpd_2024-02-19_112129.csv
2024-02-15 18:46 - 2024-02-15 18:46 - 000069702 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240215T184657.pdf
2024-02-15 18:45 - 2024-02-15 18:45 - 000000566 _____ C:\Users\oem\Downloads\export_dpd_2024-02-15_184515.csv
2024-02-15 13:24 - 2024-02-15 13:24 - 000012730 _____ C:\Users\oem\Downloads\priloha_1315961384_0_Textová zpráva.PDF
2024-02-15 13:15 - 2024-02-15 13:15 - 000245538 _____ C:\Users\oem\Downloads\Soubor00001 (1).pdf
2024-02-15 13:14 - 2024-02-15 13:14 - 000183005 _____ C:\Users\oem\Downloads\Soubor00004.pdf
2024-02-14 13:17 - 2024-02-14 13:17 - 000019697 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-14 13:16 - 2024-02-14 13:16 - 000019697 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-14 13:04 - 2024-02-14 13:05 - 000070203 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240214T130500.pdf
2024-02-14 13:04 - 2024-02-14 13:04 - 000000000 ___HD C:\$WinREAgent
2024-02-14 12:13 - 2024-02-14 12:13 - 000000567 _____ C:\Users\oem\Downloads\export_dpd_2024-02-14_121320.csv
2024-02-12 20:17 - 2024-02-12 20:18 - 269517241 _____ C:\Users\oem\Downloads\Kopie souboru Záznam 25.wav
2024-02-12 19:56 - 2024-02-12 19:56 - 000013951 _____ C:\Users\oem\Downloads\priloha_1314286700_0_Textová zpráva.PDF
2024-02-12 19:35 - 2024-02-12 19:35 - 000114180 _____ C:\Users\oem\Downloads\Email z PPP CK - Zpráva z foniatrie (Michael a Pavla Markovi).pdf
2024-02-12 10:37 - 2024-02-12 10:37 - 000102038 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240212T103718.pdf
2024-02-12 10:34 - 2024-02-12 10:34 - 000000944 _____ C:\Users\oem\Downloads\export_dpd_2024-02-12_103441.csv
2024-02-12 10:27 - 2024-02-12 10:27 - 000121540 _____ C:\Users\oem\Downloads\Faktura 202401011.pdf
2024-02-11 12:59 - 2023-05-30 09:17 - 000873168 _____ (HP Inc.) C:\WINDOWS\system32\spool\prtprocs\x64\hpcpp270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000596688 _____ (HP Inc.) C:\WINDOWS\system32\hpcpn270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000558800 _____ (HP Inc.) C:\WINDOWS\SysWOW64\hpcc3270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000318160 _____ (HP Inc.) C:\WINDOWS\system32\hpmlm225.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000267472 _____ (HP Inc.) C:\WINDOWS\system32\hpmml270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000244432 _____ (HP Inc.) C:\WINDOWS\system32\hpmja270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000232144 _____ (HP Inc.) C:\WINDOWS\system32\hpmpm082.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000206544 _____ (HP Inc.) C:\WINDOWS\system32\hpmtp270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000180944 _____ (HP Inc.) C:\WINDOWS\system32\hpcjpm.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000130256 _____ (HP Inc.) C:\WINDOWS\system32\hpmpw082.dll
2024-02-11 12:59 - 2020-09-23 15:49 - 003249008 _____ (The OpenSSL Project, hxxps://www.openssl.org/) C:\WINDOWS\system32\libcrypto-1_1-x64.dll
2024-02-11 12:59 - 2020-09-23 15:49 - 000929648 _____ (The OpenSSL Project, hxxps://www.openssl.org/) C:\WINDOWS\system32\libssl-1_1-x64.dll
2024-02-11 12:57 - 2024-02-11 12:57 - 023182800 _____ C:\Users\oem\Downloads\upd-pcl6-x64-7.1.0.25570.exe
2024-02-09 13:01 - 2024-02-09 13:01 - 000026935 _____ C:\Users\oem\Downloads\Google disk-----4801440322449719-17.pdf
2024-02-09 12:55 - 2024-02-09 12:55 - 000001950 _____ C:\Users\oem\Downloads\mBank - 1-2024 - 03991456_240101_240131.gpc
2024-02-09 12:54 - 2024-02-09 12:54 - 000095152 _____ C:\Users\oem\Downloads\mBank - 1-2024 - 03991456_240101_240131.pdf
2024-02-09 12:52 - 2024-02-09 12:52 - 000086364 _____ C:\Users\oem\Downloads\FIO-běžný účet - 1-2024 - Vypis_z_uctu-2400073267_20240101-20240131_cislo-1.pdf
2024-02-09 12:52 - 2024-02-09 12:52 - 000005200 _____ C:\Users\oem\Downloads\FIO-běžný účet - 1-2024 - Vypis_z_uctu-2400073267_20240101-20240131_cislo-1.gpc
2024-02-09 12:50 - 2024-02-09 12:50 - 000027302 _____ C:\Users\oem\Downloads\money_export_faktura-sosjezirka-1-2024.xml
2024-02-09 12:49 - 2024-02-09 12:49 - 000155753 _____ C:\Users\oem\Downloads\FV-1-2024-sosjezirka.pdf
2024-02-09 12:45 - 2024-02-09 12:45 - 000027513 _____ C:\Users\oem\Downloads\money_export_faktura-ikvido-1-2024.xml
2024-02-09 12:44 - 2024-02-09 12:44 - 000156606 _____ C:\Users\oem\Downloads\FV-1-2024-ikvido.pdf
2024-02-09 12:37 - 2024-02-09 12:37 - 002734021 _____ C:\Users\oem\Desktop\Predsmluvni-informace.pdf
2024-02-08 15:38 - 2024-02-08 15:38 - 000071842 _____ C:\Users\oem\Downloads\Faktura_FV20_08657.pdf
2024-02-08 14:00 - 2024-02-08 14:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2024-02-08 13:53 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\com.adobe.dunamis
2024-02-08 13:53 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Adobe
2024-02-08 13:53 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\SolidDocuments
2024-02-08 13:53 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\.ms-ad
2024-02-08 13:50 - 2024-02-08 13:50 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Opera
2024-02-08 13:50 - 2024-02-08 13:50 - 000000000 ____D C:\Users\Administrator\AppData\Local\Opera
2024-02-08 13:45 - 2024-02-08 13:45 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2864334784-1603053625-3890222848-500
2024-02-08 13:44 - 2024-02-08 20:35 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\PhraseExpress
2024-02-08 13:44 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2024-02-08 13:44 - 2024-02-08 13:45 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2864334784-1603053625-3890222848-500
2024-02-08 13:44 - 2024-02-08 13:44 - 000085525 _____ C:\WINDOWS\system32\NOTICE_mod
2024-02-08 13:44 - 2024-02-08 13:44 - 000001319 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\phraseexpress.lnk
2024-02-08 13:44 - 2024-02-08 13:44 - 000000000 ___RD C:\Users\Administrator\OneDrive
2024-02-08 13:44 - 2024-02-08 13:44 - 000000000 ____D C:\Users\Administrator\Documents\PhraseExpress
2024-02-08 13:44 - 2024-02-08 13:44 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Wondershare
2024-02-08 13:44 - 2024-02-08 13:44 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Logitech
2024-02-08 13:44 - 2024-02-08 13:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2024-02-08 13:41 - 2024-02-08 13:41 - 000002366 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2024-02-08 13:41 - 2024-02-08 13:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2024-02-08 13:40 - 2024-02-11 11:24 - 000002042 _____ C:\Users\Administrator\Desktop\Google Slides.lnk
2024-02-08 13:40 - 2024-02-11 11:24 - 000002042 _____ C:\Users\Administrator\Desktop\Google Sheets.lnk
2024-02-08 13:40 - 2024-02-11 11:24 - 000002030 _____ C:\Users\Administrator\Desktop\Google Docs.lnk
2024-02-08 13:40 - 2024-02-08 14:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2024-02-08 13:40 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2024-02-08 13:40 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator
2024-02-08 13:40 - 2024-02-08 13:45 - 000002421 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-08 13:40 - 2024-02-08 13:41 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows
2024-02-08 13:40 - 2024-02-08 13:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2024-02-08 13:40 - 2024-02-08 13:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2024-02-08 13:40 - 2024-02-08 13:40 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Šablony
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Soubory cookie
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Poslední
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Okolní tiskárny
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Okolní síť
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Nabídka Start
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Dokumenty
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Documents\Obrázky
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Documents\Hudba
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Documents\Filmy
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Data aplikací
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\AppData\Local\Data aplikací
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Protect
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ___RD C:\Users\Administrator\3D Objects
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Vault
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\ESET
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\CCleaner Browser
2024-02-08 13:40 - 2021-11-11 15:00 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Network
2024-02-08 13:40 - 2016-09-22 09:14 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2024-02-08 13:40 - 2016-09-22 09:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2024-02-08 12:32 - 2024-02-08 12:32 - 000102273 _____ C:\Users\oem\Downloads\priloha_1312461549_0_Informace_pro_poplatniky.pdf
2024-02-06 17:26 - 2024-02-06 17:26 - 000070391 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240206T172638.pdf
2024-02-06 17:25 - 2024-02-06 17:25 - 000000589 _____ C:\Users\oem\Downloads\export_dpd_2024-02-06_172526.csv
2024-02-05 23:43 - 2024-02-05 23:44 - 000081353 _____ C:\Users\oem\Downloads\opravená ŽÁDOST O NAHLÉDNUTÍ DO SPISU.pdf
2024-02-05 19:37 - 2024-02-05 19:37 - 000263766 _____ C:\Users\oem\Downloads\priloha_1310586625_0_vyjadreni_k_nahlizeni_do_spis._dokumentace-Markovi (1).pdf
2024-02-05 19:35 - 2024-02-12 19:25 - 000000000 ____D C:\Users\oem\Documents\OSPOD
2024-02-05 19:31 - 2024-02-05 19:32 - 000263766 _____ C:\Users\oem\Downloads\priloha_1310586625_0_vyjadreni_k_nahlizeni_do_spis._dokumentace-Markovi.pdf
2024-02-04 14:30 - 2024-02-04 14:30 - 043095192 _____ (Telegram FZ-LLC ) C:\Users\oem\Downloads\tsetup-x64.4.14.13.exe
2024-02-04 10:37 - 2024-02-04 10:37 - 000003790 _____ C:\WINDOWS\system32\Tasks\CCleanerBrowserProtectS-1-5-21-2864334784-1603053625-3890222848-1000
2024-01-31 13:10 - 2024-01-31 13:10 - 000000000 ____D C:\Users\oem\AppData\Local\WhatsApp
2024-01-30 23:58 - 2024-01-30 23:58 - 000078035 _____ C:\Users\oem\Downloads\ŽÁDOST O NAHLÉDNUTÍ DO SPISU.pdf
2024-01-30 23:28 - 2024-01-30 23:28 - 000067556 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240130T232832.pdf
2024-01-30 23:27 - 2024-01-30 23:27 - 000000559 _____ C:\Users\oem\Downloads\export_dpd_2024-01-30_232737.csv
2024-01-30 14:28 - 2024-01-30 14:28 - 000027300 _____ C:\Users\oem\Downloads\Maloobchodní ceník dmychadel SECOH 2024.xlsx
2024-01-30 14:21 - 2024-01-30 23:22 - 000030738 _____ C:\Users\oem\Downloads\Ceník SECOH 2024 skupina E.xlsx
2024-01-30 14:16 - 2024-01-30 14:16 - 000159159 _____ C:\Users\oem\Downloads\Maloobchodní ceník dmychadel SECOH 2024.pdf
2024-01-30 14:16 - 2024-01-30 14:16 - 000158462 _____ C:\Users\oem\Downloads\Ceník SECOH 2024 skupina E.pdf
2024-01-30 13:52 - 2024-01-30 13:52 - 000486296 _____ C:\Users\oem\Downloads\Rezervacni-smlouva.doc.pdf
2024-01-30 13:48 - 2024-01-30 13:48 - 000222796 _____ C:\Users\oem\Downloads\Kupni-smlouva.doc.pdf
2024-01-29 19:31 - 2024-01-29 19:31 - 000085340 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240129T193115.pdf
2024-01-29 19:24 - 2024-01-29 19:24 - 000115773 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240129T192431.pdf
2024-01-29 19:19 - 2024-01-29 19:19 - 000000570 _____ C:\Users\oem\Downloads\export_dpd_2024-01-29_191958.csv
2024-01-29 18:58 - 2024-01-29 18:58 - 000000566 _____ C:\Users\oem\Downloads\export_dpd_2024-01-29_185813.csv
2024-01-25 19:13 - 2024-01-25 19:13 - 000071505 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240125T191335.pdf
2024-01-25 19:12 - 2024-01-25 19:12 - 000000569 _____ C:\Users\oem\Downloads\export_dpd_2024-01-25_191218.csv
2024-01-24 12:19 - 2024-01-24 12:19 - 000049567 _____ C:\Users\oem\Downloads\Pohyb_26230290730_na_uctu_2400073267.pdf
2024-01-22 16:05 - 2024-01-22 16:05 - 000037171 _____ C:\Users\oem\Downloads\priloha_1303468260_1_3_6384_1973_1083304.pdf
2024-01-22 16:05 - 2024-01-22 16:05 - 000035673 _____ C:\Users\oem\Downloads\priloha_1303468260_2_2_6381_1936_3340553.pdf
2024-01-22 16:04 - 2024-01-22 16:04 - 000130701 _____ C:\Users\oem\Downloads\priloha_1303468260_0_1_6320_1935_1132343.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-02-21 11:06 - 2016-09-30 06:15 - 000000000 ____D C:\FRST
2024-02-21 11:01 - 2013-10-14 18:24 - 000000000 ____D C:\Users\oem\Desktop\Antispyware
2024-02-21 10:52 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-21 10:27 - 2022-07-07 08:22 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-21 10:26 - 2021-11-11 15:06 - 001875876 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-21 10:26 - 2019-12-07 15:41 - 000781844 _____ C:\WINDOWS\system32\perfh005.dat
2024-02-21 10:26 - 2019-12-07 15:41 - 000172578 _____ C:\WINDOWS\system32\perfc005.dat
2024-02-21 10:26 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-02-21 10:26 - 2017-01-03 22:36 - 000000000 ____D C:\Users\oem\AppData\LocalLow\Mozilla
2024-02-21 10:20 - 2017-09-19 10:10 - 000000000 ____D C:\Program Files\CCleaner
2024-02-21 10:20 - 2012-12-23 11:50 - 000000000 ____D C:\Users\oem\AppData\Roaming\MyPhoneExplorer
2024-02-21 10:19 - 2021-11-11 15:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-21 10:19 - 2020-02-29 10:34 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2024-02-21 10:19 - 2013-11-12 21:18 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2024-02-20 16:04 - 2019-12-07 10:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2024-02-20 15:58 - 2021-11-11 14:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-20 14:28 - 2012-11-05 15:19 - 000000000 ____D C:\Users\oem\Documents\PhraseExpress
2024-02-20 13:56 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-19 11:21 - 2012-11-02 10:03 - 000000000 ____D C:\Users\oem\AppData\Roaming\Microsoft\Excel
2024-02-18 14:29 - 2022-01-28 08:21 - 000000000 ____D C:\Users\oem\AppData\Roaming\Evernote
2024-02-18 10:35 - 2021-12-13 10:34 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2864334784-1603053625-3890222848-1000
2024-02-18 10:35 - 2021-11-11 15:11 - 000003360 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2864334784-1603053625-3890222848-1000
2024-02-18 10:35 - 2021-11-11 14:56 - 000002411 _____ C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-18 10:34 - 2021-11-11 15:11 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-18 10:33 - 2022-10-12 11:22 - 000002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-02-18 10:33 - 2022-10-12 11:22 - 000002095 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-02-18 10:31 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-17 10:32 - 2020-11-09 15:05 - 000002470 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-17 10:32 - 2020-11-09 15:05 - 000002308 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-02-16 10:31 - 2021-12-17 13:43 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-16 10:31 - 2012-10-31 12:27 - 000002335 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-15 20:42 - 2022-02-16 11:43 - 000000000 ____D C:\Users\oem\AppData\Roaming\Telegram Desktop
2024-02-15 19:10 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-15 19:00 - 2012-11-01 18:40 - 000000000 ____D C:\Users\oem\AppData\Roaming\Microsoft\Word
2024-02-15 18:37 - 2022-09-21 08:43 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-02-15 13:18 - 2022-09-21 08:43 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-02-15 13:18 - 2021-11-16 07:10 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-02-15 13:08 - 2022-03-26 20:15 - 000004142 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1648322131
2024-02-15 13:08 - 2022-03-26 20:15 - 000001439 _____ C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2024-02-15 13:01 - 2021-11-11 14:55 - 000462048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-15 00:32 - 2022-04-28 09:38 - 000000000 ____D C:\Users\oem\AppData\Roaming\DPD-electron
2024-02-14 13:16 - 2021-11-11 14:55 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-14 12:51 - 2021-11-16 07:10 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2024-02-14 12:48 - 2013-08-15 09:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-14 12:39 - 2012-11-03 14:40 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-14 12:13 - 2021-11-16 07:11 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2024-02-14 12:13 - 2021-11-16 07:11 - 000002386 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
2024-02-13 15:09 - 2023-03-07 12:54 - 000001615 _____ C:\Users\oem\Desktop\Bečka CENÍK VO 2024 – zástupce.lnk
2024-02-12 11:07 - 2015-11-18 11:21 - 000007994 _____ C:\WINDOWS\BRRBCOM.INI
2024-02-11 12:57 - 2016-11-04 12:28 - 000000000 ____D C:\HP Universal Print Driver
2024-02-11 11:24 - 2022-08-26 17:53 - 000002042 _____ C:\Users\defaultuser100000\Desktop\Google Slides.lnk
2024-02-11 11:24 - 2022-08-26 17:53 - 000002042 _____ C:\Users\defaultuser100000\Desktop\Google Sheets.lnk
2024-02-11 11:24 - 2022-08-26 17:53 - 000002030 _____ C:\Users\defaultuser100000\Desktop\Google Docs.lnk
2024-02-11 11:24 - 2022-01-27 08:05 - 000002042 _____ C:\Users\42060\Desktop\Google Slides.lnk
2024-02-11 11:24 - 2022-01-27 08:05 - 000002042 _____ C:\Users\42060\Desktop\Google Sheets.lnk
2024-02-11 11:24 - 2022-01-27 08:05 - 000002030 _____ C:\Users\42060\Desktop\Google Docs.lnk
2024-02-11 11:24 - 2021-09-23 19:49 - 000002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-02-11 11:24 - 2021-09-23 19:49 - 000002042 _____ C:\Users\Default\Desktop\Google Slides.lnk
2024-02-11 11:24 - 2021-09-23 19:49 - 000002042 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2024-02-11 11:24 - 2021-09-23 19:49 - 000002030 _____ C:\Users\Default\Desktop\Google Docs.lnk
2024-02-08 13:57 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-02-08 13:41 - 2016-05-20 10:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-02-04 14:31 - 2022-02-16 11:43 - 000001062 _____ C:\Users\oem\Desktop\Telegram.lnk
2024-02-04 14:31 - 2022-02-16 11:43 - 000000000 ____D C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2024-02-02 10:31 - 2021-11-11 15:11 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-02 10:31 - 2021-11-11 15:11 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-01-31 13:13 - 2019-10-01 07:19 - 000000000 ____D C:\Users\oem\AppData\Roaming\WhatsApp
2024-01-31 13:10 - 2024-01-08 20:22 - 000002251 _____ C:\Users\oem\Desktop\WhatsApp (Outdated).lnk
2024-01-31 13:10 - 2019-10-01 07:19 - 000000000 ____D C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2024-01-31 13:10 - 2019-10-01 07:19 - 000000000 ____D C:\Users\oem\AppData\Local\SquirrelTemp
2024-01-25 18:51 - 2012-11-01 21:22 - 000000000 ____D C:\Users\oem\AppData\Local\CrashDumps
2024-01-23 17:56 - 2024-01-10 10:59 - 000012201 _____ C:\Users\oem\Documents\Verča - vyúčtování zaplacených věcí.xlsx
==================== Files in the root of some directories ========
2015-03-05 13:03 - 2015-03-05 13:47 - 000000288 _____ () C:\Users\oem\AppData\Roaming\MSyu.dat
2015-03-05 13:03 - 2015-03-05 13:47 - 000000288 _____ () C:\Users\oem\AppData\Roaming\PDF2XL-6-0.TrialData
2012-12-18 11:02 - 2016-03-04 10:52 - 000000058 _____ () C:\Users\oem\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2024-01-10 13:09 - 2024-01-10 13:09 - 000001321 _____ () C:\Users\oem\AppData\Local\recently-used.xbel
2012-11-01 22:01 - 2012-11-01 22:01 - 000007605 _____ () C:\Users\oem\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu FRST, podezření na Keylogger
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu FRST, podezření na Keylogger
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu FRST, podezření na Keylogger
# -------------------------------
# Malwarebytes AdwCleaner 8.4.1.0
# -------------------------------
# Build: 01-29-2024
# Database: 2024-01-29.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-22-2024
# Duration: 00:00:02
# OS: Windows 10 (Build 19045.4046)
# Cleaned: 16
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Deleted C:\ProgramData\ytd video downloader
Deleted C:\Users\Veronika\AppData\Roaming\Seznam.cz
Deleted C:\Users\oem\AppData\Roaming\Seznam.cz
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKCU\Software\Seznam.cz
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80ED3EBC-CC05-4336-ABCC-295798855718}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Deleted HKLM\Software\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
***** [ Chromium (and derivatives) ] *****
Deleted Seznam doplněk - Email - bgjpfhpjcgdppjbgnpnjllokbmcdllig
Deleted Seznam doplněk - Esko - olfeabkoenfaoljndfecamgilllcpiak
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.SamsungSmartSwitch Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG\SMART SWITCH PC
Deleted Preinstalled.SamsungSmartSwitch Folder C:\Users\oem\AppData\Roaming\SAMSUNG\SMART SWITCH PC
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2886 octets] - [22/02/2024 18:44:13]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# Malwarebytes AdwCleaner 8.4.1.0
# -------------------------------
# Build: 01-29-2024
# Database: 2024-01-29.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-22-2024
# Duration: 00:00:02
# OS: Windows 10 (Build 19045.4046)
# Cleaned: 16
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Deleted C:\ProgramData\ytd video downloader
Deleted C:\Users\Veronika\AppData\Roaming\Seznam.cz
Deleted C:\Users\oem\AppData\Roaming\Seznam.cz
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKCU\Software\Seznam.cz
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80ED3EBC-CC05-4336-ABCC-295798855718}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Deleted HKLM\Software\Wow6432Node\{DAF8B7E5-449D-4180-8281-10E536E597F2}
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp
***** [ Chromium (and derivatives) ] *****
Deleted Seznam doplněk - Email - bgjpfhpjcgdppjbgnpnjllokbmcdllig
Deleted Seznam doplněk - Esko - olfeabkoenfaoljndfecamgilllcpiak
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.SamsungSmartSwitch Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG\SMART SWITCH PC
Deleted Preinstalled.SamsungSmartSwitch Folder C:\Users\oem\AppData\Roaming\SAMSUNG\SMART SWITCH PC
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2886 octets] - [22/02/2024 18:44:13]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu FRST, podezření na Keylogger
OK. Dejte nové logy FRST9+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu FRST, podezření na Keylogger
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.02.2024 02
Ran by Petr (administrator) on OEM-PC (22-02-2024 20:03:57)
Running from C:\Users\oem\Desktop\Antispyware\FRST\FRST64.exe
Loaded Profiles: Petr & DefaultAppPool
Platform: Microsoft Windows 10 Home Version 22H2 19045.4046 (X64) Language: Čeština (Česko)
Default browser: Opera
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ABBYY SOLUTIONS LIMITED -> ABBYY.) C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(C:\Program Files (x86)\Mobo\Service\MoboDeviceService.exe ->) (BoYuan(Hong Kong) Wireless Websoft Technology Limited -> Mobo) C:\Program Files (x86)\Mobo\Service\MoboDeviceProxy.exe
(C:\Program Files\ESET\ESET Smart Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Smart Security\eguiProxy.exe
(C:\Program Files\ESET\ESET Smart Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Smart Security\eOppFrame.exe
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(C:\Users\oem\AppData\Local\Programs\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\oem\AppData\Local\Programs\Opera\107.0.5045.21\opera_crashreporter.exe
(explorer.exe ->) (Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe
(explorer.exe ->) (Ashampoo GmbH & Co. KG -> Ashampoo Media GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe
(explorer.exe ->) (Bartels Media GmbH -> Bartels Media GmbH) C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
(explorer.exe ->) (EnTech Taiwan -> EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
(explorer.exe ->) (Franz Josef Wechselberger -> F.J. Wechselberger) C:\Program Files (x86)\MyPhoneExplorer-1-8-5\MyPhoneExplorer.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <38>
(explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(explorer.exe ->) (Logitech -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(explorer.exe ->) (LW-WORKS Software) [File not signed] C:\sw\clipboard_recorder_portable\$RGCBVYN.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe <3>
(explorer.exe ->) (Samsung Electronics CO., LTD. -> Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(explorer.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Opera Norway AS -> Opera Software) C:\Users\oem\AppData\Local\Programs\Opera\opera.exe <24>
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(services.exe ->) (ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(services.exe ->) (Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(services.exe ->) (Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (BoYuan(Hong Kong) Wireless Websoft Technology Limited -> Mobo, Inc.) C:\Program Files (x86)\Mobo\Service\MoboDeviceService.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Smart Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(services.exe ->) (Geek Software GmbH -> Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(services.exe ->) (Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Software602 -> Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(services.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(services.exe ->) (Xerox Corporation -> Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe
(Software602 -> Software602) C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2311.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Windows.Media.BackgroundPlayback.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Služba Acronis Scheduler2] => C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe [358832 2011-02-03] (Acronis, Inc -> Acronis)
HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmdS.exe [196264 2024-01-24] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5119600 2012-05-11] (VIA Technologies Inc. -> VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5133968 2011-02-03] (Acronis, Inc -> )
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Print2PDF Print Monitor] => C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe [222776 2011-04-12] (Software602 -> Software602)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [925960 2011-08-18] (ABBYY SOLUTIONS LIMITED -> ABBYY.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [STCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [771968 2011-08-29] (Splashtop Inc. -> Splashtop Inc.)
HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc. -> Splashtop Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [483976 2020-09-07] (Geek Software GmbH -> Geek Software GmbH)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe [3860304 2013-10-29] (Ashampoo GmbH & Co. KG -> Ashampoo Media GmbH & Co. KG)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [MyPhoneExplorer] => C:\Program Files (x86)\MyPhoneExplorer-1-8-5\MyPhoneExplorer.exe [5945504 2019-06-17] (Franz Josef Wechselberger -> F.J. Wechselberger)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45018016 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [DPDApp] => C:\Users\oem\AppData\Local\Programs\DPD-electron\DPDApp.exe [111036928 2023-05-30] (DPDGroup) [File not signed]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [MicrosoftEdgeAutoLaunch_C3C43DE3D7532B85F72FDD7AC8AEB537] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\MountPoints2: {a144871f-59a1-11e8-a65d-806e6f6e6963} - "H:\Windows Utilities\Installer64\Install.exe"
HKU\S-1-5-21-2864334784-1603053625-3890222848-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45018016 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1003\...\Run: [MicrosoftEdgeAutoLaunch_F19A02299990B1ACC5CF1F78FEF0F08C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1003\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\Run: [CCleanerBrowserAutoLaunch_05192599E3C059BF391BBC4A7D0D69CA] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3134904 2024-02-16] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\Run: [MicrosoftEdgeAutoLaunch_3B84CBD7EA3C00F28296F546D5781130] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 19.043.0304.0013\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64" [0 2022-01-27] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 19.043.0304.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\19.043.0304.0013" [0 2022-01-27] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" [0 2022-01-28] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" [0 2022-01-28] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [cz.seznam.software.szndesktop] => "C:\Users\Veronika\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [cz.seznam.software.autoupdate] => "C:\Users\Veronika\AppData\Roaming\Seznam.cz\szninstall.exe" -c (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [CCleanerBrowserAutoLaunch_D044A33C65C42DB1B59A1BB59C616934] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3134904 2024-02-16] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [MicrosoftEdgeAutoLaunch_506F8CB68E93DC616BE746E510433970] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Veronika\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [42164600 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Veronika\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\RunOnce: [Uninstall 19.232.1124.0008\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Veronika\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64" [0 2022-07-08] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\RunOnce: [Uninstall 19.232.1124.0008] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Veronika\AppData\Local\Microsoft\OneDrive\19.232.1124.0008" [0 2022-07-08] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\RunOnce: [SeznamInstall-uninstall:8352b3ec6aab5907bacfaeb1917627b7] => C:\Users\Veronika\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [534528 2022-07-08] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\Run: [MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\Run: [CCleanerBrowserAutoLaunch_3CDF41FB87688E5FC1D0DFF54D877FE1] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3134904 2024-02-16] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Uninstall 19.043.0304.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.043.0304.0013" (No File)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\hpcpp093: C:\Windows\System32\spool\prtprocs\x64\hpcpp093.DLL [300032 2010-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp190: C:\Windows\System32\spool\prtprocs\x64\hpcpp190.dll [651176 2016-11-04] (HP Inc. -> HP Inc.)
HKLM\...\Windows x64\Print Processors\hpcpp270: C:\Windows\System32\spool\prtprocs\x64\hpcpp270.dll [873168 2023-05-30] (HP Inc. -> HP Inc.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppwn7: C:\Windows\System32\spool\prtprocs\x64\hpzppwn7.dll [101376 2009-07-14] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\LXKPTPRC: C:\Windows\System32\spool\prtprocs\x64\LXKPTPRC.DLL [99840 2009-07-14] (Lexmark International Inc.) [File not signed]
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2008-03-03] (Hewlett Packard) [File not signed]
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [127912 2016-11-04] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM190: C:\WINDOWS\system32\hpmlm190.dll [310512 2016-11-04] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM225: C:\WINDOWS\system32\hpmlm225.dll [318160 2023-05-30] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\WINDOWS\system32\hpz3llhn.dll [34816 2008-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PDF Print Monitor BZ101: C:\WINDOWS\system32\bzpdf101.dll [196608 2008-06-09] (STORMWARE) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\121.0.23992.186\Installer\chrmstp.exe [2024-02-22] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\121.0.6167.185\Installer\chrmstp.exe [2024-02-16] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\$RGCBVYN – zástupce.lnk [2012-11-05]
ShortcutTarget: $RGCBVYN – zástupce.lnk -> C:\sw\clipboard_recorder_portable\$RGCBVYN.exe (LW-WORKS Software) [File not signed]
Startup: C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2023-10-20]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2015-07-01]
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan -> EnTech Taiwan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2020-02-25]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare Technology Co.,Ltd -> Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk [2017-12-19]
ShortcutTarget: PhraseExpress.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH -> Bartels Media GmbH)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {366513EB-A3F1-4115-B909-47780227A137} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {3B2CB242-8E01-41EF-B1A5-DAA751A6353D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3EA422DE-C1B7-45EA-B906-A063E2C84C6E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {45CC0FF2-055C-4DA9-B889-239A93C87DE5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {63EEFCE1-2AB4-4607-BACF-402D6F019872} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6FDA50FF-47AB-4248-848F-F11AB7C8E94F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8D7F2F72-3ACC-4E8D-B054-E10E19C7DB3F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93988D4D-32D0-4C24-A881-67FDA83E6469} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE38DABA-627A-4E8F-B385-CF75CECA845F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AF447DEB-0BAC-4111-A635-75BB34F0C0F5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B6B44D9C-0E56-4189-A142-DB5E66CB6ABD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CD459309-4164-4E79-82AF-7C7E0873183E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EA8D1844-D04B-4F74-9443-1A9947230ACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EE816DA6-387E-49F3-8624-3586618C80F8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FC7CC874-1D21-4622-8040-7C3F33833EAD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FD95BF76-9E4E-4123-A5C1-53B238C4A34B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8DBBBB37-F6C0-49A1-8D8C-A8F014ACEF9D} - System32\Tasks\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1} => D:\Setup.exe (No File)
Task: {36800DFD-F228-4BDD-889E-6FBDCA1A2EC3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (No File)
Task: {A2F29343-B3C2-4CB6-A714-843CAB7B3A0E} - System32\Tasks\{679E49C3-82EA-4689-BF84-5EBFC20B1F17} => D:\Setup.exe (No File)
Task: {94D653CE-031A-4EC4-9DB2-ED95E341E35D} - System32\Tasks\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4} => C:\Windows\system32\pcalua.exe [53760 2023-11-19] (Microsoft Windows -> Microsoft Corporation) -> -a D:\Setup.exe -d D:\
Task: {5A498D04-4150-4DB5-8C99-0FA58820929E} - System32\Tasks\{E4941AFC-DD14-462C-A1D7-77331DD70F4B} => D:\Setup.exe (No File)
Task: {CA7ED97D-9C6F-421F-90FF-FF301E5EEA1C} - System32\Tasks\{EB7609EB-79A9-4BAB-BF2E-5E172C7BC9F2} => C:\Windows\system32\pcalua.exe [53760 2023-11-19] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Users\oem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WLH8SAQJ\Evernote_5.2.0.2946.exe" -d C:\Users\oem\Desktop
Task: {A13CF9C9-FCCE-44B5-8C45-CE50FCA69102} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {DD37F4DF-43EA-43A2-B451-48C4831CBBD1} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3134904 2024-02-16] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {1A6FCD82-8C77-4D45-AF95-497741C3F6A0} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3134904 2024-02-16] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {36A17099-0E33-4B91-A032-3D8AE080882E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {12E94EED-18E5-4D5A-B823-672F224497B4} - System32\Tasks\CCleanerBrowserProtectS-1-5-21-2864334784-1603053625-3890222848-1000 => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowserProtect.exe [1709664 2024-02-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) <==== ATTENTION
Task: {02FFEBFE-04A6-4129-8CF9-0972A4AC158F} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "bf83c256-b1ed-409b-b265-2819d48a2d11" --version "6.21.10918" --silent
Task: {31E802EA-3100-4839-B077-7BF46F9A1AF2} - System32\Tasks\CCleanerSkipUAC - Petr => C:\Program Files\CCleaner\CCleaner.exe [38778272 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {F769DDCF-7CEC-444F-9B9D-128F67CB4608} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-14] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {810F3542-3E9B-40EB-A7BD-AD5C8AFEDE01} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-14] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {BB5849BA-2F14-4B15-B477-F5EA41609F1E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{A0FC9BB1-195E-415F-B89C-FF1FE5EA9F49} => C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
Task: {ACB46EB4-96F1-4033-8C64-F54E4CD2C8C7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {4C358F93-E81E-4815-AC4F-9635B021E9C1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {C049E931-AAD2-4D96-8773-2AAB7E5AEE68} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {4DAB47DC-27E3-4619-934C-2D27951C2E45} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {F46D13F9-D9FF-4F8B-A477-90A8C9756997} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {132F2982-FE2A-4D65-8DDE-AE4BFD2DF749} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {C63C6A56-982A-4263-9BFE-70BF01352A42} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 (No File)
Task: {751937BF-86C3-4C83-BB40-3A9C81F8BE86} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {08C59951-8CD5-4372-AED6-93B970B7DB44} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {3D01FF46-B79D-42EC-8291-3A71205572E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {99E85D64-C752-4ADD-A882-E55B3E09601B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {44EAA82D-3F5B-48AB-8B69-7E0696ED65D4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {049053D8-AF62-4415-BEB2-9C823901709C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {2C64B32A-5D67-47AE-93AE-1AB76E4B885F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {DCAFEADD-F070-499A-BF27-DCBD1A51A77B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {EA731C16-8D1F-4FAE-8868-18EF280B4F16} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {613ACE8F-D4A5-45A1-820D-F0222F099C6E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {9EA37728-7DB0-4720-9B0A-3627A45435A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {CD4057D5-7C9A-45CD-A78B-E8C0380A58D2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {D3265386-94E3-4D75-82FA-B37C0F76D04C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {FE008B62-188A-4D81-9403-6EF4C4028D13} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {9CD195A8-02CE-485F-AAF1-106054CDA0CC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {979AD175-1F57-4B0B-BD1B-E9A20ED6D785} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {A8E13BB5-DC00-4CCD-B145-8F3E63C531B9} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {C9E51842-9C23-4A18-BCCA-172B1E8A31DF} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {95065416-1849-496B-AA60-3750F6C04B1C} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {0316680B-CE98-4303-8370-F870C83A9EF8} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {C5FD11CA-B388-48F3-A517-C1082B17D55A} - System32\Tasks\Opera scheduled Autoupdate 1648322131 => C:\Users\oem\AppData\Local\Programs\Opera\launcher.exe [2358688 2024-02-12] (Opera Norway AS -> Opera Software)
Task: {CCA25A6B-E3EC-462A-B226-A51C30478547} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {F21E88A7-45D6-45F7-9EE7-BFF2EC976B01} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {71D01C7B-DFB7-4705-8DC5-8FC0B5DBEA74} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {A7C5A736-9391-4A1E-BECF-0454A73BF43B} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [414664 2024-01-11] (Xerox Corporation -> Xerox Corporation)
Task: {4F23ACC7-5E21-4E94-BF55-2F2F3A7789ED} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [414664 2024-01-11] (Xerox Corporation -> Xerox Corporation)
Task: {0251D007-4380-457F-BDAC-FFF724E22D31} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [414664 2024-01-11] (Xerox Corporation -> Xerox Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0d6ba809-e86f-4779-9522-d0af7ab65932}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{5849cbe0-538e-4163-b2aa-206517080857}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5849cbe0-538e-4163-b2aa-206517080857}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-22]
Edge Notifications: Default -> hxxps://www.aliexpress.com; hxxps://www.facebook.com
Edge HomePage: Default -> hxxp://eshop.jezirkabanat.cz/search/search/
Edge Session Restore: Default -> is enabled.
Edge Extension: (OneTab) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2023-10-09]
Edge Extension: (Aliexpress SuperStar česky, Historie cen) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2023-11-08]
Edge Extension: (Tipli do prohlížeče) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dbnfnbehhjknomdbfhcobpgpphnlnikp [2022-06-17]
Edge Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2020-11-09]
Edge Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-22]
Edge Extension: (OneTab) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hoimpamkkoehapgenciaoajfkfkpgfop [2023-10-09]
Edge Extension: (Edge relevant text changes) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (Evernote Web Clipper) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llhcnbijpnechllogkacbcjmkcgjbjfi [2023-11-28]
Edge Extension: (ESET Browser Privacy & Security) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nkapkmklnmidbbgjaipbgpcnbomnaakc [2024-02-15]
Edge Extension: (TabCloud) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2021-12-06]
Edge HKLM-x32\...\Edge\Extension: [nkapkmklnmidbbgjaipbgpcnbomnaakc]
FireFox:
========
FF ProfilePath: C:\Users\oem\AppData\Roaming\Nvu\Profiles\rc2qx344.default [2021-08-13]
FF ProfilePath: C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default [2021-11-19]
FF Homepage: Mozilla\Firefox\Profiles\dqjh2a50.default -> hxxp://www.google.cz/
FF Extension: (No Name) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: (No Name) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default\extensions\sko-extension@firma.seznam.cz [not found]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-11-14] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-10] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google Inc -> Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> R:\SW\FormFiller-Software602\Filler\npfiller.dll [2011-03-15] (Software602 -> Software602 a.s.)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2022-12-14] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2022-12-14] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN) [File not signed]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default [2024-02-22]
CHR Notifications: Default -> hxxps://andro-conseil.com; hxxps://automobile-conseil.fr; hxxps://business.facebook.com; hxxps://calendar.google.com; hxxps://cz.pinterest.com; hxxps://drive.google.com; hxxps://eshop.tescoma.cz; hxxps://gw.lightinthebox.com; hxxps://ibb.co; hxxps://mail.google.com; hxxps://my.timocom.com; hxxps://paleosnadno.cz; hxxps://plumbber.ru; hxxps://smartandroid.fr; hxxps://upcr.cz; hxxps://webmail.forpsi.com; hxxps://www.aliexpress.com; hxxps://www.banggood.com; hxxps://www.facebook.com; hxxps://www.heureka.cz; hxxps://www.hitprace.cz; hxxps://www.idoklad.cz; hxxps://www.instagram.com; hxxps://www.kasafik.cz; hxxps://www.kupi.cz; hxxps://www.letemsvetemapplem.eu; hxxps://www.letgo.cz; hxxps://www.lightinthebox.com; hxxps://www.megaknihy.cz; hxxps://www.mesec.cz; hxxps://www.milujeme-slevy.cz; hxxps://www.monsterinsights.com; hxxps://www.netflix.com; hxxps://www.oranews.tv; hxxps://www.penize.cz; hxxps://www.reddit.com; hxxps://www.rt.com; hxxps://www.sejda.com; hxxps://www.spektrumzdravi.cz; hxxps://www.svetandroida.cz; hxxps://www.trenyrkarna.cz; hxxps://www.vybaven.cz
CHR Session Restore: Default -> is enabled.
CHR Extension: (Aliexpress SuperStar česky, Historie cen) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2023-11-08]
CHR Extension: (Tipli do prohlížeče) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnfnbehhjknomdbfhcobpgpphnlnikp [2022-06-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-19]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-10]
CHR Extension: (TabCloud) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2019-12-10]
CHR Extension: (ESET Browser Privacy & Security) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\oombnmpbbhbakfpfgdflaajkhicgfaam [2024-02-09]
CHR Extension: (Evernote Web Clipper) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2023-11-28]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-02-04]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-02-02]
CHR DownloadDir: C:\Users\oem\Downloads
CHR Notifications: Profile 1 -> hxxps://app.smartsupp.com; hxxps://calendar.google.com; hxxps://coshair.ru; hxxps://cs.animalthai.com; hxxps://cs.erch2014.com; hxxps://cs.joecomp.com; hxxps://cs.omatomeloanhikaku.com; hxxps://cz.gearbest.com; hxxps://cz.sputniknews.com; hxxps://finmag.penize.cz; hxxps://fr.aliexpress.com; hxxps://ibb.co; hxxps://marek44.oncollabim.com; hxxps://meet.google.com; hxxps://pt.aliexpress.com; hxxps://twitter.com; hxxps://web.telegram.org; hxxps://wp.aliexpress.com; hxxps://www.agatinsvet.cz; hxxps://www.alibaba.com; hxxps://www.b2bpartner.cz; hxxps://www.banggood.com; hxxps://www.collabim.cz; hxxps://www.dailymail.co.uk; hxxps://www.dobre-knihy.cz; hxxps://www.evernote.com; hxxps://www.facebook.com; hxxps://www.gearbest.com; hxxps://www.hudy.cz; hxxps://www.inizio.cz; hxxps://www.instagram.com; hxxps://www.kupi.cz; hxxps://www.lightinthebox.com; hxxps://www.mall.tv; hxxps://www.megaknihy.cz; hxxps://www.nej-ceny.cz; hxxps://www.netflix.com; hxxps://www.penize.cz; hxxps://www.rt.com; hxxps://www.tipsport.cz; hxxps://www.ubuy.cz; hxxps://www.viry.cz; hxxps://www.wish.com; hxxps://www.youtube.com
CHR DefaultSearchURL: Profile 1 -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> duckduckgo.com
CHR DefaultSuggestURL: Profile 1 -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Session Restore: Profile 1 -> is enabled.
CHR Extension: (DuckDuckGo) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-02-02]
CHR Extension: (YouTube) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-11-12]
CHR Extension: (Pushbullet) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2023-07-26]
CHR Extension: (OneTab) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2024-02-02]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2020-01-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-26]
CHR Extension: (Weby Google) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmandedkgonhldbnjpikffdnneenijnd [2020-04-12]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2024-02-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Evernote Web Clipper) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2024-02-02]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2 [2024-02-02]
CHR Extension: (YouTube) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-01-19]
CHR Extension: (Adobe Acrobat: nástroje pro úpravu, převod a podpis souborů PDF) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-07-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-26]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2024-02-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-09]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3 [2023-07-26]
CHR Extension: (Prezentace) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-05]
CHR Extension: (Dokumenty) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-05]
CHR Extension: (Disk Google) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-03-13]
CHR Extension: (YouTube) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-05]
CHR Extension: (Adobe Acrobat: nástroje pro úpravu, převod a podpis souborů PDF) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-07-26]
CHR Extension: (Tabulky) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-26]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-07-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-13]
CHR Extension: (Gmail) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-03-13]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 4 [2023-07-26]
CHR Extension: (Adobe Acrobat: nástroje pro úpravu, převod a podpis souborů PDF) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-07-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-26]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-07-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-07-26]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\System Profile [2024-02-02]
CHR HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [oombnmpbbhbakfpfgdflaajkhicgfaam]
Opera:
=======
OPR DefaultProfile: Default
StartMenuInternet: (HKU\S-1-5-21-2864334784-1603053625-3890222848-1000) OperaStable - "C:\Users\oem\AppData\Local\Programs\Opera\Launcher.exe"
==================== Services (Whitelisted) ===================
===================== Drivers (Whitelisted) ===================
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-02-22 20:00 - 2024-02-22 20:00 - 000000769 _____ C:\Users\oem\Downloads\export_dpd_2024-02-22_200022.csv
2024-02-22 19:54 - 2024-02-22 19:55 - 000000761 _____ C:\Users\oem\Downloads\export_dpd_2024-02-22_195457.csv
2024-02-22 11:54 - 2024-02-22 11:54 - 000068801 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240222T115438.pdf
2024-02-22 11:53 - 2024-02-22 11:53 - 000000558 _____ C:\Users\oem\Downloads\export_dpd_2024-02-22_115338.csv
2024-02-22 11:53 - 2024-02-22 11:53 - 000000558 _____ C:\Users\oem\Downloads\export_dpd_2024-02-22_115338 (1).csv
2024-02-22 11:43 - 2024-02-22 11:43 - 000070179 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240222T114312.pdf
2024-02-22 11:42 - 2024-02-22 11:42 - 000000585 _____ C:\Users\oem\Downloads\export_dpd_2024-02-22_114217.csv
2024-02-21 11:03 - 2024-02-21 11:03 - 002386944 _____ (Farbar) C:\Users\oem\Downloads\FRST64.exe
2024-02-21 10:21 - 2024-02-21 10:21 - 000004284 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon
2024-02-21 10:21 - 2024-02-21 10:21 - 000004154 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed
2024-02-21 10:21 - 2024-02-21 10:21 - 000004064 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh
2024-02-21 10:21 - 2024-02-21 10:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox
2024-02-21 10:21 - 2024-02-21 10:21 - 000000000 ____D C:\Program Files\Xerox
2024-02-19 11:25 - 2024-02-19 11:25 - 000086592 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240219T112504.pdf
2024-02-19 11:21 - 2024-02-19 11:21 - 000000767 _____ C:\Users\oem\Downloads\export_dpd_2024-02-19_112129.csv
2024-02-15 18:46 - 2024-02-15 18:46 - 000069702 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240215T184657.pdf
2024-02-15 18:45 - 2024-02-15 18:45 - 000000566 _____ C:\Users\oem\Downloads\export_dpd_2024-02-15_184515.csv
2024-02-15 13:24 - 2024-02-15 13:24 - 000012730 _____ C:\Users\oem\Downloads\priloha_1315961384_0_Textová zpráva.PDF
2024-02-15 13:15 - 2024-02-15 13:15 - 000245538 _____ C:\Users\oem\Downloads\Soubor00001 (1).pdf
2024-02-15 13:14 - 2024-02-15 13:14 - 000183005 _____ C:\Users\oem\Downloads\Soubor00004.pdf
2024-02-14 13:17 - 2024-02-14 13:17 - 000019697 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-14 13:16 - 2024-02-14 13:16 - 000019697 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-14 13:04 - 2024-02-14 13:05 - 000070203 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240214T130500.pdf
2024-02-14 13:04 - 2024-02-14 13:04 - 000000000 ___HD C:\$WinREAgent
2024-02-14 12:13 - 2024-02-14 12:13 - 000000567 _____ C:\Users\oem\Downloads\export_dpd_2024-02-14_121320.csv
2024-02-12 20:17 - 2024-02-12 20:18 - 269517241 _____ C:\Users\oem\Downloads\Kopie souboru Záznam 25.wav
2024-02-12 19:56 - 2024-02-12 19:56 - 000013951 _____ C:\Users\oem\Downloads\priloha_1314286700_0_Textová zpráva.PDF
2024-02-12 19:35 - 2024-02-12 19:35 - 000114180 _____ C:\Users\oem\Downloads\Email z PPP CK - Zpráva z foniatrie (Michael a Pavla Markovi).pdf
2024-02-12 10:37 - 2024-02-12 10:37 - 000102038 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240212T103718.pdf
2024-02-12 10:34 - 2024-02-12 10:34 - 000000944 _____ C:\Users\oem\Downloads\export_dpd_2024-02-12_103441.csv
2024-02-12 10:27 - 2024-02-12 10:27 - 000121540 _____ C:\Users\oem\Downloads\Faktura 202401011.pdf
2024-02-11 12:59 - 2023-05-30 09:17 - 000873168 _____ (HP Inc.) C:\WINDOWS\system32\spool\prtprocs\x64\hpcpp270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000596688 _____ (HP Inc.) C:\WINDOWS\system32\hpcpn270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000558800 _____ (HP Inc.) C:\WINDOWS\SysWOW64\hpcc3270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000318160 _____ (HP Inc.) C:\WINDOWS\system32\hpmlm225.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000267472 _____ (HP Inc.) C:\WINDOWS\system32\hpmml270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000244432 _____ (HP Inc.) C:\WINDOWS\system32\hpmja270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000232144 _____ (HP Inc.) C:\WINDOWS\system32\hpmpm082.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000206544 _____ (HP Inc.) C:\WINDOWS\system32\hpmtp270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000180944 _____ (HP Inc.) C:\WINDOWS\system32\hpcjpm.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000130256 _____ (HP Inc.) C:\WINDOWS\system32\hpmpw082.dll
2024-02-11 12:59 - 2020-09-23 15:49 - 003249008 _____ (The OpenSSL Project, hxxps://www.openssl.org/) C:\WINDOWS\system32\libcrypto-1_1-x64.dll
2024-02-11 12:59 - 2020-09-23 15:49 - 000929648 _____ (The OpenSSL Project, hxxps://www.openssl.org/) C:\WINDOWS\system32\libssl-1_1-x64.dll
2024-02-11 12:57 - 2024-02-11 12:57 - 023182800 _____ C:\Users\oem\Downloads\upd-pcl6-x64-7.1.0.25570.exe
2024-02-09 13:01 - 2024-02-09 13:01 - 000026935 _____ C:\Users\oem\Downloads\Google disk-----4801440322449719-17.pdf
2024-02-09 12:55 - 2024-02-09 12:55 - 000001950 _____ C:\Users\oem\Downloads\mBank - 1-2024 - 03991456_240101_240131.gpc
2024-02-09 12:54 - 2024-02-09 12:54 - 000095152 _____ C:\Users\oem\Downloads\mBank - 1-2024 - 03991456_240101_240131.pdf
2024-02-09 12:52 - 2024-02-09 12:52 - 000086364 _____ C:\Users\oem\Downloads\FIO-běžný účet - 1-2024 - Vypis_z_uctu-2400073267_20240101-20240131_cislo-1.pdf
2024-02-09 12:52 - 2024-02-09 12:52 - 000005200 _____ C:\Users\oem\Downloads\FIO-běžný účet - 1-2024 - Vypis_z_uctu-2400073267_20240101-20240131_cislo-1.gpc
2024-02-09 12:50 - 2024-02-09 12:50 - 000027302 _____ C:\Users\oem\Downloads\money_export_faktura-sosjezirka-1-2024.xml
2024-02-09 12:49 - 2024-02-09 12:49 - 000155753 _____ C:\Users\oem\Downloads\FV-1-2024-sosjezirka.pdf
2024-02-09 12:45 - 2024-02-09 12:45 - 000027513 _____ C:\Users\oem\Downloads\money_export_faktura-ikvido-1-2024.xml
2024-02-09 12:44 - 2024-02-09 12:44 - 000156606 _____ C:\Users\oem\Downloads\FV-1-2024-ikvido.pdf
2024-02-09 12:37 - 2024-02-09 12:37 - 002734021 _____ C:\Users\oem\Desktop\Predsmluvni-informace.pdf
2024-02-08 15:38 - 2024-02-08 15:38 - 000071842 _____ C:\Users\oem\Downloads\Faktura_FV20_08657.pdf
2024-02-08 14:00 - 2024-02-08 14:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2024-02-08 13:53 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\com.adobe.dunamis
2024-02-08 13:53 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Adobe
2024-02-08 13:53 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\SolidDocuments
2024-02-08 13:53 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\.ms-ad
2024-02-08 13:50 - 2024-02-08 13:50 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Opera
2024-02-08 13:50 - 2024-02-08 13:50 - 000000000 ____D C:\Users\Administrator\AppData\Local\Opera
2024-02-08 13:45 - 2024-02-08 13:45 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2864334784-1603053625-3890222848-500
2024-02-08 13:44 - 2024-02-08 20:35 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\PhraseExpress
2024-02-08 13:44 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2024-02-08 13:44 - 2024-02-08 13:45 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2864334784-1603053625-3890222848-500
2024-02-08 13:44 - 2024-02-08 13:44 - 000085525 _____ C:\WINDOWS\system32\NOTICE_mod
2024-02-08 13:44 - 2024-02-08 13:44 - 000001319 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\phraseexpress.lnk
2024-02-08 13:44 - 2024-02-08 13:44 - 000000000 ___RD C:\Users\Administrator\OneDrive
2024-02-08 13:44 - 2024-02-08 13:44 - 000000000 ____D C:\Users\Administrator\Documents\PhraseExpress
2024-02-08 13:44 - 2024-02-08 13:44 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Wondershare
2024-02-08 13:44 - 2024-02-08 13:44 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Logitech
2024-02-08 13:44 - 2024-02-08 13:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2024-02-08 13:41 - 2024-02-08 13:41 - 000002366 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2024-02-08 13:41 - 2024-02-08 13:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2024-02-08 13:40 - 2024-02-22 17:05 - 000002042 _____ C:\Users\Administrator\Desktop\Google Slides.lnk
2024-02-08 13:40 - 2024-02-22 17:05 - 000002042 _____ C:\Users\Administrator\Desktop\Google Sheets.lnk
2024-02-08 13:40 - 2024-02-22 17:05 - 000002030 _____ C:\Users\Administrator\Desktop\Google Docs.lnk
2024-02-08 13:40 - 2024-02-08 14:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2024-02-08 13:40 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2024-02-08 13:40 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator
2024-02-08 13:40 - 2024-02-08 13:45 - 000002421 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-08 13:40 - 2024-02-08 13:41 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows
2024-02-08 13:40 - 2024-02-08 13:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2024-02-08 13:40 - 2024-02-08 13:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2024-02-08 13:40 - 2024-02-08 13:40 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Šablony
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Soubory cookie
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Poslední
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Okolní tiskárny
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Okolní síť
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Nabídka Start
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Dokumenty
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Documents\Obrázky
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Documents\Hudba
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Documents\Filmy
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Data aplikací
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\AppData\Local\Data aplikací
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Protect
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ___RD C:\Users\Administrator\3D Objects
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Vault
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\ESET
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\CCleaner Browser
2024-02-08 13:40 - 2021-11-11 15:00 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Network
2024-02-08 13:40 - 2016-09-22 09:14 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2024-02-08 13:40 - 2016-09-22 09:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2024-02-08 12:32 - 2024-02-08 12:32 - 000102273 _____ C:\Users\oem\Downloads\priloha_1312461549_0_Informace_pro_poplatniky.pdf
2024-02-06 17:26 - 2024-02-06 17:26 - 000070391 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240206T172638.pdf
2024-02-06 17:25 - 2024-02-06 17:25 - 000000589 _____ C:\Users\oem\Downloads\export_dpd_2024-02-06_172526.csv
2024-02-05 23:43 - 2024-02-05 23:44 - 000081353 _____ C:\Users\oem\Downloads\opravená ŽÁDOST O NAHLÉDNUTÍ DO SPISU.pdf
2024-02-05 19:37 - 2024-02-05 19:37 - 000263766 _____ C:\Users\oem\Downloads\priloha_1310586625_0_vyjadreni_k_nahlizeni_do_spis._dokumentace-Markovi (1).pdf
2024-02-05 19:35 - 2024-02-12 19:25 - 000000000 ____D C:\Users\oem\Documents\OSPOD
2024-02-05 19:31 - 2024-02-05 19:32 - 000263766 _____ C:\Users\oem\Downloads\priloha_1310586625_0_vyjadreni_k_nahlizeni_do_spis._dokumentace-Markovi.pdf
2024-02-04 14:30 - 2024-02-04 14:30 - 043095192 _____ (Telegram FZ-LLC ) C:\Users\oem\Downloads\tsetup-x64.4.14.13.exe
2024-02-04 10:37 - 2024-02-04 10:37 - 000003790 _____ C:\WINDOWS\system32\Tasks\CCleanerBrowserProtectS-1-5-21-2864334784-1603053625-3890222848-1000
2024-01-31 13:10 - 2024-01-31 13:10 - 000000000 ____D C:\Users\oem\AppData\Local\WhatsApp
2024-01-30 23:58 - 2024-01-30 23:58 - 000078035 _____ C:\Users\oem\Downloads\ŽÁDOST O NAHLÉDNUTÍ DO SPISU.pdf
2024-01-30 23:28 - 2024-01-30 23:28 - 000067556 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240130T232832.pdf
2024-01-30 23:27 - 2024-01-30 23:27 - 000000559 _____ C:\Users\oem\Downloads\export_dpd_2024-01-30_232737.csv
2024-01-30 14:28 - 2024-01-30 14:28 - 000027300 _____ C:\Users\oem\Downloads\Maloobchodní ceník dmychadel SECOH 2024.xlsx
2024-01-30 14:21 - 2024-01-30 23:22 - 000030738 _____ C:\Users\oem\Downloads\Ceník SECOH 2024 skupina E.xlsx
2024-01-30 14:16 - 2024-01-30 14:16 - 000159159 _____ C:\Users\oem\Downloads\Maloobchodní ceník dmychadel SECOH 2024.pdf
2024-01-30 14:16 - 2024-01-30 14:16 - 000158462 _____ C:\Users\oem\Downloads\Ceník SECOH 2024 skupina E.pdf
2024-01-30 13:52 - 2024-01-30 13:52 - 000486296 _____ C:\Users\oem\Downloads\Rezervacni-smlouva.doc.pdf
2024-01-30 13:48 - 2024-01-30 13:48 - 000222796 _____ C:\Users\oem\Downloads\Kupni-smlouva.doc.pdf
2024-01-29 19:31 - 2024-01-29 19:31 - 000085340 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240129T193115.pdf
2024-01-29 19:24 - 2024-01-29 19:24 - 000115773 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240129T192431.pdf
2024-01-29 19:19 - 2024-01-29 19:19 - 000000570 _____ C:\Users\oem\Downloads\export_dpd_2024-01-29_191958.csv
2024-01-29 18:58 - 2024-01-29 18:58 - 000000566 _____ C:\Users\oem\Downloads\export_dpd_2024-01-29_185813.csv
2024-01-25 19:13 - 2024-01-25 19:13 - 000071505 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240125T191335.pdf
2024-01-25 19:12 - 2024-01-25 19:12 - 000000569 _____ C:\Users\oem\Downloads\export_dpd_2024-01-25_191218.csv
2024-01-24 12:19 - 2024-01-24 12:19 - 000049567 _____ C:\Users\oem\Downloads\Pohyb_26230290730_na_uctu_2400073267.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-02-22 20:05 - 2016-09-30 06:15 - 000000000 ____D C:\FRST
2024-02-22 19:54 - 2021-11-11 15:06 - 001875876 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-22 19:54 - 2019-12-07 15:41 - 000781844 _____ C:\WINDOWS\system32\perfh005.dat
2024-02-22 19:54 - 2019-12-07 15:41 - 000172578 _____ C:\WINDOWS\system32\perfc005.dat
2024-02-22 19:53 - 2022-07-07 08:22 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-22 19:52 - 2017-01-03 22:36 - 000000000 ____D C:\Users\oem\AppData\LocalLow\Mozilla
2024-02-22 19:48 - 2017-09-19 10:10 - 000000000 ____D C:\Program Files\CCleaner
2024-02-22 19:48 - 2012-12-23 11:50 - 000000000 ____D C:\Users\oem\AppData\Roaming\MyPhoneExplorer
2024-02-22 19:47 - 2021-11-11 15:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-22 19:47 - 2020-02-29 10:34 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2024-02-22 19:47 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-22 19:47 - 2013-11-12 21:18 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2024-02-22 19:14 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-02-22 19:14 - 2019-12-07 10:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2024-02-22 18:58 - 2012-11-05 15:19 - 000000000 ____D C:\Users\oem\Documents\PhraseExpress
2024-02-22 18:45 - 2012-12-23 15:08 - 000000000 ____D C:\Users\oem\AppData\Roaming\Samsung
2024-02-22 18:45 - 2012-12-23 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2024-02-22 18:44 - 2016-09-30 05:33 - 000000000 ____D C:\AdwCleaner
2024-02-22 18:39 - 2013-10-14 18:24 - 000000000 ____D C:\Users\oem\Desktop\Antispyware
2024-02-22 18:19 - 2015-11-18 11:21 - 000007994 _____ C:\WINDOWS\BRRBCOM.INI
2024-02-22 17:58 - 2012-11-01 18:40 - 000000000 ____D C:\Users\oem\AppData\Roaming\Microsoft\Word
2024-02-22 17:05 - 2022-08-26 17:53 - 000002042 _____ C:\Users\defaultuser100000\Desktop\Google Slides.lnk
2024-02-22 17:05 - 2022-08-26 17:53 - 000002042 _____ C:\Users\defaultuser100000\Desktop\Google Sheets.lnk
2024-02-22 17:05 - 2022-08-26 17:53 - 000002030 _____ C:\Users\defaultuser100000\Desktop\Google Docs.lnk
2024-02-22 17:05 - 2022-01-27 08:05 - 000002042 _____ C:\Users\42060\Desktop\Google Slides.lnk
2024-02-22 17:05 - 2022-01-27 08:05 - 000002042 _____ C:\Users\42060\Desktop\Google Sheets.lnk
2024-02-22 17:05 - 2022-01-27 08:05 - 000002030 _____ C:\Users\42060\Desktop\Google Docs.lnk
2024-02-22 17:05 - 2021-12-17 13:43 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-22 17:05 - 2021-09-23 19:49 - 000002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-02-22 17:05 - 2021-09-23 19:49 - 000002042 _____ C:\Users\Default\Desktop\Google Slides.lnk
2024-02-22 17:05 - 2021-09-23 19:49 - 000002042 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2024-02-22 17:05 - 2021-09-23 19:49 - 000002030 _____ C:\Users\Default\Desktop\Google Docs.lnk
2024-02-22 11:56 - 2012-11-02 10:03 - 000000000 ____D C:\Users\oem\AppData\Roaming\Microsoft\Excel
2024-02-22 10:38 - 2021-11-16 07:11 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2024-02-22 10:38 - 2021-11-16 07:11 - 000002386 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
2024-02-22 10:38 - 2021-11-16 07:10 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2024-02-22 10:16 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-22 10:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-20 15:58 - 2021-11-11 14:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-18 14:29 - 2022-01-28 08:21 - 000000000 ____D C:\Users\oem\AppData\Roaming\Evernote
2024-02-18 10:35 - 2021-12-13 10:34 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2864334784-1603053625-3890222848-1000
2024-02-18 10:35 - 2021-11-11 15:11 - 000003360 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2864334784-1603053625-3890222848-1000
2024-02-18 10:35 - 2021-11-11 14:56 - 000002411 _____ C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-18 10:34 - 2021-11-11 15:11 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-18 10:33 - 2022-10-12 11:22 - 000002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-02-18 10:33 - 2022-10-12 11:22 - 000002095 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-02-17 10:32 - 2020-11-09 15:05 - 000002470 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-17 10:32 - 2020-11-09 15:05 - 000002308 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-02-16 10:31 - 2012-10-31 12:27 - 000002335 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-15 20:42 - 2022-02-16 11:43 - 000000000 ____D C:\Users\oem\AppData\Roaming\Telegram Desktop
2024-02-15 19:10 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-15 18:37 - 2022-09-21 08:43 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-02-15 13:18 - 2022-09-21 08:43 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-02-15 13:18 - 2021-11-16 07:10 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-02-15 13:08 - 2022-03-26 20:15 - 000004142 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1648322131
2024-02-15 13:08 - 2022-03-26 20:15 - 000001439 _____ C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2024-02-15 13:01 - 2021-11-11 14:55 - 000462048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-15 00:32 - 2022-04-28 09:38 - 000000000 ____D C:\Users\oem\AppData\Roaming\DPD-electron
2024-02-14 13:16 - 2021-11-11 14:55 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-14 12:48 - 2013-08-15 09:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-14 12:39 - 2012-11-03 14:40 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-13 15:09 - 2023-03-07 12:54 - 000001615 _____ C:\Users\oem\Desktop\Bečka CENÍK VO 2024 – zástupce.lnk
2024-02-11 12:57 - 2016-11-04 12:28 - 000000000 ____D C:\HP Universal Print Driver
2024-02-08 13:57 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-02-08 13:41 - 2016-05-20 10:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-02-04 14:31 - 2022-02-16 11:43 - 000001062 _____ C:\Users\oem\Desktop\Telegram.lnk
2024-02-04 14:31 - 2022-02-16 11:43 - 000000000 ____D C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2024-02-02 10:31 - 2021-11-11 15:11 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-02 10:31 - 2021-11-11 15:11 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-01-31 13:13 - 2019-10-01 07:19 - 000000000 ____D C:\Users\oem\AppData\Roaming\WhatsApp
2024-01-31 13:10 - 2024-01-08 20:22 - 000002251 _____ C:\Users\oem\Desktop\WhatsApp (Outdated).lnk
2024-01-31 13:10 - 2019-10-01 07:19 - 000000000 ____D C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2024-01-31 13:10 - 2019-10-01 07:19 - 000000000 ____D C:\Users\oem\AppData\Local\SquirrelTemp
2024-01-25 18:51 - 2012-11-01 21:22 - 000000000 ____D C:\Users\oem\AppData\Local\CrashDumps
2024-01-23 17:56 - 2024-01-10 10:59 - 000012201 _____ C:\Users\oem\Documents\Verča - vyúčtování zaplacených věcí.xlsx
==================== Files in the root of some directories ========
2015-03-05 13:03 - 2015-03-05 13:47 - 000000288 _____ () C:\Users\oem\AppData\Roaming\MSyu.dat
2015-03-05 13:03 - 2015-03-05 13:47 - 000000288 _____ () C:\Users\oem\AppData\Roaming\PDF2XL-6-0.TrialData
2012-12-18 11:02 - 2016-03-04 10:52 - 000000058 _____ () C:\Users\oem\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2024-01-10 13:09 - 2024-01-10 13:09 - 000001321 _____ () C:\Users\oem\AppData\Local\recently-used.xbel
2012-11-01 22:01 - 2012-11-01 22:01 - 000007605 _____ () C:\Users\oem\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Ran by Petr (administrator) on OEM-PC (22-02-2024 20:03:57)
Running from C:\Users\oem\Desktop\Antispyware\FRST\FRST64.exe
Loaded Profiles: Petr & DefaultAppPool
Platform: Microsoft Windows 10 Home Version 22H2 19045.4046 (X64) Language: Čeština (Česko)
Default browser: Opera
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ABBYY SOLUTIONS LIMITED -> ABBYY.) C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(C:\Program Files (x86)\Mobo\Service\MoboDeviceService.exe ->) (BoYuan(Hong Kong) Wireless Websoft Technology Limited -> Mobo) C:\Program Files (x86)\Mobo\Service\MoboDeviceProxy.exe
(C:\Program Files\ESET\ESET Smart Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Smart Security\eguiProxy.exe
(C:\Program Files\ESET\ESET Smart Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Smart Security\eOppFrame.exe
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(C:\Users\oem\AppData\Local\Programs\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\oem\AppData\Local\Programs\Opera\107.0.5045.21\opera_crashreporter.exe
(explorer.exe ->) (Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe
(explorer.exe ->) (Ashampoo GmbH & Co. KG -> Ashampoo Media GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe
(explorer.exe ->) (Bartels Media GmbH -> Bartels Media GmbH) C:\Program Files (x86)\PhraseExpress\phraseexpress.exe
(explorer.exe ->) (EnTech Taiwan -> EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
(explorer.exe ->) (Franz Josef Wechselberger -> F.J. Wechselberger) C:\Program Files (x86)\MyPhoneExplorer-1-8-5\MyPhoneExplorer.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <38>
(explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(explorer.exe ->) (Logitech -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(explorer.exe ->) (LW-WORKS Software) [File not signed] C:\sw\clipboard_recorder_portable\$RGCBVYN.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe <3>
(explorer.exe ->) (Samsung Electronics CO., LTD. -> Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(explorer.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Opera Norway AS -> Opera Software) C:\Users\oem\AppData\Local\Programs\Opera\opera.exe <24>
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(services.exe ->) (ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(services.exe ->) (Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(services.exe ->) (Acronis, Inc -> Acronis) C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (BoYuan(Hong Kong) Wireless Websoft Technology Limited -> Mobo, Inc.) C:\Program Files (x86)\Mobo\Service\MoboDeviceService.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Smart Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(services.exe ->) (Geek Software GmbH -> Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(services.exe ->) (Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (Protexis Inc. -> Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Software602 -> Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(services.exe ->) (Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(services.exe ->) (Xerox Corporation -> Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe
(Software602 -> Software602) C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2311.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Windows.Media.BackgroundPlayback.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Služba Acronis Scheduler2] => C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe [358832 2011-02-03] (Acronis, Inc -> Acronis)
HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmdS.exe [196264 2024-01-24] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5119600 2012-05-11] (VIA Technologies Inc. -> VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5133968 2011-02-03] (Acronis, Inc -> )
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Print2PDF Print Monitor] => C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe [222776 2011-04-12] (Software602 -> Software602)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [925960 2011-08-18] (ABBYY SOLUTIONS LIMITED -> ABBYY.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [STCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [771968 2011-08-29] (Splashtop Inc. -> Splashtop Inc.)
HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc. -> Splashtop Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [483976 2020-09-07] (Geek Software GmbH -> Geek Software GmbH)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [AshSnap] => C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe [3860304 2013-10-29] (Ashampoo GmbH & Co. KG -> Ashampoo Media GmbH & Co. KG)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [MyPhoneExplorer] => C:\Program Files (x86)\MyPhoneExplorer-1-8-5\MyPhoneExplorer.exe [5945504 2019-06-17] (Franz Josef Wechselberger -> F.J. Wechselberger)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45018016 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [DPDApp] => C:\Users\oem\AppData\Local\Programs\DPD-electron\DPDApp.exe [111036928 2023-05-30] (DPDGroup) [File not signed]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\Run: [MicrosoftEdgeAutoLaunch_C3C43DE3D7532B85F72FDD7AC8AEB537] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\MountPoints2: {a144871f-59a1-11e8-a65d-806e6f6e6963} - "H:\Windows Utilities\Installer64\Install.exe"
HKU\S-1-5-21-2864334784-1603053625-3890222848-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45018016 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1003\...\Run: [MicrosoftEdgeAutoLaunch_F19A02299990B1ACC5CF1F78FEF0F08C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1003\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\Run: [CCleanerBrowserAutoLaunch_05192599E3C059BF391BBC4A7D0D69CA] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3134904 2024-02-16] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\Run: [MicrosoftEdgeAutoLaunch_3B84CBD7EA3C00F28296F546D5781130] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 19.043.0304.0013\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64" [0 2022-01-27] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 19.043.0304.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\19.043.0304.0013" [0 2022-01-27] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" [0 2022-01-28] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" [0 2022-01-28] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [cz.seznam.software.szndesktop] => "C:\Users\Veronika\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [cz.seznam.software.autoupdate] => "C:\Users\Veronika\AppData\Roaming\Seznam.cz\szninstall.exe" -c (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [CCleanerBrowserAutoLaunch_D044A33C65C42DB1B59A1BB59C616934] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3134904 2024-02-16] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [MicrosoftEdgeAutoLaunch_506F8CB68E93DC616BE746E510433970] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Veronika\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [42164600 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Veronika\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\RunOnce: [Uninstall 19.232.1124.0008\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Veronika\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64" [0 2022-07-08] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\RunOnce: [Uninstall 19.232.1124.0008] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Veronika\AppData\Local\Microsoft\OneDrive\19.232.1124.0008" [0 2022-07-08] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\RunOnce: [SeznamInstall-uninstall:8352b3ec6aab5907bacfaeb1917627b7] => C:\Users\Veronika\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [534528 2022-07-08] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\Run: [MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788240 2024-02-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\Run: [CCleanerBrowserAutoLaunch_3CDF41FB87688E5FC1D0DFF54D877FE1] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3134904 2024-02-16] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Uninstall 19.043.0304.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.043.0304.0013" (No File)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\87.0.2.0\GoogleDriveFS.exe [59681568 2024-02-22] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\hpcpp093: C:\Windows\System32\spool\prtprocs\x64\hpcpp093.DLL [300032 2010-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp190: C:\Windows\System32\spool\prtprocs\x64\hpcpp190.dll [651176 2016-11-04] (HP Inc. -> HP Inc.)
HKLM\...\Windows x64\Print Processors\hpcpp270: C:\Windows\System32\spool\prtprocs\x64\hpcpp270.dll [873168 2023-05-30] (HP Inc. -> HP Inc.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppwn7: C:\Windows\System32\spool\prtprocs\x64\hpzppwn7.dll [101376 2009-07-14] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\LXKPTPRC: C:\Windows\System32\spool\prtprocs\x64\LXKPTPRC.DLL [99840 2009-07-14] (Lexmark International Inc.) [File not signed]
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2008-03-03] (Hewlett Packard) [File not signed]
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [127912 2016-11-04] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM190: C:\WINDOWS\system32\hpmlm190.dll [310512 2016-11-04] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HPMLM225: C:\WINDOWS\system32\hpmlm225.dll [318160 2023-05-30] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\WINDOWS\system32\hpz3llhn.dll [34816 2008-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PDF Print Monitor BZ101: C:\WINDOWS\system32\bzpdf101.dll [196608 2008-06-09] (STORMWARE) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\121.0.23992.186\Installer\chrmstp.exe [2024-02-22] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\121.0.6167.185\Installer\chrmstp.exe [2024-02-16] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\$RGCBVYN – zástupce.lnk [2012-11-05]
ShortcutTarget: $RGCBVYN – zástupce.lnk -> C:\sw\clipboard_recorder_portable\$RGCBVYN.exe (LW-WORKS Software) [File not signed]
Startup: C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2023-10-20]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2015-07-01]
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan -> EnTech Taiwan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2020-02-25]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare Technology Co.,Ltd -> Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk [2017-12-19]
ShortcutTarget: PhraseExpress.lnk -> C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH -> Bartels Media GmbH)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {366513EB-A3F1-4115-B909-47780227A137} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {3B2CB242-8E01-41EF-B1A5-DAA751A6353D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3EA422DE-C1B7-45EA-B906-A063E2C84C6E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {45CC0FF2-055C-4DA9-B889-239A93C87DE5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {63EEFCE1-2AB4-4607-BACF-402D6F019872} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6FDA50FF-47AB-4248-848F-F11AB7C8E94F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8D7F2F72-3ACC-4E8D-B054-E10E19C7DB3F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93988D4D-32D0-4C24-A881-67FDA83E6469} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE38DABA-627A-4E8F-B385-CF75CECA845F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AF447DEB-0BAC-4111-A635-75BB34F0C0F5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B6B44D9C-0E56-4189-A142-DB5E66CB6ABD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CD459309-4164-4E79-82AF-7C7E0873183E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EA8D1844-D04B-4F74-9443-1A9947230ACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EE816DA6-387E-49F3-8624-3586618C80F8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FC7CC874-1D21-4622-8040-7C3F33833EAD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FD95BF76-9E4E-4123-A5C1-53B238C4A34B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8DBBBB37-F6C0-49A1-8D8C-A8F014ACEF9D} - System32\Tasks\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1} => D:\Setup.exe (No File)
Task: {36800DFD-F228-4BDD-889E-6FBDCA1A2EC3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (No File)
Task: {A2F29343-B3C2-4CB6-A714-843CAB7B3A0E} - System32\Tasks\{679E49C3-82EA-4689-BF84-5EBFC20B1F17} => D:\Setup.exe (No File)
Task: {94D653CE-031A-4EC4-9DB2-ED95E341E35D} - System32\Tasks\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4} => C:\Windows\system32\pcalua.exe [53760 2023-11-19] (Microsoft Windows -> Microsoft Corporation) -> -a D:\Setup.exe -d D:\
Task: {5A498D04-4150-4DB5-8C99-0FA58820929E} - System32\Tasks\{E4941AFC-DD14-462C-A1D7-77331DD70F4B} => D:\Setup.exe (No File)
Task: {CA7ED97D-9C6F-421F-90FF-FF301E5EEA1C} - System32\Tasks\{EB7609EB-79A9-4BAB-BF2E-5E172C7BC9F2} => C:\Windows\system32\pcalua.exe [53760 2023-11-19] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Users\oem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WLH8SAQJ\Evernote_5.2.0.2946.exe" -d C:\Users\oem\Desktop
Task: {A13CF9C9-FCCE-44B5-8C45-CE50FCA69102} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {DD37F4DF-43EA-43A2-B451-48C4831CBBD1} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3134904 2024-02-16] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {1A6FCD82-8C77-4D45-AF95-497741C3F6A0} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3134904 2024-02-16] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {36A17099-0E33-4B91-A032-3D8AE080882E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {12E94EED-18E5-4D5A-B823-672F224497B4} - System32\Tasks\CCleanerBrowserProtectS-1-5-21-2864334784-1603053625-3890222848-1000 => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowserProtect.exe [1709664 2024-02-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) <==== ATTENTION
Task: {02FFEBFE-04A6-4129-8CF9-0972A4AC158F} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "bf83c256-b1ed-409b-b265-2819d48a2d11" --version "6.21.10918" --silent
Task: {31E802EA-3100-4839-B077-7BF46F9A1AF2} - System32\Tasks\CCleanerSkipUAC - Petr => C:\Program Files\CCleaner\CCleaner.exe [38778272 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {F769DDCF-7CEC-444F-9B9D-128F67CB4608} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-14] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {810F3542-3E9B-40EB-A7BD-AD5C8AFEDE01} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-14] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {BB5849BA-2F14-4B15-B477-F5EA41609F1E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{A0FC9BB1-195E-415F-B89C-FF1FE5EA9F49} => C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
Task: {ACB46EB4-96F1-4033-8C64-F54E4CD2C8C7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {4C358F93-E81E-4815-AC4F-9635B021E9C1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {C049E931-AAD2-4D96-8773-2AAB7E5AEE68} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {4DAB47DC-27E3-4619-934C-2D27951C2E45} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {F46D13F9-D9FF-4F8B-A477-90A8C9756997} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {132F2982-FE2A-4D65-8DDE-AE4BFD2DF749} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {C63C6A56-982A-4263-9BFE-70BF01352A42} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 (No File)
Task: {751937BF-86C3-4C83-BB40-3A9C81F8BE86} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {08C59951-8CD5-4372-AED6-93B970B7DB44} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {3D01FF46-B79D-42EC-8291-3A71205572E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {99E85D64-C752-4ADD-A882-E55B3E09601B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {44EAA82D-3F5B-48AB-8B69-7E0696ED65D4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {049053D8-AF62-4415-BEB2-9C823901709C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {2C64B32A-5D67-47AE-93AE-1AB76E4B885F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {DCAFEADD-F070-499A-BF27-DCBD1A51A77B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {EA731C16-8D1F-4FAE-8868-18EF280B4F16} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {613ACE8F-D4A5-45A1-820D-F0222F099C6E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {9EA37728-7DB0-4720-9B0A-3627A45435A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {CD4057D5-7C9A-45CD-A78B-E8C0380A58D2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {D3265386-94E3-4D75-82FA-B37C0F76D04C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {FE008B62-188A-4D81-9403-6EF4C4028D13} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {9CD195A8-02CE-485F-AAF1-106054CDA0CC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {979AD175-1F57-4B0B-BD1B-E9A20ED6D785} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {A8E13BB5-DC00-4CCD-B145-8F3E63C531B9} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {C9E51842-9C23-4A18-BCCA-172B1E8A31DF} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {95065416-1849-496B-AA60-3750F6C04B1C} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {0316680B-CE98-4303-8370-F870C83A9EF8} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {C5FD11CA-B388-48F3-A517-C1082B17D55A} - System32\Tasks\Opera scheduled Autoupdate 1648322131 => C:\Users\oem\AppData\Local\Programs\Opera\launcher.exe [2358688 2024-02-12] (Opera Norway AS -> Opera Software)
Task: {CCA25A6B-E3EC-462A-B226-A51C30478547} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {F21E88A7-45D6-45F7-9EE7-BFF2EC976B01} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {71D01C7B-DFB7-4705-8DC5-8FC0B5DBEA74} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {A7C5A736-9391-4A1E-BECF-0454A73BF43B} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [414664 2024-01-11] (Xerox Corporation -> Xerox Corporation)
Task: {4F23ACC7-5E21-4E94-BF55-2F2F3A7789ED} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [414664 2024-01-11] (Xerox Corporation -> Xerox Corporation)
Task: {0251D007-4380-457F-BDAC-FFF724E22D31} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [414664 2024-01-11] (Xerox Corporation -> Xerox Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0d6ba809-e86f-4779-9522-d0af7ab65932}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{5849cbe0-538e-4163-b2aa-206517080857}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5849cbe0-538e-4163-b2aa-206517080857}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-22]
Edge Notifications: Default -> hxxps://www.aliexpress.com; hxxps://www.facebook.com
Edge HomePage: Default -> hxxp://eshop.jezirkabanat.cz/search/search/
Edge Session Restore: Default -> is enabled.
Edge Extension: (OneTab) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2023-10-09]
Edge Extension: (Aliexpress SuperStar česky, Historie cen) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2023-11-08]
Edge Extension: (Tipli do prohlížeče) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dbnfnbehhjknomdbfhcobpgpphnlnikp [2022-06-17]
Edge Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2020-11-09]
Edge Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-22]
Edge Extension: (OneTab) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hoimpamkkoehapgenciaoajfkfkpgfop [2023-10-09]
Edge Extension: (Edge relevant text changes) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (Evernote Web Clipper) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llhcnbijpnechllogkacbcjmkcgjbjfi [2023-11-28]
Edge Extension: (ESET Browser Privacy & Security) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nkapkmklnmidbbgjaipbgpcnbomnaakc [2024-02-15]
Edge Extension: (TabCloud) - C:\Users\oem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2021-12-06]
Edge HKLM-x32\...\Edge\Extension: [nkapkmklnmidbbgjaipbgpcnbomnaakc]
FireFox:
========
FF ProfilePath: C:\Users\oem\AppData\Roaming\Nvu\Profiles\rc2qx344.default [2021-08-13]
FF ProfilePath: C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default [2021-11-19]
FF Homepage: Mozilla\Firefox\Profiles\dqjh2a50.default -> hxxp://www.google.cz/
FF Extension: (No Name) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: (No Name) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default\extensions\sko-extension@firma.seznam.cz [not found]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-11-14] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-10] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google Inc -> Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> R:\SW\FormFiller-Software602\Filler\npfiller.dll [2011-03-15] (Software602 -> Software602 a.s.)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2022-12-14] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2022-12-14] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN) [File not signed]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default [2024-02-22]
CHR Notifications: Default -> hxxps://andro-conseil.com; hxxps://automobile-conseil.fr; hxxps://business.facebook.com; hxxps://calendar.google.com; hxxps://cz.pinterest.com; hxxps://drive.google.com; hxxps://eshop.tescoma.cz; hxxps://gw.lightinthebox.com; hxxps://ibb.co; hxxps://mail.google.com; hxxps://my.timocom.com; hxxps://paleosnadno.cz; hxxps://plumbber.ru; hxxps://smartandroid.fr; hxxps://upcr.cz; hxxps://webmail.forpsi.com; hxxps://www.aliexpress.com; hxxps://www.banggood.com; hxxps://www.facebook.com; hxxps://www.heureka.cz; hxxps://www.hitprace.cz; hxxps://www.idoklad.cz; hxxps://www.instagram.com; hxxps://www.kasafik.cz; hxxps://www.kupi.cz; hxxps://www.letemsvetemapplem.eu; hxxps://www.letgo.cz; hxxps://www.lightinthebox.com; hxxps://www.megaknihy.cz; hxxps://www.mesec.cz; hxxps://www.milujeme-slevy.cz; hxxps://www.monsterinsights.com; hxxps://www.netflix.com; hxxps://www.oranews.tv; hxxps://www.penize.cz; hxxps://www.reddit.com; hxxps://www.rt.com; hxxps://www.sejda.com; hxxps://www.spektrumzdravi.cz; hxxps://www.svetandroida.cz; hxxps://www.trenyrkarna.cz; hxxps://www.vybaven.cz
CHR Session Restore: Default -> is enabled.
CHR Extension: (Aliexpress SuperStar česky, Historie cen) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2023-11-08]
CHR Extension: (Tipli do prohlížeče) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnfnbehhjknomdbfhcobpgpphnlnikp [2022-06-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-19]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-10]
CHR Extension: (TabCloud) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2019-12-10]
CHR Extension: (ESET Browser Privacy & Security) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\oombnmpbbhbakfpfgdflaajkhicgfaam [2024-02-09]
CHR Extension: (Evernote Web Clipper) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2023-11-28]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-02-04]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-02-02]
CHR DownloadDir: C:\Users\oem\Downloads
CHR Notifications: Profile 1 -> hxxps://app.smartsupp.com; hxxps://calendar.google.com; hxxps://coshair.ru; hxxps://cs.animalthai.com; hxxps://cs.erch2014.com; hxxps://cs.joecomp.com; hxxps://cs.omatomeloanhikaku.com; hxxps://cz.gearbest.com; hxxps://cz.sputniknews.com; hxxps://finmag.penize.cz; hxxps://fr.aliexpress.com; hxxps://ibb.co; hxxps://marek44.oncollabim.com; hxxps://meet.google.com; hxxps://pt.aliexpress.com; hxxps://twitter.com; hxxps://web.telegram.org; hxxps://wp.aliexpress.com; hxxps://www.agatinsvet.cz; hxxps://www.alibaba.com; hxxps://www.b2bpartner.cz; hxxps://www.banggood.com; hxxps://www.collabim.cz; hxxps://www.dailymail.co.uk; hxxps://www.dobre-knihy.cz; hxxps://www.evernote.com; hxxps://www.facebook.com; hxxps://www.gearbest.com; hxxps://www.hudy.cz; hxxps://www.inizio.cz; hxxps://www.instagram.com; hxxps://www.kupi.cz; hxxps://www.lightinthebox.com; hxxps://www.mall.tv; hxxps://www.megaknihy.cz; hxxps://www.nej-ceny.cz; hxxps://www.netflix.com; hxxps://www.penize.cz; hxxps://www.rt.com; hxxps://www.tipsport.cz; hxxps://www.ubuy.cz; hxxps://www.viry.cz; hxxps://www.wish.com; hxxps://www.youtube.com
CHR DefaultSearchURL: Profile 1 -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> duckduckgo.com
CHR DefaultSuggestURL: Profile 1 -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Session Restore: Profile 1 -> is enabled.
CHR Extension: (DuckDuckGo) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-02-02]
CHR Extension: (YouTube) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-11-12]
CHR Extension: (Pushbullet) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2023-07-26]
CHR Extension: (OneTab) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2024-02-02]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2020-01-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-26]
CHR Extension: (Weby Google) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmandedkgonhldbnjpikffdnneenijnd [2020-04-12]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2024-02-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Evernote Web Clipper) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2024-02-02]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2 [2024-02-02]
CHR Extension: (YouTube) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-01-19]
CHR Extension: (Adobe Acrobat: nástroje pro úpravu, převod a podpis souborů PDF) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-07-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-26]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2024-02-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-09]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3 [2023-07-26]
CHR Extension: (Prezentace) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-05]
CHR Extension: (Dokumenty) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-05]
CHR Extension: (Disk Google) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-03-13]
CHR Extension: (YouTube) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-05]
CHR Extension: (Adobe Acrobat: nástroje pro úpravu, převod a podpis souborů PDF) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-07-26]
CHR Extension: (Tabulky) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-26]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-07-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-13]
CHR Extension: (Gmail) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-03-13]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 4 [2023-07-26]
CHR Extension: (Adobe Acrobat: nástroje pro úpravu, převod a podpis souborů PDF) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-07-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-26]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-07-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-07-26]
CHR Profile: C:\Users\oem\AppData\Local\Google\Chrome\User Data\System Profile [2024-02-02]
CHR HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [oombnmpbbhbakfpfgdflaajkhicgfaam]
Opera:
=======
OPR DefaultProfile: Default
StartMenuInternet: (HKU\S-1-5-21-2864334784-1603053625-3890222848-1000) OperaStable - "C:\Users\oem\AppData\Local\Programs\Opera\Launcher.exe"
==================== Services (Whitelisted) ===================
===================== Drivers (Whitelisted) ===================
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-02-22 20:00 - 2024-02-22 20:00 - 000000769 _____ C:\Users\oem\Downloads\export_dpd_2024-02-22_200022.csv
2024-02-22 19:54 - 2024-02-22 19:55 - 000000761 _____ C:\Users\oem\Downloads\export_dpd_2024-02-22_195457.csv
2024-02-22 11:54 - 2024-02-22 11:54 - 000068801 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240222T115438.pdf
2024-02-22 11:53 - 2024-02-22 11:53 - 000000558 _____ C:\Users\oem\Downloads\export_dpd_2024-02-22_115338.csv
2024-02-22 11:53 - 2024-02-22 11:53 - 000000558 _____ C:\Users\oem\Downloads\export_dpd_2024-02-22_115338 (1).csv
2024-02-22 11:43 - 2024-02-22 11:43 - 000070179 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240222T114312.pdf
2024-02-22 11:42 - 2024-02-22 11:42 - 000000585 _____ C:\Users\oem\Downloads\export_dpd_2024-02-22_114217.csv
2024-02-21 11:03 - 2024-02-21 11:03 - 002386944 _____ (Farbar) C:\Users\oem\Downloads\FRST64.exe
2024-02-21 10:21 - 2024-02-21 10:21 - 000004284 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon
2024-02-21 10:21 - 2024-02-21 10:21 - 000004154 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed
2024-02-21 10:21 - 2024-02-21 10:21 - 000004064 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh
2024-02-21 10:21 - 2024-02-21 10:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox
2024-02-21 10:21 - 2024-02-21 10:21 - 000000000 ____D C:\Program Files\Xerox
2024-02-19 11:25 - 2024-02-19 11:25 - 000086592 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240219T112504.pdf
2024-02-19 11:21 - 2024-02-19 11:21 - 000000767 _____ C:\Users\oem\Downloads\export_dpd_2024-02-19_112129.csv
2024-02-15 18:46 - 2024-02-15 18:46 - 000069702 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240215T184657.pdf
2024-02-15 18:45 - 2024-02-15 18:45 - 000000566 _____ C:\Users\oem\Downloads\export_dpd_2024-02-15_184515.csv
2024-02-15 13:24 - 2024-02-15 13:24 - 000012730 _____ C:\Users\oem\Downloads\priloha_1315961384_0_Textová zpráva.PDF
2024-02-15 13:15 - 2024-02-15 13:15 - 000245538 _____ C:\Users\oem\Downloads\Soubor00001 (1).pdf
2024-02-15 13:14 - 2024-02-15 13:14 - 000183005 _____ C:\Users\oem\Downloads\Soubor00004.pdf
2024-02-14 13:17 - 2024-02-14 13:17 - 000019697 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-14 13:16 - 2024-02-14 13:16 - 000019697 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-14 13:04 - 2024-02-14 13:05 - 000070203 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240214T130500.pdf
2024-02-14 13:04 - 2024-02-14 13:04 - 000000000 ___HD C:\$WinREAgent
2024-02-14 12:13 - 2024-02-14 12:13 - 000000567 _____ C:\Users\oem\Downloads\export_dpd_2024-02-14_121320.csv
2024-02-12 20:17 - 2024-02-12 20:18 - 269517241 _____ C:\Users\oem\Downloads\Kopie souboru Záznam 25.wav
2024-02-12 19:56 - 2024-02-12 19:56 - 000013951 _____ C:\Users\oem\Downloads\priloha_1314286700_0_Textová zpráva.PDF
2024-02-12 19:35 - 2024-02-12 19:35 - 000114180 _____ C:\Users\oem\Downloads\Email z PPP CK - Zpráva z foniatrie (Michael a Pavla Markovi).pdf
2024-02-12 10:37 - 2024-02-12 10:37 - 000102038 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240212T103718.pdf
2024-02-12 10:34 - 2024-02-12 10:34 - 000000944 _____ C:\Users\oem\Downloads\export_dpd_2024-02-12_103441.csv
2024-02-12 10:27 - 2024-02-12 10:27 - 000121540 _____ C:\Users\oem\Downloads\Faktura 202401011.pdf
2024-02-11 12:59 - 2023-05-30 09:17 - 000873168 _____ (HP Inc.) C:\WINDOWS\system32\spool\prtprocs\x64\hpcpp270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000596688 _____ (HP Inc.) C:\WINDOWS\system32\hpcpn270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000558800 _____ (HP Inc.) C:\WINDOWS\SysWOW64\hpcc3270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000318160 _____ (HP Inc.) C:\WINDOWS\system32\hpmlm225.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000267472 _____ (HP Inc.) C:\WINDOWS\system32\hpmml270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000244432 _____ (HP Inc.) C:\WINDOWS\system32\hpmja270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000232144 _____ (HP Inc.) C:\WINDOWS\system32\hpmpm082.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000206544 _____ (HP Inc.) C:\WINDOWS\system32\hpmtp270.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000180944 _____ (HP Inc.) C:\WINDOWS\system32\hpcjpm.dll
2024-02-11 12:59 - 2023-05-30 09:17 - 000130256 _____ (HP Inc.) C:\WINDOWS\system32\hpmpw082.dll
2024-02-11 12:59 - 2020-09-23 15:49 - 003249008 _____ (The OpenSSL Project, hxxps://www.openssl.org/) C:\WINDOWS\system32\libcrypto-1_1-x64.dll
2024-02-11 12:59 - 2020-09-23 15:49 - 000929648 _____ (The OpenSSL Project, hxxps://www.openssl.org/) C:\WINDOWS\system32\libssl-1_1-x64.dll
2024-02-11 12:57 - 2024-02-11 12:57 - 023182800 _____ C:\Users\oem\Downloads\upd-pcl6-x64-7.1.0.25570.exe
2024-02-09 13:01 - 2024-02-09 13:01 - 000026935 _____ C:\Users\oem\Downloads\Google disk-----4801440322449719-17.pdf
2024-02-09 12:55 - 2024-02-09 12:55 - 000001950 _____ C:\Users\oem\Downloads\mBank - 1-2024 - 03991456_240101_240131.gpc
2024-02-09 12:54 - 2024-02-09 12:54 - 000095152 _____ C:\Users\oem\Downloads\mBank - 1-2024 - 03991456_240101_240131.pdf
2024-02-09 12:52 - 2024-02-09 12:52 - 000086364 _____ C:\Users\oem\Downloads\FIO-běžný účet - 1-2024 - Vypis_z_uctu-2400073267_20240101-20240131_cislo-1.pdf
2024-02-09 12:52 - 2024-02-09 12:52 - 000005200 _____ C:\Users\oem\Downloads\FIO-běžný účet - 1-2024 - Vypis_z_uctu-2400073267_20240101-20240131_cislo-1.gpc
2024-02-09 12:50 - 2024-02-09 12:50 - 000027302 _____ C:\Users\oem\Downloads\money_export_faktura-sosjezirka-1-2024.xml
2024-02-09 12:49 - 2024-02-09 12:49 - 000155753 _____ C:\Users\oem\Downloads\FV-1-2024-sosjezirka.pdf
2024-02-09 12:45 - 2024-02-09 12:45 - 000027513 _____ C:\Users\oem\Downloads\money_export_faktura-ikvido-1-2024.xml
2024-02-09 12:44 - 2024-02-09 12:44 - 000156606 _____ C:\Users\oem\Downloads\FV-1-2024-ikvido.pdf
2024-02-09 12:37 - 2024-02-09 12:37 - 002734021 _____ C:\Users\oem\Desktop\Predsmluvni-informace.pdf
2024-02-08 15:38 - 2024-02-08 15:38 - 000071842 _____ C:\Users\oem\Downloads\Faktura_FV20_08657.pdf
2024-02-08 14:00 - 2024-02-08 14:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2024-02-08 13:53 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\com.adobe.dunamis
2024-02-08 13:53 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Adobe
2024-02-08 13:53 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\SolidDocuments
2024-02-08 13:53 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\.ms-ad
2024-02-08 13:50 - 2024-02-08 13:50 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Opera
2024-02-08 13:50 - 2024-02-08 13:50 - 000000000 ____D C:\Users\Administrator\AppData\Local\Opera
2024-02-08 13:45 - 2024-02-08 13:45 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2864334784-1603053625-3890222848-500
2024-02-08 13:44 - 2024-02-08 20:35 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\PhraseExpress
2024-02-08 13:44 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2024-02-08 13:44 - 2024-02-08 13:45 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2864334784-1603053625-3890222848-500
2024-02-08 13:44 - 2024-02-08 13:44 - 000085525 _____ C:\WINDOWS\system32\NOTICE_mod
2024-02-08 13:44 - 2024-02-08 13:44 - 000001319 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\phraseexpress.lnk
2024-02-08 13:44 - 2024-02-08 13:44 - 000000000 ___RD C:\Users\Administrator\OneDrive
2024-02-08 13:44 - 2024-02-08 13:44 - 000000000 ____D C:\Users\Administrator\Documents\PhraseExpress
2024-02-08 13:44 - 2024-02-08 13:44 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Wondershare
2024-02-08 13:44 - 2024-02-08 13:44 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Logitech
2024-02-08 13:44 - 2024-02-08 13:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2024-02-08 13:41 - 2024-02-08 13:41 - 000002366 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2024-02-08 13:41 - 2024-02-08 13:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2024-02-08 13:40 - 2024-02-22 17:05 - 000002042 _____ C:\Users\Administrator\Desktop\Google Slides.lnk
2024-02-08 13:40 - 2024-02-22 17:05 - 000002042 _____ C:\Users\Administrator\Desktop\Google Sheets.lnk
2024-02-08 13:40 - 2024-02-22 17:05 - 000002030 _____ C:\Users\Administrator\Desktop\Google Docs.lnk
2024-02-08 13:40 - 2024-02-08 14:00 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2024-02-08 13:40 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2024-02-08 13:40 - 2024-02-08 13:53 - 000000000 ____D C:\Users\Administrator
2024-02-08 13:40 - 2024-02-08 13:45 - 000002421 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-08 13:40 - 2024-02-08 13:41 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows
2024-02-08 13:40 - 2024-02-08 13:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2024-02-08 13:40 - 2024-02-08 13:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2024-02-08 13:40 - 2024-02-08 13:40 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Šablony
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Soubory cookie
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Poslední
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Okolní tiskárny
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Okolní síť
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Nabídka Start
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Dokumenty
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Documents\Obrázky
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Documents\Hudba
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Documents\Filmy
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\Data aplikací
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 _SHDL C:\Users\Administrator\AppData\Local\Data aplikací
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Protect
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ___SD C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ___RD C:\Users\Administrator\3D Objects
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Vault
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\ESET
2024-02-08 13:40 - 2024-02-08 13:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\CCleaner Browser
2024-02-08 13:40 - 2021-11-11 15:00 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Network
2024-02-08 13:40 - 2016-09-22 09:14 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2024-02-08 13:40 - 2016-09-22 09:14 - 000000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2024-02-08 12:32 - 2024-02-08 12:32 - 000102273 _____ C:\Users\oem\Downloads\priloha_1312461549_0_Informace_pro_poplatniky.pdf
2024-02-06 17:26 - 2024-02-06 17:26 - 000070391 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240206T172638.pdf
2024-02-06 17:25 - 2024-02-06 17:25 - 000000589 _____ C:\Users\oem\Downloads\export_dpd_2024-02-06_172526.csv
2024-02-05 23:43 - 2024-02-05 23:44 - 000081353 _____ C:\Users\oem\Downloads\opravená ŽÁDOST O NAHLÉDNUTÍ DO SPISU.pdf
2024-02-05 19:37 - 2024-02-05 19:37 - 000263766 _____ C:\Users\oem\Downloads\priloha_1310586625_0_vyjadreni_k_nahlizeni_do_spis._dokumentace-Markovi (1).pdf
2024-02-05 19:35 - 2024-02-12 19:25 - 000000000 ____D C:\Users\oem\Documents\OSPOD
2024-02-05 19:31 - 2024-02-05 19:32 - 000263766 _____ C:\Users\oem\Downloads\priloha_1310586625_0_vyjadreni_k_nahlizeni_do_spis._dokumentace-Markovi.pdf
2024-02-04 14:30 - 2024-02-04 14:30 - 043095192 _____ (Telegram FZ-LLC ) C:\Users\oem\Downloads\tsetup-x64.4.14.13.exe
2024-02-04 10:37 - 2024-02-04 10:37 - 000003790 _____ C:\WINDOWS\system32\Tasks\CCleanerBrowserProtectS-1-5-21-2864334784-1603053625-3890222848-1000
2024-01-31 13:10 - 2024-01-31 13:10 - 000000000 ____D C:\Users\oem\AppData\Local\WhatsApp
2024-01-30 23:58 - 2024-01-30 23:58 - 000078035 _____ C:\Users\oem\Downloads\ŽÁDOST O NAHLÉDNUTÍ DO SPISU.pdf
2024-01-30 23:28 - 2024-01-30 23:28 - 000067556 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240130T232832.pdf
2024-01-30 23:27 - 2024-01-30 23:27 - 000000559 _____ C:\Users\oem\Downloads\export_dpd_2024-01-30_232737.csv
2024-01-30 14:28 - 2024-01-30 14:28 - 000027300 _____ C:\Users\oem\Downloads\Maloobchodní ceník dmychadel SECOH 2024.xlsx
2024-01-30 14:21 - 2024-01-30 23:22 - 000030738 _____ C:\Users\oem\Downloads\Ceník SECOH 2024 skupina E.xlsx
2024-01-30 14:16 - 2024-01-30 14:16 - 000159159 _____ C:\Users\oem\Downloads\Maloobchodní ceník dmychadel SECOH 2024.pdf
2024-01-30 14:16 - 2024-01-30 14:16 - 000158462 _____ C:\Users\oem\Downloads\Ceník SECOH 2024 skupina E.pdf
2024-01-30 13:52 - 2024-01-30 13:52 - 000486296 _____ C:\Users\oem\Downloads\Rezervacni-smlouva.doc.pdf
2024-01-30 13:48 - 2024-01-30 13:48 - 000222796 _____ C:\Users\oem\Downloads\Kupni-smlouva.doc.pdf
2024-01-29 19:31 - 2024-01-29 19:31 - 000085340 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240129T193115.pdf
2024-01-29 19:24 - 2024-01-29 19:24 - 000115773 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240129T192431.pdf
2024-01-29 19:19 - 2024-01-29 19:19 - 000000570 _____ C:\Users\oem\Downloads\export_dpd_2024-01-29_191958.csv
2024-01-29 18:58 - 2024-01-29 18:58 - 000000566 _____ C:\Users\oem\Downloads\export_dpd_2024-01-29_185813.csv
2024-01-25 19:13 - 2024-01-25 19:13 - 000071505 _____ C:\Users\oem\Downloads\ShipmentLabel_D20240125T191335.pdf
2024-01-25 19:12 - 2024-01-25 19:12 - 000000569 _____ C:\Users\oem\Downloads\export_dpd_2024-01-25_191218.csv
2024-01-24 12:19 - 2024-01-24 12:19 - 000049567 _____ C:\Users\oem\Downloads\Pohyb_26230290730_na_uctu_2400073267.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-02-22 20:05 - 2016-09-30 06:15 - 000000000 ____D C:\FRST
2024-02-22 19:54 - 2021-11-11 15:06 - 001875876 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-22 19:54 - 2019-12-07 15:41 - 000781844 _____ C:\WINDOWS\system32\perfh005.dat
2024-02-22 19:54 - 2019-12-07 15:41 - 000172578 _____ C:\WINDOWS\system32\perfc005.dat
2024-02-22 19:53 - 2022-07-07 08:22 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-22 19:52 - 2017-01-03 22:36 - 000000000 ____D C:\Users\oem\AppData\LocalLow\Mozilla
2024-02-22 19:48 - 2017-09-19 10:10 - 000000000 ____D C:\Program Files\CCleaner
2024-02-22 19:48 - 2012-12-23 11:50 - 000000000 ____D C:\Users\oem\AppData\Roaming\MyPhoneExplorer
2024-02-22 19:47 - 2021-11-11 15:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-22 19:47 - 2020-02-29 10:34 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2024-02-22 19:47 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-22 19:47 - 2013-11-12 21:18 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2024-02-22 19:14 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-02-22 19:14 - 2019-12-07 10:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2024-02-22 18:58 - 2012-11-05 15:19 - 000000000 ____D C:\Users\oem\Documents\PhraseExpress
2024-02-22 18:45 - 2012-12-23 15:08 - 000000000 ____D C:\Users\oem\AppData\Roaming\Samsung
2024-02-22 18:45 - 2012-12-23 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2024-02-22 18:44 - 2016-09-30 05:33 - 000000000 ____D C:\AdwCleaner
2024-02-22 18:39 - 2013-10-14 18:24 - 000000000 ____D C:\Users\oem\Desktop\Antispyware
2024-02-22 18:19 - 2015-11-18 11:21 - 000007994 _____ C:\WINDOWS\BRRBCOM.INI
2024-02-22 17:58 - 2012-11-01 18:40 - 000000000 ____D C:\Users\oem\AppData\Roaming\Microsoft\Word
2024-02-22 17:05 - 2022-08-26 17:53 - 000002042 _____ C:\Users\defaultuser100000\Desktop\Google Slides.lnk
2024-02-22 17:05 - 2022-08-26 17:53 - 000002042 _____ C:\Users\defaultuser100000\Desktop\Google Sheets.lnk
2024-02-22 17:05 - 2022-08-26 17:53 - 000002030 _____ C:\Users\defaultuser100000\Desktop\Google Docs.lnk
2024-02-22 17:05 - 2022-01-27 08:05 - 000002042 _____ C:\Users\42060\Desktop\Google Slides.lnk
2024-02-22 17:05 - 2022-01-27 08:05 - 000002042 _____ C:\Users\42060\Desktop\Google Sheets.lnk
2024-02-22 17:05 - 2022-01-27 08:05 - 000002030 _____ C:\Users\42060\Desktop\Google Docs.lnk
2024-02-22 17:05 - 2021-12-17 13:43 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-22 17:05 - 2021-09-23 19:49 - 000002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-02-22 17:05 - 2021-09-23 19:49 - 000002042 _____ C:\Users\Default\Desktop\Google Slides.lnk
2024-02-22 17:05 - 2021-09-23 19:49 - 000002042 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2024-02-22 17:05 - 2021-09-23 19:49 - 000002030 _____ C:\Users\Default\Desktop\Google Docs.lnk
2024-02-22 11:56 - 2012-11-02 10:03 - 000000000 ____D C:\Users\oem\AppData\Roaming\Microsoft\Excel
2024-02-22 10:38 - 2021-11-16 07:11 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2024-02-22 10:38 - 2021-11-16 07:11 - 000002386 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
2024-02-22 10:38 - 2021-11-16 07:10 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2024-02-22 10:16 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-22 10:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-20 15:58 - 2021-11-11 14:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-18 14:29 - 2022-01-28 08:21 - 000000000 ____D C:\Users\oem\AppData\Roaming\Evernote
2024-02-18 10:35 - 2021-12-13 10:34 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2864334784-1603053625-3890222848-1000
2024-02-18 10:35 - 2021-11-11 15:11 - 000003360 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2864334784-1603053625-3890222848-1000
2024-02-18 10:35 - 2021-11-11 14:56 - 000002411 _____ C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-18 10:34 - 2021-11-11 15:11 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-18 10:33 - 2022-10-12 11:22 - 000002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-02-18 10:33 - 2022-10-12 11:22 - 000002095 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-02-17 10:32 - 2020-11-09 15:05 - 000002470 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-17 10:32 - 2020-11-09 15:05 - 000002308 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-02-16 10:31 - 2012-10-31 12:27 - 000002335 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-15 20:42 - 2022-02-16 11:43 - 000000000 ____D C:\Users\oem\AppData\Roaming\Telegram Desktop
2024-02-15 19:10 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-15 18:37 - 2022-09-21 08:43 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-02-15 13:18 - 2022-09-21 08:43 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-02-15 13:18 - 2021-11-16 07:10 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-02-15 13:08 - 2022-03-26 20:15 - 000004142 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1648322131
2024-02-15 13:08 - 2022-03-26 20:15 - 000001439 _____ C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2024-02-15 13:01 - 2021-11-11 14:55 - 000462048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-15 01:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-15 00:32 - 2022-04-28 09:38 - 000000000 ____D C:\Users\oem\AppData\Roaming\DPD-electron
2024-02-14 13:16 - 2021-11-11 14:55 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-14 12:48 - 2013-08-15 09:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-14 12:39 - 2012-11-03 14:40 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-13 15:09 - 2023-03-07 12:54 - 000001615 _____ C:\Users\oem\Desktop\Bečka CENÍK VO 2024 – zástupce.lnk
2024-02-11 12:57 - 2016-11-04 12:28 - 000000000 ____D C:\HP Universal Print Driver
2024-02-08 13:57 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-02-08 13:41 - 2016-05-20 10:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-02-04 14:31 - 2022-02-16 11:43 - 000001062 _____ C:\Users\oem\Desktop\Telegram.lnk
2024-02-04 14:31 - 2022-02-16 11:43 - 000000000 ____D C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2024-02-02 10:31 - 2021-11-11 15:11 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-02 10:31 - 2021-11-11 15:11 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-01-31 13:13 - 2019-10-01 07:19 - 000000000 ____D C:\Users\oem\AppData\Roaming\WhatsApp
2024-01-31 13:10 - 2024-01-08 20:22 - 000002251 _____ C:\Users\oem\Desktop\WhatsApp (Outdated).lnk
2024-01-31 13:10 - 2019-10-01 07:19 - 000000000 ____D C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2024-01-31 13:10 - 2019-10-01 07:19 - 000000000 ____D C:\Users\oem\AppData\Local\SquirrelTemp
2024-01-25 18:51 - 2012-11-01 21:22 - 000000000 ____D C:\Users\oem\AppData\Local\CrashDumps
2024-01-23 17:56 - 2024-01-10 10:59 - 000012201 _____ C:\Users\oem\Documents\Verča - vyúčtování zaplacených věcí.xlsx
==================== Files in the root of some directories ========
2015-03-05 13:03 - 2015-03-05 13:47 - 000000288 _____ () C:\Users\oem\AppData\Roaming\MSyu.dat
2015-03-05 13:03 - 2015-03-05 13:47 - 000000288 _____ () C:\Users\oem\AppData\Roaming\PDF2XL-6-0.TrialData
2012-12-18 11:02 - 2016-03-04 10:52 - 000000058 _____ () C:\Users\oem\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2024-01-10 13:09 - 2024-01-10 13:09 - 000001321 _____ () C:\Users\oem\AppData\Local\recently-used.xbel
2012-11-01 22:01 - 2012-11-01 22:01 - 000007605 _____ () C:\Users\oem\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Re: Prosím o kontrolu logu FRST, podezření na Keylogger
Addition .... Zkomprimované v příloze
- Přílohy
-
- Addition.rar
- (21.36 KiB) Staženo 22 x
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu FRST, podezření na Keylogger
Otevřte poznámkový blok a zkopírujte do něj:
Uložte do C:\Users\oem\Desktop\Antispyware\FRST jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\MountPoints2: {a144871f-59a1-11e8-a65d-806e6f6e6963} - "H:\Windows Utilities\Installer64\Install.exe"
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 19.043.0304.0013\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64" [0 2022-01-27] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 19.043.0304.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\19.043.0304.0013" [0 2022-01-27] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" [0 2022-01-28] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" [0 2022-01-28] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [cz.seznam.software.szndesktop] => "C:\Users\Veronika\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [cz.seznam.software.autoupdate] => "C:\Users\Veronika\AppData\Roaming\Seznam.cz\szninstall.exe" -c (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Uninstall 19.043.0304.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.043.0304.0013" (No File)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {366513EB-A3F1-4115-B909-47780227A137} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {3B2CB242-8E01-41EF-B1A5-DAA751A6353D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3EA422DE-C1B7-45EA-B906-A063E2C84C6E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {45CC0FF2-055C-4DA9-B889-239A93C87DE5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {63EEFCE1-2AB4-4607-BACF-402D6F019872} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6FDA50FF-47AB-4248-848F-F11AB7C8E94F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8D7F2F72-3ACC-4E8D-B054-E10E19C7DB3F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93988D4D-32D0-4C24-A881-67FDA83E6469} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE38DABA-627A-4E8F-B385-CF75CECA845F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AF447DEB-0BAC-4111-A635-75BB34F0C0F5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B6B44D9C-0E56-4189-A142-DB5E66CB6ABD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CD459309-4164-4E79-82AF-7C7E0873183E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EA8D1844-D04B-4F74-9443-1A9947230ACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EE816DA6-387E-49F3-8624-3586618C80F8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FC7CC874-1D21-4622-8040-7C3F33833EAD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FD95BF76-9E4E-4123-A5C1-53B238C4A34B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8DBBBB37-F6C0-49A1-8D8C-A8F014ACEF9D} - System32\Tasks\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1} => D:\Setup.exe (No File)
Task: {36800DFD-F228-4BDD-889E-6FBDCA1A2EC3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (No File)
Task: {A2F29343-B3C2-4CB6-A714-843CAB7B3A0E} - System32\Tasks\{679E49C3-82EA-4689-BF84-5EBFC20B1F17} => D:\Setup.exe (No File)
Task: {94D653CE-031A-4EC4-9DB2-ED95E341E35D} - System32\Tasks\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4} => C:\Windows\system32\pcalua.exe [53760 2023-11-19] (Microsoft Windows -> Microsoft Corporation) -> -a D:\Setup.exe -d D:\
Task: {5A498D04-4150-4DB5-8C99-0FA58820929E} - System32\Tasks\{E4941AFC-DD14-462C-A1D7-77331DD70F4B} => D:\Setup.exe (No File)
Task: {366513EB-A3F1-4115-B909-47780227A137} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {3B2CB242-8E01-41EF-B1A5-DAA751A6353D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3EA422DE-C1B7-45EA-B906-A063E2C84C6E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {45CC0FF2-055C-4DA9-B889-239A93C87DE5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {63EEFCE1-2AB4-4607-BACF-402D6F019872} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6FDA50FF-47AB-4248-848F-F11AB7C8E94F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8D7F2F72-3ACC-4E8D-B054-E10E19C7DB3F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93988D4D-32D0-4C24-A881-67FDA83E6469} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE38DABA-627A-4E8F-B385-CF75CECA845F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AF447DEB-0BAC-4111-A635-75BB34F0C0F5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B6B44D9C-0E56-4189-A142-DB5E66CB6ABD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CD459309-4164-4E79-82AF-7C7E0873183E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EA8D1844-D04B-4F74-9443-1A9947230ACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EE816DA6-387E-49F3-8624-3586618C80F8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FC7CC874-1D21-4622-8040-7C3F33833EAD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FD95BF76-9E4E-4123-A5C1-53B238C4A34B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8DBBBB37-F6C0-49A1-8D8C-A8F014ACEF9D} - System32\Tasks\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1} => D:\Setup.exe (No File)
Task: {36800DFD-F228-4BDD-889E-6FBDCA1A2EC3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (No File)
Task: {A2F29343-B3C2-4CB6-A714-843CAB7B3A0E} - System32\Tasks\{679E49C3-82EA-4689-BF84-5EBFC20B1F17} => D:\Setup.exe (No File)
Task: {94D653CE-031A-4EC4-9DB2-ED95E341E35D} - System32\Tasks\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4} => C:\Windows\system32\pcalua.exe [53760 2023-11-19] (Microsoft Windows -> Microsoft Corporation) -> -a D:\Setup.exe -d D:\
Task: {5A498D04-4150-4DB5-8C99-0FA58820929E} - System32\Tasks\{E4941AFC-DD14-462C-A1D7-77331DD70F4B} => D:\Setup.exe (No File)
Task: {BB5849BA-2F14-4B15-B477-F5EA41609F1E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{A0FC9BB1-195E-415F-B89C-FF1FE5EA9F49} => C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
Task: {ACB46EB4-96F1-4033-8C64-F54E4CD2C8C7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {4C358F93-E81E-4815-AC4F-9635B021E9C1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {C049E931-AAD2-4D96-8773-2AAB7E5AEE68} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {4DAB47DC-27E3-4619-934C-2D27951C2E45} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {F46D13F9-D9FF-4F8B-A477-90A8C9756997} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {132F2982-FE2A-4D65-8DDE-AE4BFD2DF749} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {C63C6A56-982A-4263-9BFE-70BF01352A42} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 (No File)
Task: {751937BF-86C3-4C83-BB40-3A9C81F8BE86} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {08C59951-8CD5-4372-AED6-93B970B7DB44} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {3D01FF46-B79D-42EC-8291-3A71205572E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {99E85D64-C752-4ADD-A882-E55B3E09601B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {44EAA82D-3F5B-48AB-8B69-7E0696ED65D4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {049053D8-AF62-4415-BEB2-9C823901709C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {2C64B32A-5D67-47AE-93AE-1AB76E4B885F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {DCAFEADD-F070-499A-BF27-DCBD1A51A77B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {EA731C16-8D1F-4FAE-8868-18EF280B4F16} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {613ACE8F-D4A5-45A1-820D-F0222F099C6E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {9EA37728-7DB0-4720-9B0A-3627A45435A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {CD4057D5-7C9A-45CD-A78B-E8C0380A58D2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {D3265386-94E3-4D75-82FA-B37C0F76D04C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {FE008B62-188A-4D81-9403-6EF4C4028D13} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {9CD195A8-02CE-485F-AAF1-106054CDA0CC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
FF Extension: (No Name) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: (No Name) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default\extensions\sko-extension@firma.seznam.cz [not found]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
C:\Users\oem\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gfxSrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GfxUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hccutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hkcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpcpn190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmco190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmja190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmlm190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmml190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmpm081.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmprein.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmpw081.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmtp190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hppdcompio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IccLibDll_x64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ig4icd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igd10umd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igdde64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igdumd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfx11cmrt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxcmjit64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxcmrt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4459.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IGFXDEVLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxexps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxpers.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxpph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrara.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrchs.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrcht.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrcsy.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrdan.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrdeu.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrell.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrenu.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxresn.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxress.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrfin.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrfra.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrheb.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrhrv.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrhun.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrita.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrjpn.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrkor.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrnld.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrnor.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrplk.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrptb.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrptg.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrrom.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrrus.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrsky.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrslv.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrsve.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrtha.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrtrk.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxsrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxsrvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxTMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxtray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iglhcp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iglhsip64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hpcc3190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hppccompio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ig4icd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igd10umd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdde32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdumd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfx11cmrt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmjit32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmrt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxdv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxexps32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhcp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhsip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\CFRMD.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\igdkmd64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spool\prtprocs\x64\hpcpp190.dll:$CmdTcID [64]
Toolbar: HKU\S-1-5-21-2864334784-1603053625-3890222848-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [{D72EC7EF-D233-4FD1-813D-DC793C16D6B8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{6F1160BF-11DA-4D70-8A7B-95163B3E5514}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{FB669F59-048A-4E02-969E-C3F109AE0942}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{FDA95280-CD59-4115-B7DF-ADC8B3D1C86D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{3FA9F9E7-A430-4B9B-9EE3-0870EC95FBDA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AEA4A208-7B8C-4A4C-A49A-14EE90B6F3FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E553653A-9748-403F-91EA-DFB60BCE8D0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{B3276E27-DFA7-4226-B105-CB465EE559C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{39FED65B-D46F-4B0E-B307-55B65640D6EE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{A8601E11-99BB-42D6-B7C4-E821B538C273}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7C62E99E-9896-467A-90D1-A2E08C586E22}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9D6FFDD8-0D93-4ADD-B591-2ABA46061F50}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{12AF1FEA-E189-4504-BABD-96FFC0E0780B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{7C676C29-068A-4BF1-8857-868261C4AE87}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{717F93F8-832A-48CE-8BB6-5FDB2B44E411}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{917E770C-7EA3-4DCD-ABA1-1AA1D175E796}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{8B6C803A-8865-4CD5-AC4C-BB364152B0F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{B7BFA0D7-4A90-444A-9B6D-6E88EAA5B04D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6AB7B43A-CF23-4540-A890-51FEC04E8C01}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1394F780-9018-4951-941D-4FEB02642C7F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1406C810-FA1F-4327-B41A-F6C5D2EBB09A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{0EEA5DE1-ADCD-41B7-AF03-60D9332C7EE9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{0F37D903-B2EA-4CD5-BB9B-BB7AE7C45611}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AA57C5BD-3F94-4432-AE04-86CB9E6B9DDB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1D2013F5-1A05-4AAC-9D9F-5239683A4073}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{838CD643-7B1F-46D5-9B2B-29DB03DD4AFA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{1C71DBEB-3E14-4440-B79A-0DE9F640F542}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{65CACCEE-5014-4876-A194-0FB6555DEFF8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{15EEB586-F9F1-4ED1-BE1D-8BE64E774AB8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C2B77F89-4031-459B-A4BD-D2907688E663}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{A2AF7660-F957-4A55-A205-197916B38A7D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2428B9CC-4725-410F-A3EA-870B755C73E3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E1725110-6C67-4EBB-828D-B13297281BC9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{41F477A1-CCA9-43E2-8867-0DBC69C0BA29}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7FC53A2F-60A6-4520-B126-DF137AC6442D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2940B405-BBB6-4A52-A305-FA1411DF58B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9E2EE1FB-E7DB-47A3-B8FA-73B334963073}] => (Allow) C:\Users\oem\AppData\Local\Temp\7zS55C0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5EB007B1-1915-4A15-B78F-705D9C47E8F7}] => (Allow) C:\Users\oem\AppData\Local\Temp\7zS55C0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2EEFD3DD-55E8-48E3-B4C1-F8AABC0448CF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe => No File
FirewallRules: [{E29735E9-1777-420D-85A9-C065E51E3FDF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe => No File
FirewallRules: [{0A0F3540-D36F-4A78-A3CF-905C0E2D349F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe => No File
FirewallRules: [{70CEB34C-5F7D-4AC6-9E8D-F0FB5D386795}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe => No File
FirewallRules: [{ABACA143-9B86-4B1B-8DFA-30DDD5E4119C}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe => No File
FirewallRules: [{1ABB4984-DA62-4627-B02B-C6B1CB5C6716}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe => No File
FirewallRules: [{F734C2F6-9081-4C5C-AD79-7185B7BB7B91}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{EDAF065C-EC96-4E4C-A4A1-871BC8C93345}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6203214E-2A08-4E01-9966-9E516A62DB98}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C379315C-1C3F-4A05-951D-39CADC5576DC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F25FA6AE-848E-47BC-96BF-1AFD460E3E2B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F0B9DC56-D643-4753-8B80-61C35F97E694}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{29673A04-A939-4B4B-808C-0A7438FA0245}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AC514E6C-E829-425C-8CF9-2CABA09D3BFF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu FRST, podezření na Keylogger
Fix result of Farbar Recovery Scan Tool (x64) Version: 19.02.2024 02
Ran by Petr (23-02-2024 11:52:12) Run:1
Running from C:\Users\oem\Desktop\Antispyware\FRST
Loaded Profiles: Petr & MAC & 42060 & Veronika & Administrator & DefaultAppPool
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\MountPoints2: {a144871f-59a1-11e8-a65d-806e6f6e6963} - "H:\Windows Utilities\Installer64\Install.exe"
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 19.043.0304.0013\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64" [0 2022-01-27] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 19.043.0304.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\19.043.0304.0013" [0 2022-01-27] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" [0 2022-01-28] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" [0 2022-01-28] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [cz.seznam.software.szndesktop] => "C:\Users\Veronika\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [cz.seznam.software.autoupdate] => "C:\Users\Veronika\AppData\Roaming\Seznam.cz\szninstall.exe" -c (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Uninstall 19.043.0304.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.043.0304.0013" (No File)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {366513EB-A3F1-4115-B909-47780227A137} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {3B2CB242-8E01-41EF-B1A5-DAA751A6353D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3EA422DE-C1B7-45EA-B906-A063E2C84C6E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {45CC0FF2-055C-4DA9-B889-239A93C87DE5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {63EEFCE1-2AB4-4607-BACF-402D6F019872} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6FDA50FF-47AB-4248-848F-F11AB7C8E94F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8D7F2F72-3ACC-4E8D-B054-E10E19C7DB3F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93988D4D-32D0-4C24-A881-67FDA83E6469} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE38DABA-627A-4E8F-B385-CF75CECA845F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AF447DEB-0BAC-4111-A635-75BB34F0C0F5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B6B44D9C-0E56-4189-A142-DB5E66CB6ABD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CD459309-4164-4E79-82AF-7C7E0873183E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EA8D1844-D04B-4F74-9443-1A9947230ACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EE816DA6-387E-49F3-8624-3586618C80F8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FC7CC874-1D21-4622-8040-7C3F33833EAD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FD95BF76-9E4E-4123-A5C1-53B238C4A34B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8DBBBB37-F6C0-49A1-8D8C-A8F014ACEF9D} - System32\Tasks\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1} => D:\Setup.exe (No File)
Task: {36800DFD-F228-4BDD-889E-6FBDCA1A2EC3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (No File)
Task: {A2F29343-B3C2-4CB6-A714-843CAB7B3A0E} - System32\Tasks\{679E49C3-82EA-4689-BF84-5EBFC20B1F17} => D:\Setup.exe (No File)
Task: {94D653CE-031A-4EC4-9DB2-ED95E341E35D} - System32\Tasks\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4} => C:\Windows\system32\pcalua.exe [53760 2023-11-19] (Microsoft Windows -> Microsoft Corporation) -> -a D:\Setup.exe -d D:\
Task: {5A498D04-4150-4DB5-8C99-0FA58820929E} - System32\Tasks\{E4941AFC-DD14-462C-A1D7-77331DD70F4B} => D:\Setup.exe (No File)
Task: {366513EB-A3F1-4115-B909-47780227A137} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {3B2CB242-8E01-41EF-B1A5-DAA751A6353D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3EA422DE-C1B7-45EA-B906-A063E2C84C6E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {45CC0FF2-055C-4DA9-B889-239A93C87DE5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {63EEFCE1-2AB4-4607-BACF-402D6F019872} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6FDA50FF-47AB-4248-848F-F11AB7C8E94F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8D7F2F72-3ACC-4E8D-B054-E10E19C7DB3F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93988D4D-32D0-4C24-A881-67FDA83E6469} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE38DABA-627A-4E8F-B385-CF75CECA845F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AF447DEB-0BAC-4111-A635-75BB34F0C0F5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B6B44D9C-0E56-4189-A142-DB5E66CB6ABD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CD459309-4164-4E79-82AF-7C7E0873183E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EA8D1844-D04B-4F74-9443-1A9947230ACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EE816DA6-387E-49F3-8624-3586618C80F8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FC7CC874-1D21-4622-8040-7C3F33833EAD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FD95BF76-9E4E-4123-A5C1-53B238C4A34B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8DBBBB37-F6C0-49A1-8D8C-A8F014ACEF9D} - System32\Tasks\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1} => D:\Setup.exe (No File)
Task: {36800DFD-F228-4BDD-889E-6FBDCA1A2EC3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (No File)
Task: {A2F29343-B3C2-4CB6-A714-843CAB7B3A0E} - System32\Tasks\{679E49C3-82EA-4689-BF84-5EBFC20B1F17} => D:\Setup.exe (No File)
Task: {94D653CE-031A-4EC4-9DB2-ED95E341E35D} - System32\Tasks\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4} => C:\Windows\system32\pcalua.exe [53760 2023-11-19] (Microsoft Windows -> Microsoft Corporation) -> -a D:\Setup.exe -d D:\
Task: {5A498D04-4150-4DB5-8C99-0FA58820929E} - System32\Tasks\{E4941AFC-DD14-462C-A1D7-77331DD70F4B} => D:\Setup.exe (No File)
Task: {BB5849BA-2F14-4B15-B477-F5EA41609F1E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{A0FC9BB1-195E-415F-B89C-FF1FE5EA9F49} => C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
Task: {ACB46EB4-96F1-4033-8C64-F54E4CD2C8C7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {4C358F93-E81E-4815-AC4F-9635B021E9C1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {C049E931-AAD2-4D96-8773-2AAB7E5AEE68} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {4DAB47DC-27E3-4619-934C-2D27951C2E45} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {F46D13F9-D9FF-4F8B-A477-90A8C9756997} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {132F2982-FE2A-4D65-8DDE-AE4BFD2DF749} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {C63C6A56-982A-4263-9BFE-70BF01352A42} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 (No File)
Task: {751937BF-86C3-4C83-BB40-3A9C81F8BE86} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {08C59951-8CD5-4372-AED6-93B970B7DB44} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {3D01FF46-B79D-42EC-8291-3A71205572E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {99E85D64-C752-4ADD-A882-E55B3E09601B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {44EAA82D-3F5B-48AB-8B69-7E0696ED65D4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {049053D8-AF62-4415-BEB2-9C823901709C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {2C64B32A-5D67-47AE-93AE-1AB76E4B885F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {DCAFEADD-F070-499A-BF27-DCBD1A51A77B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {EA731C16-8D1F-4FAE-8868-18EF280B4F16} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {613ACE8F-D4A5-45A1-820D-F0222F099C6E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {9EA37728-7DB0-4720-9B0A-3627A45435A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {CD4057D5-7C9A-45CD-A78B-E8C0380A58D2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {D3265386-94E3-4D75-82FA-B37C0F76D04C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {FE008B62-188A-4D81-9403-6EF4C4028D13} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {9CD195A8-02CE-485F-AAF1-106054CDA0CC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
FF Extension: (No Name) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: (No Name) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default\extensions\sko-extension@firma.seznam.cz [not found]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
C:\Users\oem\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gfxSrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GfxUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hccutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hkcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpcpn190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmco190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmja190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmlm190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmml190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmpm081.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmprein.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmpw081.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmtp190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hppdcompio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IccLibDll_x64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ig4icd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igd10umd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igdde64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igdumd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfx11cmrt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxcmjit64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxcmrt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4459.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IGFXDEVLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxexps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxpers.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxpph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrara.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrchs.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrcht.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrcsy.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrdan.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrdeu.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrell.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrenu.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxresn.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxress.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrfin.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrfra.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrheb.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrhrv.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrhun.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrita.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrjpn.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrkor.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrnld.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrnor.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrplk.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrptb.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrptg.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrrom.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrrus.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrsky.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrslv.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrsve.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrtha.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrtrk.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxsrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxsrvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxTMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxtray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iglhcp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iglhsip64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hpcc3190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hppccompio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ig4icd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igd10umd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdde32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdumd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfx11cmrt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmjit32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmrt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxdv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxexps32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhcp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhsip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\CFRMD.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\igdkmd64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spool\prtprocs\x64\hpcpp190.dll:$CmdTcID [64]
Toolbar: HKU\S-1-5-21-2864334784-1603053625-3890222848-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [{D72EC7EF-D233-4FD1-813D-DC793C16D6B8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{6F1160BF-11DA-4D70-8A7B-95163B3E5514}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{FB669F59-048A-4E02-969E-C3F109AE0942}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{FDA95280-CD59-4115-B7DF-ADC8B3D1C86D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{3FA9F9E7-A430-4B9B-9EE3-0870EC95FBDA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AEA4A208-7B8C-4A4C-A49A-14EE90B6F3FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E553653A-9748-403F-91EA-DFB60BCE8D0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{B3276E27-DFA7-4226-B105-CB465EE559C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{39FED65B-D46F-4B0E-B307-55B65640D6EE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{A8601E11-99BB-42D6-B7C4-E821B538C273}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7C62E99E-9896-467A-90D1-A2E08C586E22}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9D6FFDD8-0D93-4ADD-B591-2ABA46061F50}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{12AF1FEA-E189-4504-BABD-96FFC0E0780B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{7C676C29-068A-4BF1-8857-868261C4AE87}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{717F93F8-832A-48CE-8BB6-5FDB2B44E411}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{917E770C-7EA3-4DCD-ABA1-1AA1D175E796}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{8B6C803A-8865-4CD5-AC4C-BB364152B0F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{B7BFA0D7-4A90-444A-9B6D-6E88EAA5B04D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6AB7B43A-CF23-4540-A890-51FEC04E8C01}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1394F780-9018-4951-941D-4FEB02642C7F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1406C810-FA1F-4327-B41A-F6C5D2EBB09A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{0EEA5DE1-ADCD-41B7-AF03-60D9332C7EE9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{0F37D903-B2EA-4CD5-BB9B-BB7AE7C45611}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AA57C5BD-3F94-4432-AE04-86CB9E6B9DDB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1D2013F5-1A05-4AAC-9D9F-5239683A4073}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{838CD643-7B1F-46D5-9B2B-29DB03DD4AFA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{1C71DBEB-3E14-4440-B79A-0DE9F640F542}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{65CACCEE-5014-4876-A194-0FB6555DEFF8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{15EEB586-F9F1-4ED1-BE1D-8BE64E774AB8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C2B77F89-4031-459B-A4BD-D2907688E663}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{A2AF7660-F957-4A55-A205-197916B38A7D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2428B9CC-4725-410F-A3EA-870B755C73E3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E1725110-6C67-4EBB-828D-B13297281BC9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{41F477A1-CCA9-43E2-8867-0DBC69C0BA29}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7FC53A2F-60A6-4520-B126-DF137AC6442D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2940B405-BBB6-4A52-A305-FA1411DF58B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9E2EE1FB-E7DB-47A3-B8FA-73B334963073}] => (Allow) C:\Users\oem\AppData\Local\Temp\7zS55C0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5EB007B1-1915-4A15-B78F-705D9C47E8F7}] => (Allow) C:\Users\oem\AppData\Local\Temp\7zS55C0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2EEFD3DD-55E8-48E3-B4C1-F8AABC0448CF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe => No File
FirewallRules: [{E29735E9-1777-420D-85A9-C065E51E3FDF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe => No File
FirewallRules: [{0A0F3540-D36F-4A78-A3CF-905C0E2D349F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe => No File
FirewallRules: [{70CEB34C-5F7D-4AC6-9E8D-F0FB5D386795}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe => No File
FirewallRules: [{ABACA143-9B86-4B1B-8DFA-30DDD5E4119C}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe => No File
FirewallRules: [{1ABB4984-DA62-4627-B02B-C6B1CB5C6716}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe => No File
FirewallRules: [{F734C2F6-9081-4C5C-AD79-7185B7BB7B91}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{EDAF065C-EC96-4E4C-A4A1-871BC8C93345}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6203214E-2A08-4E01-9966-9E516A62DB98}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C379315C-1C3F-4A05-951D-39CADC5576DC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F25FA6AE-848E-47BC-96BF-1AFD460E3E2B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F0B9DC56-D643-4753-8B80-61C35F97E694}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{29673A04-A939-4B4B-808C-0A7438FA0245}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AC514E6C-E829-425C-8CF9-2CABA09D3BFF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a144871f-59a1-11e8-a65d-806e6f6e6963} => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 19.043.0304.0013\amd64" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 19.043.0304.0013" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 21.220.1024.0005\amd64" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 21.220.1024.0005" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 19.043.0304.0013" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{366513EB-A3F1-4115-B909-47780227A137}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{366513EB-A3F1-4115-B909-47780227A137}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B2CB242-8E01-41EF-B1A5-DAA751A6353D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B2CB242-8E01-41EF-B1A5-DAA751A6353D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EA422DE-C1B7-45EA-B906-A063E2C84C6E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EA422DE-C1B7-45EA-B906-A063E2C84C6E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45CC0FF2-055C-4DA9-B889-239A93C87DE5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45CC0FF2-055C-4DA9-B889-239A93C87DE5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63EEFCE1-2AB4-4607-BACF-402D6F019872}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63EEFCE1-2AB4-4607-BACF-402D6F019872}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FDA50FF-47AB-4248-848F-F11AB7C8E94F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FDA50FF-47AB-4248-848F-F11AB7C8E94F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D7F2F72-3ACC-4E8D-B054-E10E19C7DB3F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D7F2F72-3ACC-4E8D-B054-E10E19C7DB3F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{93988D4D-32D0-4C24-A881-67FDA83E6469}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93988D4D-32D0-4C24-A881-67FDA83E6469}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE38DABA-627A-4E8F-B385-CF75CECA845F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE38DABA-627A-4E8F-B385-CF75CECA845F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF447DEB-0BAC-4111-A635-75BB34F0C0F5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF447DEB-0BAC-4111-A635-75BB34F0C0F5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6B44D9C-0E56-4189-A142-DB5E66CB6ABD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6B44D9C-0E56-4189-A142-DB5E66CB6ABD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD459309-4164-4E79-82AF-7C7E0873183E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD459309-4164-4E79-82AF-7C7E0873183E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA8D1844-D04B-4F74-9443-1A9947230ACE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA8D1844-D04B-4F74-9443-1A9947230ACE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE816DA6-387E-49F3-8624-3586618C80F8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE816DA6-387E-49F3-8624-3586618C80F8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC7CC874-1D21-4622-8040-7C3F33833EAD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC7CC874-1D21-4622-8040-7C3F33833EAD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD95BF76-9E4E-4123-A5C1-53B238C4A34B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD95BF76-9E4E-4123-A5C1-53B238C4A34B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DBBBB37-F6C0-49A1-8D8C-A8F014ACEF9D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DBBBB37-F6C0-49A1-8D8C-A8F014ACEF9D}" => removed successfully
C:\WINDOWS\System32\Tasks\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36800DFD-F228-4BDD-889E-6FBDCA1A2EC3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36800DFD-F228-4BDD-889E-6FBDCA1A2EC3}" => removed successfully
C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2F29343-B3C2-4CB6-A714-843CAB7B3A0E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2F29343-B3C2-4CB6-A714-843CAB7B3A0E}" => removed successfully
C:\WINDOWS\System32\Tasks\{679E49C3-82EA-4689-BF84-5EBFC20B1F17} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{679E49C3-82EA-4689-BF84-5EBFC20B1F17}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94D653CE-031A-4EC4-9DB2-ED95E341E35D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94D653CE-031A-4EC4-9DB2-ED95E341E35D}" => removed successfully
C:\WINDOWS\System32\Tasks\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A498D04-4150-4DB5-8C99-0FA58820929E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A498D04-4150-4DB5-8C99-0FA58820929E}" => removed successfully
C:\WINDOWS\System32\Tasks\{E4941AFC-DD14-462C-A1D7-77331DD70F4B} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E4941AFC-DD14-462C-A1D7-77331DD70F4B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{366513EB-A3F1-4115-B909-47780227A137}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B2CB242-8E01-41EF-B1A5-DAA751A6353D}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EA422DE-C1B7-45EA-B906-A063E2C84C6E}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45CC0FF2-055C-4DA9-B889-239A93C87DE5}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63EEFCE1-2AB4-4607-BACF-402D6F019872}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FDA50FF-47AB-4248-848F-F11AB7C8E94F}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D7F2F72-3ACC-4E8D-B054-E10E19C7DB3F}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93988D4D-32D0-4C24-A881-67FDA83E6469}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE38DABA-627A-4E8F-B385-CF75CECA845F}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF447DEB-0BAC-4111-A635-75BB34F0C0F5}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6B44D9C-0E56-4189-A142-DB5E66CB6ABD}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD459309-4164-4E79-82AF-7C7E0873183E}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA8D1844-D04B-4F74-9443-1A9947230ACE}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE816DA6-387E-49F3-8624-3586618C80F8}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC7CC874-1D21-4622-8040-7C3F33833EAD}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD95BF76-9E4E-4123-A5C1-53B238C4A34B}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DBBBB37-F6C0-49A1-8D8C-A8F014ACEF9D}" => not found
"C:\WINDOWS\System32\Tasks\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36800DFD-F228-4BDD-889E-6FBDCA1A2EC3}" => not found
"C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2F29343-B3C2-4CB6-A714-843CAB7B3A0E}" => not found
"C:\WINDOWS\System32\Tasks\{679E49C3-82EA-4689-BF84-5EBFC20B1F17}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{679E49C3-82EA-4689-BF84-5EBFC20B1F17}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94D653CE-031A-4EC4-9DB2-ED95E341E35D}" => not found
"C:\WINDOWS\System32\Tasks\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A498D04-4150-4DB5-8C99-0FA58820929E}" => not found
"C:\WINDOWS\System32\Tasks\{E4941AFC-DD14-462C-A1D7-77331DD70F4B}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E4941AFC-DD14-462C-A1D7-77331DD70F4B}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BB5849BA-2F14-4B15-B477-F5EA41609F1E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB5849BA-2F14-4B15-B477-F5EA41609F1E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{A0FC9BB1-195E-415F-B89C-FF1FE5EA9F49} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{A0FC9BB1-195E-415F-B89C-FF1FE5EA9F49}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACB46EB4-96F1-4033-8C64-F54E4CD2C8C7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACB46EB4-96F1-4033-8C64-F54E4CD2C8C7}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C358F93-E81E-4815-AC4F-9635B021E9C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C358F93-E81E-4815-AC4F-9635B021E9C1}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C049E931-AAD2-4D96-8773-2AAB7E5AEE68}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C049E931-AAD2-4D96-8773-2AAB7E5AEE68}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DAB47DC-27E3-4619-934C-2D27951C2E45}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DAB47DC-27E3-4619-934C-2D27951C2E45}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F46D13F9-D9FF-4F8B-A477-90A8C9756997}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F46D13F9-D9FF-4F8B-A477-90A8C9756997}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{132F2982-FE2A-4D65-8DDE-AE4BFD2DF749}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{132F2982-FE2A-4D65-8DDE-AE4BFD2DF749}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C63C6A56-982A-4263-9BFE-70BF01352A42}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C63C6A56-982A-4263-9BFE-70BF01352A42}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{751937BF-86C3-4C83-BB40-3A9C81F8BE86}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{751937BF-86C3-4C83-BB40-3A9C81F8BE86}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08C59951-8CD5-4372-AED6-93B970B7DB44}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08C59951-8CD5-4372-AED6-93B970B7DB44}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D01FF46-B79D-42EC-8291-3A71205572E3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D01FF46-B79D-42EC-8291-3A71205572E3}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99E85D64-C752-4ADD-A882-E55B3E09601B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99E85D64-C752-4ADD-A882-E55B3E09601B}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44EAA82D-3F5B-48AB-8B69-7E0696ED65D4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44EAA82D-3F5B-48AB-8B69-7E0696ED65D4}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{049053D8-AF62-4415-BEB2-9C823901709C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{049053D8-AF62-4415-BEB2-9C823901709C}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C64B32A-5D67-47AE-93AE-1AB76E4B885F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C64B32A-5D67-47AE-93AE-1AB76E4B885F}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCAFEADD-F070-499A-BF27-DCBD1A51A77B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCAFEADD-F070-499A-BF27-DCBD1A51A77B}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA731C16-8D1F-4FAE-8868-18EF280B4F16}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA731C16-8D1F-4FAE-8868-18EF280B4F16}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{613ACE8F-D4A5-45A1-820D-F0222F099C6E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{613ACE8F-D4A5-45A1-820D-F0222F099C6E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9EA37728-7DB0-4720-9B0A-3627A45435A9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EA37728-7DB0-4720-9B0A-3627A45435A9}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD4057D5-7C9A-45CD-A78B-E8C0380A58D2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD4057D5-7C9A-45CD-A78B-E8C0380A58D2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3265386-94E3-4D75-82FA-B37C0F76D04C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3265386-94E3-4D75-82FA-B37C0F76D04C}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE008B62-188A-4D81-9403-6EF4C4028D13}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE008B62-188A-4D81-9403-6EF4C4028D13}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CD195A8-02CE-485F-AAF1-106054CDA0CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CD195A8-02CE-485F-AAF1-106054CDA0CC}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => removed successfully
C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => path removed successfully
C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default\extensions\sko-extension@firma.seznam.cz => path removed successfully
"HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully
C:\Users\oem\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
C:\WINDOWS\system32\difx64.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\gfxSrvc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\GfxUI.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hccutils.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hkcmd.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpcpn190.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpmco190.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpmja190.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpmlm190.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpmml190.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpmpm081.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpmprein.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpmpw081.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpmtp190.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hppdcompio.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\IccLibDll_x64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\ig4icd64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igd10umd64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igdde64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igdumd64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfx11cmrt64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxcmjit64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxcmrt64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxCoIn_v4459.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxcpl.cpl => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxdev.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\IGFXDEVLib.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxdo.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxexps.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxext.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxpers.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxpph.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrara.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrchs.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrcht.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrcsy.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrdan.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrdeu.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrell.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrenu.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxresn.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxress.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrfin.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrfra.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrheb.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrhrv.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrhun.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrita.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrjpn.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrkor.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrnld.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrnor.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrplk.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrptb.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrptg.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrrom.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrrus.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrsky.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrslv.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrsve.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrtha.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrtrk.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxsrvc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxsrvc.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxTMM.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxtray.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\iglhcp64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\iglhsip64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\hpcc3190.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\hppccompio.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\ig4icd32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\igd10umd32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\igdde32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\igdumd32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\igfx11cmrt32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\igfxcmjit32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\igfxcmrt32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\igfxdv32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\igfxexps32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\iglhcp32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\iglhsip32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\indexeddbserver.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\CFRMD.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\igdkmd64.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\spool\prtprocs\x64\hpcpp190.dll => ":$CmdTcID" ADS removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D72EC7EF-D233-4FD1-813D-DC793C16D6B8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F1160BF-11DA-4D70-8A7B-95163B3E5514}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB669F59-048A-4E02-969E-C3F109AE0942}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FDA95280-CD59-4115-B7DF-ADC8B3D1C86D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3FA9F9E7-A430-4B9B-9EE3-0870EC95FBDA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AEA4A208-7B8C-4A4C-A49A-14EE90B6F3FE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E553653A-9748-403F-91EA-DFB60BCE8D0E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3276E27-DFA7-4226-B105-CB465EE559C0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{39FED65B-D46F-4B0E-B307-55B65640D6EE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8601E11-99BB-42D6-B7C4-E821B538C273}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C62E99E-9896-467A-90D1-A2E08C586E22}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D6FFDD8-0D93-4ADD-B591-2ABA46061F50}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12AF1FEA-E189-4504-BABD-96FFC0E0780B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C676C29-068A-4BF1-8857-868261C4AE87}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{717F93F8-832A-48CE-8BB6-5FDB2B44E411}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{917E770C-7EA3-4DCD-ABA1-1AA1D175E796}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B6C803A-8865-4CD5-AC4C-BB364152B0F0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7BFA0D7-4A90-444A-9B6D-6E88EAA5B04D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6AB7B43A-CF23-4540-A890-51FEC04E8C01}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1394F780-9018-4951-941D-4FEB02642C7F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1406C810-FA1F-4327-B41A-F6C5D2EBB09A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0EEA5DE1-ADCD-41B7-AF03-60D9332C7EE9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F37D903-B2EA-4CD5-BB9B-BB7AE7C45611}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA57C5BD-3F94-4432-AE04-86CB9E6B9DDB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D2013F5-1A05-4AAC-9D9F-5239683A4073}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{838CD643-7B1F-46D5-9B2B-29DB03DD4AFA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C71DBEB-3E14-4440-B79A-0DE9F640F542}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{65CACCEE-5014-4876-A194-0FB6555DEFF8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{15EEB586-F9F1-4ED1-BE1D-8BE64E774AB8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C2B77F89-4031-459B-A4BD-D2907688E663}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2AF7660-F957-4A55-A205-197916B38A7D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2428B9CC-4725-410F-A3EA-870B755C73E3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1725110-6C67-4EBB-828D-B13297281BC9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41F477A1-CCA9-43E2-8867-0DBC69C0BA29}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FC53A2F-60A6-4520-B126-DF137AC6442D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2940B405-BBB6-4A52-A305-FA1411DF58B1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E2EE1FB-E7DB-47A3-B8FA-73B334963073}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5EB007B1-1915-4A15-B78F-705D9C47E8F7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2EEFD3DD-55E8-48E3-B4C1-F8AABC0448CF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E29735E9-1777-420D-85A9-C065E51E3FDF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A0F3540-D36F-4A78-A3CF-905C0E2D349F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{70CEB34C-5F7D-4AC6-9E8D-F0FB5D386795}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ABACA143-9B86-4B1B-8DFA-30DDD5E4119C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1ABB4984-DA62-4627-B02B-C6B1CB5C6716}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F734C2F6-9081-4C5C-AD79-7185B7BB7B91}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EDAF065C-EC96-4E4C-A4A1-871BC8C93345}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6203214E-2A08-4E01-9966-9E516A62DB98}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C379315C-1C3F-4A05-951D-39CADC5576DC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F25FA6AE-848E-47BC-96BF-1AFD460E3E2B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0B9DC56-D643-4753-8B80-61C35F97E694}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29673A04-A939-4B4B-808C-0A7438FA0245}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC514E6C-E829-425C-8CF9-2CABA09D3BFF}" => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 910554202 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 4594259 B
Edge => 0 B
Chrome => 2002606277 B
Firefox => 63823088 B
Opera => 298801172 B
Temp, IE cache, history, cookies, recent:
Default => 16674 B
ProgramData => 16674 B
Public => 16674 B
systemprofile => 16694 B
systemprofile32 => 16694 B
LocalService => 3641254 B
NetworkService => 3641254 B
oem => 1352173927 B
MAC => 1404358041 B
42060 => 1497451900 B
Veronika => 1549096834 B
defaultuser100000 => 1549661647 B
Administrator => 1613972832 B
DefaultAppPool => 1613989506 B
RecycleBin => 261254123 B
EmptyTemp: => 13.2 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 13:00:56 ====
Ran by Petr (23-02-2024 11:52:12) Run:1
Running from C:\Users\oem\Desktop\Antispyware\FRST
Loaded Profiles: Petr & MAC & 42060 & Veronika & Administrator & DefaultAppPool
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\...\MountPoints2: {a144871f-59a1-11e8-a65d-806e6f6e6963} - "H:\Windows Utilities\Installer64\Install.exe"
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 19.043.0304.0013\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64" [0 2022-01-27] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 19.043.0304.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\19.043.0304.0013" [0 2022-01-27] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" [0 2022-01-28] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\42060\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" [0 2022-01-28] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [cz.seznam.software.szndesktop] => "C:\Users\Veronika\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\...\Run: [cz.seznam.software.autoupdate] => "C:\Users\Veronika\AppData\Roaming\Seznam.cz\szninstall.exe" -c (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2864334784-1603053625-3890222848-500\...\RunOnce: [Uninstall 19.043.0304.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\19.043.0304.0013" (No File)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {366513EB-A3F1-4115-B909-47780227A137} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {3B2CB242-8E01-41EF-B1A5-DAA751A6353D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3EA422DE-C1B7-45EA-B906-A063E2C84C6E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {45CC0FF2-055C-4DA9-B889-239A93C87DE5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {63EEFCE1-2AB4-4607-BACF-402D6F019872} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6FDA50FF-47AB-4248-848F-F11AB7C8E94F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8D7F2F72-3ACC-4E8D-B054-E10E19C7DB3F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93988D4D-32D0-4C24-A881-67FDA83E6469} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE38DABA-627A-4E8F-B385-CF75CECA845F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AF447DEB-0BAC-4111-A635-75BB34F0C0F5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B6B44D9C-0E56-4189-A142-DB5E66CB6ABD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CD459309-4164-4E79-82AF-7C7E0873183E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EA8D1844-D04B-4F74-9443-1A9947230ACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EE816DA6-387E-49F3-8624-3586618C80F8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FC7CC874-1D21-4622-8040-7C3F33833EAD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FD95BF76-9E4E-4123-A5C1-53B238C4A34B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8DBBBB37-F6C0-49A1-8D8C-A8F014ACEF9D} - System32\Tasks\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1} => D:\Setup.exe (No File)
Task: {36800DFD-F228-4BDD-889E-6FBDCA1A2EC3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (No File)
Task: {A2F29343-B3C2-4CB6-A714-843CAB7B3A0E} - System32\Tasks\{679E49C3-82EA-4689-BF84-5EBFC20B1F17} => D:\Setup.exe (No File)
Task: {94D653CE-031A-4EC4-9DB2-ED95E341E35D} - System32\Tasks\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4} => C:\Windows\system32\pcalua.exe [53760 2023-11-19] (Microsoft Windows -> Microsoft Corporation) -> -a D:\Setup.exe -d D:\
Task: {5A498D04-4150-4DB5-8C99-0FA58820929E} - System32\Tasks\{E4941AFC-DD14-462C-A1D7-77331DD70F4B} => D:\Setup.exe (No File)
Task: {366513EB-A3F1-4115-B909-47780227A137} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {3B2CB242-8E01-41EF-B1A5-DAA751A6353D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3EA422DE-C1B7-45EA-B906-A063E2C84C6E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {45CC0FF2-055C-4DA9-B889-239A93C87DE5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {63EEFCE1-2AB4-4607-BACF-402D6F019872} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6FDA50FF-47AB-4248-848F-F11AB7C8E94F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8D7F2F72-3ACC-4E8D-B054-E10E19C7DB3F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93988D4D-32D0-4C24-A881-67FDA83E6469} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE38DABA-627A-4E8F-B385-CF75CECA845F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AF447DEB-0BAC-4111-A635-75BB34F0C0F5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B6B44D9C-0E56-4189-A142-DB5E66CB6ABD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CD459309-4164-4E79-82AF-7C7E0873183E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EA8D1844-D04B-4F74-9443-1A9947230ACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EE816DA6-387E-49F3-8624-3586618C80F8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FC7CC874-1D21-4622-8040-7C3F33833EAD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {FD95BF76-9E4E-4123-A5C1-53B238C4A34B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8DBBBB37-F6C0-49A1-8D8C-A8F014ACEF9D} - System32\Tasks\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1} => D:\Setup.exe (No File)
Task: {36800DFD-F228-4BDD-889E-6FBDCA1A2EC3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (No File)
Task: {A2F29343-B3C2-4CB6-A714-843CAB7B3A0E} - System32\Tasks\{679E49C3-82EA-4689-BF84-5EBFC20B1F17} => D:\Setup.exe (No File)
Task: {94D653CE-031A-4EC4-9DB2-ED95E341E35D} - System32\Tasks\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4} => C:\Windows\system32\pcalua.exe [53760 2023-11-19] (Microsoft Windows -> Microsoft Corporation) -> -a D:\Setup.exe -d D:\
Task: {5A498D04-4150-4DB5-8C99-0FA58820929E} - System32\Tasks\{E4941AFC-DD14-462C-A1D7-77331DD70F4B} => D:\Setup.exe (No File)
Task: {BB5849BA-2F14-4B15-B477-F5EA41609F1E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{A0FC9BB1-195E-415F-B89C-FF1FE5EA9F49} => C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
Task: {ACB46EB4-96F1-4033-8C64-F54E4CD2C8C7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {4C358F93-E81E-4815-AC4F-9635B021E9C1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {C049E931-AAD2-4D96-8773-2AAB7E5AEE68} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {4DAB47DC-27E3-4619-934C-2D27951C2E45} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {F46D13F9-D9FF-4F8B-A477-90A8C9756997} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {132F2982-FE2A-4D65-8DDE-AE4BFD2DF749} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {C63C6A56-982A-4263-9BFE-70BF01352A42} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 (No File)
Task: {751937BF-86C3-4C83-BB40-3A9C81F8BE86} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {08C59951-8CD5-4372-AED6-93B970B7DB44} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {3D01FF46-B79D-42EC-8291-3A71205572E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {99E85D64-C752-4ADD-A882-E55B3E09601B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {44EAA82D-3F5B-48AB-8B69-7E0696ED65D4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {049053D8-AF62-4415-BEB2-9C823901709C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {2C64B32A-5D67-47AE-93AE-1AB76E4B885F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {DCAFEADD-F070-499A-BF27-DCBD1A51A77B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {EA731C16-8D1F-4FAE-8868-18EF280B4F16} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {613ACE8F-D4A5-45A1-820D-F0222F099C6E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {9EA37728-7DB0-4720-9B0A-3627A45435A9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {CD4057D5-7C9A-45CD-A78B-E8C0380A58D2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {D3265386-94E3-4D75-82FA-B37C0F76D04C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {FE008B62-188A-4D81-9403-6EF4C4028D13} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {9CD195A8-02CE-485F-AAF1-106054CDA0CC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
FF Extension: (No Name) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: (No Name) - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default\extensions\sko-extension@firma.seznam.cz [not found]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
C:\Users\oem\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gfxSrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GfxUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hccutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hkcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpcpn190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmco190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmja190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmlm190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmml190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmpm081.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmprein.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmpw081.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpmtp190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hppdcompio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IccLibDll_x64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ig4icd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igd10umd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igdde64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igdumd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfx11cmrt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxcmjit64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxcmrt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4459.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IGFXDEVLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxexps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxpers.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxpph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrara.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrchs.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrcht.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrcsy.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrdan.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrdeu.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrell.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrenu.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxresn.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxress.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrfin.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrfra.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrheb.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrhrv.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrhun.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrita.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrjpn.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrkor.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrnld.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrnor.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrplk.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrptb.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrptg.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrrom.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrrus.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrsky.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrslv.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrsve.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrtha.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxrtrk.lrc:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxsrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxsrvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxTMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxtray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iglhcp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iglhsip64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hpcc3190.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hppccompio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ig4icd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igd10umd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdde32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igdumd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfx11cmrt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmjit32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxcmrt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxdv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\igfxexps32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhcp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iglhsip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\CFRMD.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\igdkmd64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spool\prtprocs\x64\hpcpp190.dll:$CmdTcID [64]
Toolbar: HKU\S-1-5-21-2864334784-1603053625-3890222848-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [{D72EC7EF-D233-4FD1-813D-DC793C16D6B8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{6F1160BF-11DA-4D70-8A7B-95163B3E5514}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{FB669F59-048A-4E02-969E-C3F109AE0942}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{FDA95280-CD59-4115-B7DF-ADC8B3D1C86D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{3FA9F9E7-A430-4B9B-9EE3-0870EC95FBDA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AEA4A208-7B8C-4A4C-A49A-14EE90B6F3FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E553653A-9748-403F-91EA-DFB60BCE8D0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{B3276E27-DFA7-4226-B105-CB465EE559C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{39FED65B-D46F-4B0E-B307-55B65640D6EE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{A8601E11-99BB-42D6-B7C4-E821B538C273}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7C62E99E-9896-467A-90D1-A2E08C586E22}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9D6FFDD8-0D93-4ADD-B591-2ABA46061F50}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{12AF1FEA-E189-4504-BABD-96FFC0E0780B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{7C676C29-068A-4BF1-8857-868261C4AE87}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{717F93F8-832A-48CE-8BB6-5FDB2B44E411}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{917E770C-7EA3-4DCD-ABA1-1AA1D175E796}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{8B6C803A-8865-4CD5-AC4C-BB364152B0F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{B7BFA0D7-4A90-444A-9B6D-6E88EAA5B04D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6AB7B43A-CF23-4540-A890-51FEC04E8C01}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1394F780-9018-4951-941D-4FEB02642C7F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1406C810-FA1F-4327-B41A-F6C5D2EBB09A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{0EEA5DE1-ADCD-41B7-AF03-60D9332C7EE9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{0F37D903-B2EA-4CD5-BB9B-BB7AE7C45611}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AA57C5BD-3F94-4432-AE04-86CB9E6B9DDB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{1D2013F5-1A05-4AAC-9D9F-5239683A4073}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{838CD643-7B1F-46D5-9B2B-29DB03DD4AFA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{1C71DBEB-3E14-4440-B79A-0DE9F640F542}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{65CACCEE-5014-4876-A194-0FB6555DEFF8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{15EEB586-F9F1-4ED1-BE1D-8BE64E774AB8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C2B77F89-4031-459B-A4BD-D2907688E663}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{A2AF7660-F957-4A55-A205-197916B38A7D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2428B9CC-4725-410F-A3EA-870B755C73E3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E1725110-6C67-4EBB-828D-B13297281BC9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{41F477A1-CCA9-43E2-8867-0DBC69C0BA29}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7FC53A2F-60A6-4520-B126-DF137AC6442D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2940B405-BBB6-4A52-A305-FA1411DF58B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{9E2EE1FB-E7DB-47A3-B8FA-73B334963073}] => (Allow) C:\Users\oem\AppData\Local\Temp\7zS55C0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5EB007B1-1915-4A15-B78F-705D9C47E8F7}] => (Allow) C:\Users\oem\AppData\Local\Temp\7zS55C0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2EEFD3DD-55E8-48E3-B4C1-F8AABC0448CF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe => No File
FirewallRules: [{E29735E9-1777-420D-85A9-C065E51E3FDF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe => No File
FirewallRules: [{0A0F3540-D36F-4A78-A3CF-905C0E2D349F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe => No File
FirewallRules: [{70CEB34C-5F7D-4AC6-9E8D-F0FB5D386795}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe => No File
FirewallRules: [{ABACA143-9B86-4B1B-8DFA-30DDD5E4119C}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe => No File
FirewallRules: [{1ABB4984-DA62-4627-B02B-C6B1CB5C6716}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe => No File
FirewallRules: [{F734C2F6-9081-4C5C-AD79-7185B7BB7B91}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{EDAF065C-EC96-4E4C-A4A1-871BC8C93345}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6203214E-2A08-4E01-9966-9E516A62DB98}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C379315C-1C3F-4A05-951D-39CADC5576DC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F25FA6AE-848E-47BC-96BF-1AFD460E3E2B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F0B9DC56-D643-4753-8B80-61C35F97E694}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{29673A04-A939-4B4B-808C-0A7438FA0245}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AC514E6C-E829-425C-8CF9-2CABA09D3BFF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.115.448.0_x86__zpdnekdrzrea0\Spotify.exe => No File
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a144871f-59a1-11e8-a65d-806e6f6e6963} => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 19.043.0304.0013\amd64" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 19.043.0304.0013" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 21.220.1024.0005\amd64" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 21.220.1024.0005" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1005\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 19.043.0304.0013" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{366513EB-A3F1-4115-B909-47780227A137}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{366513EB-A3F1-4115-B909-47780227A137}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B2CB242-8E01-41EF-B1A5-DAA751A6353D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B2CB242-8E01-41EF-B1A5-DAA751A6353D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EA422DE-C1B7-45EA-B906-A063E2C84C6E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EA422DE-C1B7-45EA-B906-A063E2C84C6E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45CC0FF2-055C-4DA9-B889-239A93C87DE5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45CC0FF2-055C-4DA9-B889-239A93C87DE5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63EEFCE1-2AB4-4607-BACF-402D6F019872}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63EEFCE1-2AB4-4607-BACF-402D6F019872}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FDA50FF-47AB-4248-848F-F11AB7C8E94F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FDA50FF-47AB-4248-848F-F11AB7C8E94F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D7F2F72-3ACC-4E8D-B054-E10E19C7DB3F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D7F2F72-3ACC-4E8D-B054-E10E19C7DB3F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{93988D4D-32D0-4C24-A881-67FDA83E6469}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93988D4D-32D0-4C24-A881-67FDA83E6469}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE38DABA-627A-4E8F-B385-CF75CECA845F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE38DABA-627A-4E8F-B385-CF75CECA845F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF447DEB-0BAC-4111-A635-75BB34F0C0F5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF447DEB-0BAC-4111-A635-75BB34F0C0F5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6B44D9C-0E56-4189-A142-DB5E66CB6ABD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6B44D9C-0E56-4189-A142-DB5E66CB6ABD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD459309-4164-4E79-82AF-7C7E0873183E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD459309-4164-4E79-82AF-7C7E0873183E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA8D1844-D04B-4F74-9443-1A9947230ACE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA8D1844-D04B-4F74-9443-1A9947230ACE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE816DA6-387E-49F3-8624-3586618C80F8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE816DA6-387E-49F3-8624-3586618C80F8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC7CC874-1D21-4622-8040-7C3F33833EAD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC7CC874-1D21-4622-8040-7C3F33833EAD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD95BF76-9E4E-4123-A5C1-53B238C4A34B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD95BF76-9E4E-4123-A5C1-53B238C4A34B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DBBBB37-F6C0-49A1-8D8C-A8F014ACEF9D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DBBBB37-F6C0-49A1-8D8C-A8F014ACEF9D}" => removed successfully
C:\WINDOWS\System32\Tasks\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36800DFD-F228-4BDD-889E-6FBDCA1A2EC3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36800DFD-F228-4BDD-889E-6FBDCA1A2EC3}" => removed successfully
C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2F29343-B3C2-4CB6-A714-843CAB7B3A0E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2F29343-B3C2-4CB6-A714-843CAB7B3A0E}" => removed successfully
C:\WINDOWS\System32\Tasks\{679E49C3-82EA-4689-BF84-5EBFC20B1F17} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{679E49C3-82EA-4689-BF84-5EBFC20B1F17}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94D653CE-031A-4EC4-9DB2-ED95E341E35D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94D653CE-031A-4EC4-9DB2-ED95E341E35D}" => removed successfully
C:\WINDOWS\System32\Tasks\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A498D04-4150-4DB5-8C99-0FA58820929E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A498D04-4150-4DB5-8C99-0FA58820929E}" => removed successfully
C:\WINDOWS\System32\Tasks\{E4941AFC-DD14-462C-A1D7-77331DD70F4B} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E4941AFC-DD14-462C-A1D7-77331DD70F4B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{366513EB-A3F1-4115-B909-47780227A137}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B2CB242-8E01-41EF-B1A5-DAA751A6353D}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EA422DE-C1B7-45EA-B906-A063E2C84C6E}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45CC0FF2-055C-4DA9-B889-239A93C87DE5}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63EEFCE1-2AB4-4607-BACF-402D6F019872}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FDA50FF-47AB-4248-848F-F11AB7C8E94F}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D7F2F72-3ACC-4E8D-B054-E10E19C7DB3F}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93988D4D-32D0-4C24-A881-67FDA83E6469}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE38DABA-627A-4E8F-B385-CF75CECA845F}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF447DEB-0BAC-4111-A635-75BB34F0C0F5}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6B44D9C-0E56-4189-A142-DB5E66CB6ABD}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD459309-4164-4E79-82AF-7C7E0873183E}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA8D1844-D04B-4F74-9443-1A9947230ACE}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE816DA6-387E-49F3-8624-3586618C80F8}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC7CC874-1D21-4622-8040-7C3F33833EAD}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD95BF76-9E4E-4123-A5C1-53B238C4A34B}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DBBBB37-F6C0-49A1-8D8C-A8F014ACEF9D}" => not found
"C:\WINDOWS\System32\Tasks\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2679C6B7-E537-4CEE-BFEC-1A0BC3D38FF1}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36800DFD-F228-4BDD-889E-6FBDCA1A2EC3}" => not found
"C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2F29343-B3C2-4CB6-A714-843CAB7B3A0E}" => not found
"C:\WINDOWS\System32\Tasks\{679E49C3-82EA-4689-BF84-5EBFC20B1F17}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{679E49C3-82EA-4689-BF84-5EBFC20B1F17}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94D653CE-031A-4EC4-9DB2-ED95E341E35D}" => not found
"C:\WINDOWS\System32\Tasks\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{807FD7EF-F55F-42D6-A1BD-1820F6F39DC4}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A498D04-4150-4DB5-8C99-0FA58820929E}" => not found
"C:\WINDOWS\System32\Tasks\{E4941AFC-DD14-462C-A1D7-77331DD70F4B}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E4941AFC-DD14-462C-A1D7-77331DD70F4B}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BB5849BA-2F14-4B15-B477-F5EA41609F1E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB5849BA-2F14-4B15-B477-F5EA41609F1E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{A0FC9BB1-195E-415F-B89C-FF1FE5EA9F49} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{A0FC9BB1-195E-415F-B89C-FF1FE5EA9F49}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACB46EB4-96F1-4033-8C64-F54E4CD2C8C7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACB46EB4-96F1-4033-8C64-F54E4CD2C8C7}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C358F93-E81E-4815-AC4F-9635B021E9C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C358F93-E81E-4815-AC4F-9635B021E9C1}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C049E931-AAD2-4D96-8773-2AAB7E5AEE68}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C049E931-AAD2-4D96-8773-2AAB7E5AEE68}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DAB47DC-27E3-4619-934C-2D27951C2E45}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DAB47DC-27E3-4619-934C-2D27951C2E45}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F46D13F9-D9FF-4F8B-A477-90A8C9756997}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F46D13F9-D9FF-4F8B-A477-90A8C9756997}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{132F2982-FE2A-4D65-8DDE-AE4BFD2DF749}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{132F2982-FE2A-4D65-8DDE-AE4BFD2DF749}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C63C6A56-982A-4263-9BFE-70BF01352A42}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C63C6A56-982A-4263-9BFE-70BF01352A42}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{751937BF-86C3-4C83-BB40-3A9C81F8BE86}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{751937BF-86C3-4C83-BB40-3A9C81F8BE86}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08C59951-8CD5-4372-AED6-93B970B7DB44}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08C59951-8CD5-4372-AED6-93B970B7DB44}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D01FF46-B79D-42EC-8291-3A71205572E3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D01FF46-B79D-42EC-8291-3A71205572E3}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99E85D64-C752-4ADD-A882-E55B3E09601B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99E85D64-C752-4ADD-A882-E55B3E09601B}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44EAA82D-3F5B-48AB-8B69-7E0696ED65D4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44EAA82D-3F5B-48AB-8B69-7E0696ED65D4}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{049053D8-AF62-4415-BEB2-9C823901709C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{049053D8-AF62-4415-BEB2-9C823901709C}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C64B32A-5D67-47AE-93AE-1AB76E4B885F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C64B32A-5D67-47AE-93AE-1AB76E4B885F}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCAFEADD-F070-499A-BF27-DCBD1A51A77B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCAFEADD-F070-499A-BF27-DCBD1A51A77B}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA731C16-8D1F-4FAE-8868-18EF280B4F16}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA731C16-8D1F-4FAE-8868-18EF280B4F16}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{613ACE8F-D4A5-45A1-820D-F0222F099C6E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{613ACE8F-D4A5-45A1-820D-F0222F099C6E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9EA37728-7DB0-4720-9B0A-3627A45435A9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EA37728-7DB0-4720-9B0A-3627A45435A9}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD4057D5-7C9A-45CD-A78B-E8C0380A58D2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD4057D5-7C9A-45CD-A78B-E8C0380A58D2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3265386-94E3-4D75-82FA-B37C0F76D04C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3265386-94E3-4D75-82FA-B37C0F76D04C}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE008B62-188A-4D81-9403-6EF4C4028D13}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE008B62-188A-4D81-9403-6EF4C4028D13}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CD195A8-02CE-485F-AAF1-106054CDA0CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CD195A8-02CE-485F-AAF1-106054CDA0CC}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => removed successfully
C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => path removed successfully
C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\dqjh2a50.default\extensions\sko-extension@firma.seznam.cz => path removed successfully
"HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully
C:\Users\oem\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
C:\WINDOWS\system32\difx64.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\gfxSrvc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\GfxUI.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hccutils.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hkcmd.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpcpn190.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpmco190.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpmja190.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpmlm190.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpmml190.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpmpm081.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpmprein.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpmpw081.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hpmtp190.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hppdcompio.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\IccLibDll_x64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\ig4icd64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igd10umd64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igdde64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igdumd64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfx11cmrt64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxcmjit64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxcmrt64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxCoIn_v4459.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxcpl.cpl => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxdev.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\IGFXDEVLib.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxdo.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxexps.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxext.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxpers.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxpph.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrara.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrchs.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrcht.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrcsy.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrdan.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrdeu.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrell.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrenu.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxresn.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxress.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrfin.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrfra.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrheb.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrhrv.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrhun.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrita.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrjpn.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrkor.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrnld.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrnor.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrplk.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrptb.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrptg.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrrom.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrrus.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrsky.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrslv.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrsve.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrtha.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxrtrk.lrc => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxsrvc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxsrvc.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxTMM.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\igfxtray.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\iglhcp64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\iglhsip64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\hpcc3190.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\hppccompio.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\ig4icd32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\igd10umd32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\igdde32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\igdumd32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\igfx11cmrt32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\igfxcmjit32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\igfxcmrt32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\igfxdv32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\igfxexps32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\iglhcp32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\iglhsip32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\indexeddbserver.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\CFRMD.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\igdkmd64.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\spool\prtprocs\x64\hpcpp190.dll => ":$CmdTcID" ADS removed successfully
"HKU\S-1-5-21-2864334784-1603053625-3890222848-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D72EC7EF-D233-4FD1-813D-DC793C16D6B8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F1160BF-11DA-4D70-8A7B-95163B3E5514}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB669F59-048A-4E02-969E-C3F109AE0942}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FDA95280-CD59-4115-B7DF-ADC8B3D1C86D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3FA9F9E7-A430-4B9B-9EE3-0870EC95FBDA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AEA4A208-7B8C-4A4C-A49A-14EE90B6F3FE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E553653A-9748-403F-91EA-DFB60BCE8D0E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3276E27-DFA7-4226-B105-CB465EE559C0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{39FED65B-D46F-4B0E-B307-55B65640D6EE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8601E11-99BB-42D6-B7C4-E821B538C273}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C62E99E-9896-467A-90D1-A2E08C586E22}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D6FFDD8-0D93-4ADD-B591-2ABA46061F50}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12AF1FEA-E189-4504-BABD-96FFC0E0780B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C676C29-068A-4BF1-8857-868261C4AE87}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{717F93F8-832A-48CE-8BB6-5FDB2B44E411}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{917E770C-7EA3-4DCD-ABA1-1AA1D175E796}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B6C803A-8865-4CD5-AC4C-BB364152B0F0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7BFA0D7-4A90-444A-9B6D-6E88EAA5B04D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6AB7B43A-CF23-4540-A890-51FEC04E8C01}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1394F780-9018-4951-941D-4FEB02642C7F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1406C810-FA1F-4327-B41A-F6C5D2EBB09A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0EEA5DE1-ADCD-41B7-AF03-60D9332C7EE9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F37D903-B2EA-4CD5-BB9B-BB7AE7C45611}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA57C5BD-3F94-4432-AE04-86CB9E6B9DDB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D2013F5-1A05-4AAC-9D9F-5239683A4073}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{838CD643-7B1F-46D5-9B2B-29DB03DD4AFA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C71DBEB-3E14-4440-B79A-0DE9F640F542}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{65CACCEE-5014-4876-A194-0FB6555DEFF8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{15EEB586-F9F1-4ED1-BE1D-8BE64E774AB8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C2B77F89-4031-459B-A4BD-D2907688E663}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2AF7660-F957-4A55-A205-197916B38A7D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2428B9CC-4725-410F-A3EA-870B755C73E3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1725110-6C67-4EBB-828D-B13297281BC9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41F477A1-CCA9-43E2-8867-0DBC69C0BA29}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FC53A2F-60A6-4520-B126-DF137AC6442D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2940B405-BBB6-4A52-A305-FA1411DF58B1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E2EE1FB-E7DB-47A3-B8FA-73B334963073}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5EB007B1-1915-4A15-B78F-705D9C47E8F7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2EEFD3DD-55E8-48E3-B4C1-F8AABC0448CF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E29735E9-1777-420D-85A9-C065E51E3FDF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A0F3540-D36F-4A78-A3CF-905C0E2D349F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{70CEB34C-5F7D-4AC6-9E8D-F0FB5D386795}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ABACA143-9B86-4B1B-8DFA-30DDD5E4119C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1ABB4984-DA62-4627-B02B-C6B1CB5C6716}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F734C2F6-9081-4C5C-AD79-7185B7BB7B91}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EDAF065C-EC96-4E4C-A4A1-871BC8C93345}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6203214E-2A08-4E01-9966-9E516A62DB98}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C379315C-1C3F-4A05-951D-39CADC5576DC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F25FA6AE-848E-47BC-96BF-1AFD460E3E2B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0B9DC56-D643-4753-8B80-61C35F97E694}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29673A04-A939-4B4B-808C-0A7438FA0245}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC514E6C-E829-425C-8CF9-2CABA09D3BFF}" => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 910554202 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 4594259 B
Edge => 0 B
Chrome => 2002606277 B
Firefox => 63823088 B
Opera => 298801172 B
Temp, IE cache, history, cookies, recent:
Default => 16674 B
ProgramData => 16674 B
Public => 16674 B
systemprofile => 16694 B
systemprofile32 => 16694 B
LocalService => 3641254 B
NetworkService => 3641254 B
oem => 1352173927 B
MAC => 1404358041 B
42060 => 1497451900 B
Veronika => 1549096834 B
defaultuser100000 => 1549661647 B
Administrator => 1613972832 B
DefaultAppPool => 1613989506 B
RecycleBin => 261254123 B
EmptyTemp: => 13.2 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 13:00:56 ====
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu FRST, podezření na Keylogger
Smazáno. Nastala změna k lepšímu?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu FRST, podezření na Keylogger
Nepomohlo. Pořád to píše nesmyslné znaky, ale jen občas. Např. v´tahané ... vytahané, Doŕý ... dobrý , shrnuj¨...shrnuji.
Chybné znaky se vypisují pouze v prohlížeči Chrome. Chrome je aktualizovaný Verze 121.0.6167.185 (Oficiální sestavení) (64bitový)
Zkoušel jsem vypnout všechna rozšíření. Nepomohlo...
Chybné znaky se vypisují pouze v prohlížeči Chrome. Chrome je aktualizovaný Verze 121.0.6167.185 (Oficiální sestavení) (64bitový)
Zkoušel jsem vypnout všechna rozšíření. Nepomohlo...
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu FRST, podezření na Keylogger
Zkusíme vyčistit prohlížeče. Spusťte postupně následující utility:
1. Stahnete Zoek.exe https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
1. Stahnete Zoek.exe https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu FRST, podezření na Keylogger
ad) 1. Stahnete Zoek.exe https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/
- nemám kredit na edisk. Lze nahrát na nějakou bezplatnou úschovnu ? Třeba uschovna.cz
- ZOEK.EXE je hodnocen jako trojan, Je to bezpečné ???
Zoek.exe je soubor, který je součástí viru trojského koně. Je navržen tak, aby na infikovaném počítači prováděl různé škodlivé akce, jako je krádež citlivých informací, instalace dalšího malwaru a umožnění útočníkům získat neoprávněný přístup a kontrolu nad postiženým systémem.
ad 2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
- také chce zaplatit kredit ....
- nemám kredit na edisk. Lze nahrát na nějakou bezplatnou úschovnu ? Třeba uschovna.cz
- ZOEK.EXE je hodnocen jako trojan, Je to bezpečné ???
Zoek.exe je soubor, který je součástí viru trojského koně. Je navržen tak, aby na infikovaném počítači prováděl různé škodlivé akce, jako je krádež citlivých informací, instalace dalšího malwaru a umožnění útočníkům získat neoprávněný přístup a kontrolu nad postiženým systémem.
ad 2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
- také chce zaplatit kredit ....
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu FRST, podezření na Keylogger
Tak ještě včera toto nebylo. Posílám Zoek i JRT Na váš registrační e-mail.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu FRST, podezření na Keylogger
Můžete, prosím, poslat na jiný mail?
Zaslal jsem Vám jej do rudy(zavináč)forum.viry.cz
Děkuji
Zaslal jsem Vám jej do rudy(zavináč)forum.viry.cz
Děkuji
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu FRST, podezření na Keylogger
Posláno.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?