Prosim o kontrolu pomalé PC

Zpráva

MMMMM · #1 Příspěvek od **MMMMM** » 01 čer 2020 15:19

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-05-2020 01
Ran by Marsal (administrator) on POHRS (Dell Inc. Latitude E6530) (01-06-2020 16:07:43)
Running from C:\Users\Marsal\Desktop
Loaded Profiles: Marsal
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
() [File not signed] C:\Windows\SysWOW64\srvany.exe
(ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe <2>
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(AuthenTec, Inc. -> Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(ELDES UAB -> ) C:\Program Files\Common Files\Eldes\ELDES Service.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Maxim Deminov -> @MAX Software) C:\Program Files (x86)\MaxSyncUp\MaxSyncUp.exe
(Maxim Deminov -> @MAX Software) C:\Program Files (x86)\MaxSyncUp\msusvc.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <6>
(O2Micro Inc. -> O2Micro International) C:\Windows\System32\o2flash.exe
(O2Micro Inc. -> O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(SafeNet, Inc. -> SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\prl.exe
(Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\rmd.exe
(Softland SRL -> Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Wave Systems Corp. -> ) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Wave Systems Corp. -> Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Wave Systems Corp. -> Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Wave Systems Corp.) [File not signed] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [736552 2015-05-29] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [370584 2012-11-09] (Wave Systems Corp. -> Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc. -> Dell Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4148664 2013-10-07] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-07-17] (Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation)
HKLM\...\Run: [PrintDisp] => C:\Windows\system32\PrintDisp.exe [588936 2015-08-18] (ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104528 2013-02-26] (VMware, Inc. -> VMware, Inc.)
HKLM-x32\...\Run: [TBII-PRELOADER] => C:\Siemens_EA\TBII\EMII\BIN\PRL.EXE [97280 2014-02-27] (Siemens AG) [File not signed]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [77824 2018-10-04] (Apple Computer, Inc.) [File not signed]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\...\Windows x64\Print Processors\ActMask: C:\Windows\System32\spool\prtprocs\x64\ActPrint.dll [51336 2017-02-19] (ActMask Group Co., Ltd -> ActMask Co.,Ltd)
HKLM\...\Windows x64\Print Processors\HP1005PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1005PP.dll [65024 2013-04-01] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\HP1005LM: C:\Windows\system32\HP1005LM.DLL [178688 2013-04-01] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\novaPDF Port Monitor: C:\Windows\system32\novamn8.dll [18944 2016-12-16] (Softland) [File not signed]
HKLM\...\Print\Monitors\PDF-XChange V6 Printer Port Monitor (Lite): C:\Windows\system32\pxcpm5L.dll [150208 2017-02-07] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
HKLM\...\Print\Monitors\WSD Port: C:\Windows\system32\WSDMon.dll [224768 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.61\Installer\chrmstp.exe [2020-05-22] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\...\Authentication\Credential Providers: [{18CBEEAA-6708-41A1-9379-D08915333CF2}] -> C:\Program Files\Common Files\SPBA\provider.dll [2012-08-17] (AuthenTec, Inc. -> Authentec Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2012-02-22] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll [2012-02-22] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{AE583D93-8D1B-424F-9858-5623FB7824EE}] -> C:\Program Files\Common Files\SPBA\provider.dll [2012-08-17] (AuthenTec, Inc. -> Authentec Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-03-22]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-03-22]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc. -> Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-03-22]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc. -> Dell Inc.)
Startup: C:\Users\Eng_TBII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-03-22]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc. -> Dell Inc.)
Startup: C:\Users\Marsal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-03-22]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc. -> Dell Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {009BA484-6FA4-409E-928C-373BAF7AFF4E} - System32\Tasks\GoogleUpdateTaskMachineCore1d12e50ffd0952d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {00FB573A-5990-49FD-BBEB-50570EAAC154} - System32\Tasks\GoogleUpdateTaskMachineUA1d002f2d42d6254 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {095E7A76-8B84-4161-A1BF-99A75EFF7B9B} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f10475820c0d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {0C40A0A5-D478-4A63-B215-EF22991645DD} - System32\Tasks\GoogleUpdateTaskMachineUA1d15e3f4dd45b57 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {0C82E3E5-CD05-461D-A916-7C745877714D} - System32\Tasks\{D5ABCAC2-019B-48CF-B60F-A8D3EC0BDC5C} => C:\Windows\system32\pcalua.exe -a C:\Users\Eng_TBII\Desktop\SALAMAND.EXE -d C:\Users\Eng_TBII\Desktop
Task: {0FB6737A-91AD-4071-9FC0-C010C75B2C84} - System32\Tasks\WinThruster64-Marsal-Startup => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe <==== ATTENTION
Task: {18FD6ED4-2E3D-4C5D-A491-101DE862E032} - System32\Tasks\{DDFDF8E6-9FC9-41F1-A9AF-9A34AF3026BD} => C:\Windows\system32\pcalua.exe -a C:\Windows\iun6002.exe -c "E:\Portable\WYSIWYG Web Builder 10\irunin.ini" <==== ATTENTION
Task: {1975B8DF-3B3A-4688-9EDA-5B7F031528E7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {1975B8DF-3B3A-4688-9EDA-5B7F031528E7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {19FC6C74-65FD-40EE-8761-3DAEB32DF832} - System32\Tasks\GoogleUpdateTaskMachineCore1d0442c6483cad6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {1BE61B9A-7F11-42AE-80BF-368C94890E7A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1eb5c84a67257 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {1F87D442-12D5-4A60-B685-9DA31E969E58} - System32\Tasks\GoogleUpdateTaskMachineUA1d091e7d41a9630 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {2A67726F-3893-427A-8250-BB44B3D4EEA8} - System32\Tasks\GoogleUpdateTaskMachineCore1d15e3f4dbed736 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {3381E415-0A77-4CE0-942C-694F6D0AC7FA} - System32\Tasks\{D6842B4B-4CEF-46FF-88CE-2406810A73E4} => C:\Windows\system32\pcalua.exe -a C:\Windows\unvise32qt.exe -c C:\Windows\system32\QuickTime\Uninstall.log
Task: {35AFFA54-F29D-4CBB-97D1-500B293D36CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {43E11D12-2102-426D-8EBE-B718E0FB43EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {50065D99-36D9-4A1E-963F-41328AA996CF} - System32\Tasks\GoogleUpdateTaskMachineUA1d12e50ffe99bcb => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {52BEBEB5-FC96-4450-BC04-90F52E8549D4} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [682408 2016-12-16] (Softland SRL -> )
Task: {61104FFA-67A1-4611-A529-E14D95770740} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {61104FFA-67A1-4611-A529-E14D95770740} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {6D6025F1-A47C-430D-B94E-174FECA78470} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {6D6025F1-A47C-430D-B94E-174FECA78470} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {7101F7DB-2222-448B-B463-C26870634176} - \SpyHunter4Startup -> No File <==== ATTENTION
Task: {8448F66F-5F55-4695-B7ED-4B299C9122BA} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf2f446dca70 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {8644D8AA-53DD-4FB7-9C14-16692C9A3203} - System32\Tasks\GoogleUpdateTaskMachineUA1d1eb5c84bc6ba9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {964EC295-9A62-47FC-9582-7601E5EB54FD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {964EC295-9A62-47FC-9582-7601E5EB54FD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {964EC295-9A62-47FC-9582-7601E5EB54FD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {A6899650-D6AE-410A-9F1A-1CF5345FB6AA} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf2f444cd475 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {ABF29991-41D5-4248-AB94-F12FDBC1975F} - System32\Tasks\Ashampoo Privacy Protector Weekly Security Scan => C:\Program Files (x86)\Ashampoo\Ashampoo Privacy Protector\PrivacyProtector.exe
Task: {AD38CD45-93B1-4D32-8EC0-11B16EA7E1C8} - System32\Tasks\{4C24CC4B-EC99-4779-ABE4-E4E8277CDE60} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Altap Salamander\remove\remove.exe"
Task: {AE7FCAAB-F6D1-4852-9B39-9F354A60EE5D} - System32\Tasks\GoogleUpdateTaskMachineCore1d091e7d3ff6caa => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {BC48C21B-4F43-4D58-BF0D-D5676AC274F1} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {C185CA7E-36F4-495C-88BD-8153675CD0E3} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f104759fa69c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {C777EF2D-6D0E-4AD3-977D-48C583B82F73} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab39f5bc091d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {DE647C46-284E-4EC5-9A3D-5318FEBDD71B} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab39f59ce7e8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {E5FAB1D4-4573-4487-BAA0-B8C24310AC5B} - System32\Tasks\GoogleUpdateTaskMachineUA1d0442c649ef45c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {E73A29F6-ACB6-4C99-B952-8FFC7ED50D88} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e25af61709a4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {EFA8B190-43B0-4D76-B6E9-5338D07FB661} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [855352 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {FFFFA652-CABF-46FC-83C8-896E03FC9F94} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e25af634f254 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0442c6483cad6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d091e7d3ff6caa.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf2f444cd475.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e25af61709a4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f10475820c0d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e50ffd0952d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e3f4dbed736.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab39f59ce7e8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d002f2d42d6254.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0442c649ef45c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d091e7d41a9630.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf2f446dca70.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e25af634f254.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f104759fa69c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e50ffe99bcb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15e3f4dd45b57.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab39f5bc091d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{05CC11B1-09F3-4C3D-BEB8-9A43A1940489}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{13D67E57-6A65-4784-84E4-2F9931E10815}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{DF801C61-BF64-4798-AE02-C0F6FEE5BBAB}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.71.1,1]

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {3965D173-40FC-424F-9703-F831D32C8393} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {62694250-03A8-4440-96F1-3F6DC0B864AF} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... kSearch_12
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&r ... {startPage}
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {7C791268-4AF8-4919-9304-07B755B8A557} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {923B92C4-B653-4002-8D98-F6A77810DEBD} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... kSearch_12
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {B352A849-9513-44A9-B119-CED8E358CF4F} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {C0054516-41EE-4ABF-853D-3D301DC05C2A} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {C7851CF3-22CC-4B91-8736-07D868E1B4CE} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... kSearch_12
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {D70ACB0B-5D3F-43EB-94CA-5127B0180311} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab

FireFox:
========
FF DefaultProfile: 2wmfnqiv.default-1441599875080
FF ProfilePath: C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080 [2020-06-01]
FF DownloadDir: C:
FF NewTab: Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080 -> C:\\ProgramData\\Medlights\\ff.NT
FF Notifications: Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080 -> hxxps://dashboard.zopim.com; hxxp://dashboard.zopim.com; hxxp://dashboard.smartsupp.com; hxxps://dashboard.smartsupp.com; hxxps://calendar.google.com; hxxps://web.whatsapp.com; hxxps://sofe.ladesk.com; hxxps://www.exasoft.cz; hxxps://www.smartsupp.com; hxxps://forum.chronomag.cz
FF NewTabOverride: Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080 -> Disabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (Firebug) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01] [Legacy]
FF Extension: (MEGA) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\firefox@mega.co.nz.xpi [2020-05-30] [UpdateUrl:hxxps://mega.nz/firefox-web-extension-updates.json]
FF Extension: (Youtube to MP3 Plugin) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\flv2mp3@hotger.com.xpi [2017-11-17]
FF Extension: (SafeInCloud Password Manager) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\info@safe-in-cloud.com.xpi [2020-05-30]
FF Extension: (Add to Wunderlist) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\jid1-3gu11JeYBiIuJA@jetpack.xpi [2017-03-29] [Legacy]
FF Extension: (To Google Translate) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2019-11-25]
FF Extension: (Seznam doplněk - Esko) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\sko-extension@firma.seznam.cz.xpi [2020-04-28]
FF Extension: (Session Manager) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31] [Legacy]
FF Extension: (ePub Reader) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\{323353ee-cfbd-4178-9676-85566d98c8b1}.xpi [2020-01-30]
FF Extension: (gtranslate) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2016-11-30] [Legacy]
FF Extension: (Zoom Scheduler) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}.xpi [2020-04-30]
FF Extension: (No Name) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-04-01]
FF Extension: (Seznam doplněk - Email) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2020-04-28]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Extension: (ESET Endpoint Security Extension) - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2014-07-17] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-02-07] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2017-02-07] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2019-07-16] () [File not signed]
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2019-07-16] () [File not signed]
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2018-12-10] (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-02-07] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3879696279-2694623716-4221884656-1006: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-02-07] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3879696279-2694623716-4221884656-1006: www.wansview.com/HYPlayer -> C:\Program Files (x86)\HYPlayer\npHYPlayer.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default [2020-06-01]
CHR Notifications: Default -> hxxps://calendar.google.com
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/","hxxps://isearch.avg.co ... 2012-09-28 09:40:19&v=12.2.5.34&sap=hp","hxxp://www.google.com"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Dokumenty) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (SEO META in 1 CLICK) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjogjfinolnhfhkbipphpdlldadpnmhc [2019-07-23]
CHR Extension: (YouTube) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (History 2) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp [2017-05-07]
CHR Extension: (Wondershare Video Converter Ultimate) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp [2017-09-02]
CHR Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2020-04-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-01]
CHR Extension: (Snip it! button for eBay) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhaoojkpcgaobmnnphdpdokcgdiibblh [2019-02-10]
CHR Extension: (SafeInCloud Password Manager) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lchdigjbcmdgcfeijpfkpadacbijihjl [2020-04-24]
CHR Extension: (Rozšíření Google Keep pro Chrome) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2020-05-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Simple EPUB Reader) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2017-06-07]
CHR Extension: (Downloader for Instagram™ + Direct Message) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkpikmlhoaojbbmmpejnimiglejmboe [2020-05-19]
CHR Extension: (Gmail) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-23]
CHR Profile: C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-23]
CHR HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96000 2015-09-25] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [36544 2020-04-17] (Dell Inc -> )
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc. -> Dell Inc.)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [42048 2013-10-07] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1025584 2013-10-07] (ESET, spol. s r.o. -> ESET)
R2 EldesService; C:\Program Files\Common Files\Eldes\ELDES Service.exe [201416 2018-08-01] (ELDES UAB -> )
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [225720 2012-11-20] (Wave Systems Corp. -> )
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [191368 2013-10-07] (ESET, spol. s r.o. -> ESET)
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet, Inc. -> SafeNet Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [317416 2018-09-24] (Intel Corporation -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-05-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MaxSyncUpService; C:\Program Files (x86)\MaxSyncUp\msusvc.exe [2340912 2018-05-07] (Maxim Deminov -> @MAX Software)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] (Intel Corporation-Mobile Wireless Group -> )
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51112 2016-12-16] (Softland SRL -> Microsoft)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro Inc. -> O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S2 OracleServiceTBII; C:\Siemens_EA\TBII\DB\ORANT\BIN\oracle.exe [156133376 2013-10-09] (Oracle Corporation) [File not signed]
S2 OracleTBIIORA11R2TNSListener; C:\Siemens_EA\TBII\DB\ORANT\BIN\TNSLSNR.EXE [552960 2013-10-08] (Oracle Corporation) [File not signed]
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [20480 2012-11-23] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13255184 2020-05-19] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13242960 2013-02-26] (VMware, Inc. -> )
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1758720 2012-11-19] (Wave Systems Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254384 2012-11-08] (Wave Systems Corp. -> Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel Corporation-Mobile Wireless Group -> Intel® Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksdf; C:\Windows\system32\drivers\aksdf.sys [75648 2010-07-27] (Microsoft Windows Hardware Compatibility Publisher -> SafeNet Inc.)
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [131072 2010-09-27] (Microsoft Windows Hardware Compatibility Publisher -> SafeNet Inc.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [53760 2009-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [25344 2009-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Aladdin Knowledge Systems Ltd.)
S3 ASPI; C:\Windows\SysWOW64\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed]
R3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [176096 2010-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc. -> Dell Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [219184 2013-10-25] (ESET, spol. s r.o. -> ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [185224 2013-09-09] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [155896 2013-09-09] (ESET, spol. s r.o. -> ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [147096 2013-09-09] (ESET, spol. s r.o. -> ESET)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-12] (Enigma Software Group USA, LLC -> )
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2017-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [94704 2014-01-31] (Future Technology Devices International Ltd -> FTDI Ltd.)
S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [86896 2014-01-31] (Future Technology Devices International Ltd -> FTDI Ltd.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [318464 2009-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Aladdin Knowledge Systems Ltd.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [190032 2016-04-04] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [551936 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics -> STMicroelectronics)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-10] (Intel Wireless Display -> Windows (R) Win 7 DDK provider)
S1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [24064 2013-04-16] (Shrew Soft Inc) [File not signed]
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31824 2013-02-26] (VMware, Inc. -> VMware, Inc.)
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [17408 2013-04-16] (Shrew Soft Inc) [File not signed]
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc. -> VMware, Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-10] (Intel Wireless Display -> Windows (R) Win 7 DDK provider)
S3 RHDISK_AMD64; \??\E:\_rohos\RHDISK_AMD64.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-01 16:07 - 2020-06-01 16:09 - 000050046 _____ C:\Users\Marsal\Desktop\FRST.txt
2020-06-01 16:07 - 2020-06-01 16:09 - 000000000 ____D C:\FRST
2020-06-01 16:05 - 2020-06-01 16:05 - 002289152 _____ (Farbar) C:\Users\Marsal\Desktop\FRST64.exe
2020-06-01 15:52 - 2020-06-01 15:52 - 000003134 _____ C:\Windows\system32\Tasks\{D6842B4B-4CEF-46FF-88CE-2406810A73E4}
2020-06-01 15:14 - 2020-06-01 15:14 - 000000000 ____D C:\Users\Eng_TBII\AppData\Roaming\audacity
2020-06-01 15:14 - 2020-06-01 15:14 - 000000000 ____D C:\Users\Eng_TBII\AppData\Local\Audacity
2020-05-29 06:29 - 2020-05-29 06:29 - 000089495 _____ C:\Základní škola, Znojmo, náměstí Republiky 9_V1.pdf
2020-05-26 18:59 - 2020-05-26 18:59 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-05-25 20:19 - 2020-05-25 20:19 - 000000000 _____ C:\Windows\invcol.tmp
2020-05-24 13:12 - 2020-05-24 13:12 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\ProcessKO
2020-05-24 09:27 - 2020-06-01 16:08 - 000005014 _____ C:\Windows\system32\Tasks\WSCEAA
2020-05-23 19:02 - 2020-05-23 19:02 - 000001016 _____ C:\Users\Marsal\Desktop\IrfanView 64.lnk
2020-05-23 19:01 - 2020-05-23 19:01 - 000000000 ____D C:\Program Files\IrfanView
2020-05-23 12:18 - 2020-05-23 18:18 - 000001740 _____ C:\Users\Marsal\Desktop\MPC-HC x64.lnk
2020-05-23 12:18 - 2020-05-23 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2020-05-23 12:18 - 2020-05-23 12:18 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\MPC-HC
2020-05-23 12:17 - 2020-05-23 18:18 - 000000000 ____D C:\Program Files\MPC-HC
2020-05-23 10:40 - 2020-05-23 10:40 - 519571494 _____ C:\Temna stranka lodni dopravy 2016.avi
2020-05-23 07:12 - 2020-05-31 13:17 - 000000000 ____D C:\SHROMAZDENI
2020-05-12 07:34 - 2020-05-12 07:34 - 000000969 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2020-05-12 07:34 - 2020-05-12 07:34 - 000000957 _____ C:\Users\Public\Desktop\TeamViewer.lnk
2020-05-12 07:34 - 2020-05-12 07:34 - 000000957 _____ C:\ProgramData\Desktop\TeamViewer.lnk
2020-05-12 06:04 - 2020-05-12 14:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-05-11 06:01 - 2020-05-11 06:01 - 000000000 ____D C:\Windows\{7DA24A28-C923-41B7-A761-BD12300E8634}
2020-05-05 08:45 - 2020-05-05 08:58 - 000000000 ____D C:\Users\Marsal\AppData\Local\Bluestacks
2020-05-05 08:45 - 2020-05-05 08:50 - 000000000 ____D C:\Users\Public\BlueStacks
2020-05-02 17:13 - 2020-05-02 17:13 - 020385120 _____ (Famatech Corp. ) C:\Advanced_IP_Scanner_2.5.3850.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-01 16:07 - 2016-02-03 06:56 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15e3f4dd45b57.job
2020-06-01 16:07 - 2015-09-17 06:51 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f104759fa69c.job
2020-06-01 16:07 - 2015-07-15 20:51 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf2f446dca70.job
2020-06-01 16:03 - 2016-11-18 14:55 - 000000000 ____D C:\Users\Marsal\AppData\LocalLow\Mozilla
2020-06-01 16:01 - 2015-12-04 07:02 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e50ffe99bcb.job
2020-06-01 16:01 - 2015-02-09 07:51 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0442c649ef45c.job
2020-06-01 15:59 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-06-01 15:59 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-06-01 15:58 - 2015-02-14 23:04 - 000000000 ____D C:\Program Files (x86)\Online TV
2020-06-01 15:57 - 2018-02-13 09:26 - 000692616 _____ C:\Windows\system32\perfh007.dat
2020-06-01 15:57 - 2018-02-13 09:26 - 000151114 _____ C:\Windows\system32\perfc007.dat
2020-06-01 15:57 - 2015-05-15 09:36 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2020-06-01 15:57 - 2013-05-30 13:48 - 000673472 _____ C:\Windows\system32\perfh005.dat
2020-06-01 15:57 - 2013-05-30 13:48 - 000143602 _____ C:\Windows\system32\perfc005.dat
2020-06-01 15:57 - 2009-07-14 07:13 - 002435084 _____ C:\Windows\system32\PerfStringBackup.INI
2020-06-01 15:57 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-06-01 15:56 - 2016-05-11 06:02 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab39f5bc091d.job
2020-06-01 15:56 - 2015-08-29 15:02 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e25af634f254.job
2020-06-01 15:56 - 2015-05-19 05:56 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d091e7d41a9630.job
2020-06-01 15:56 - 2014-11-18 07:45 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d002f2d42d6254.job
2020-06-01 15:52 - 2018-10-04 08:19 - 000000000 ____D C:\Windows\SysWOW64\QuickTime
2020-06-01 15:52 - 2018-10-04 08:19 - 000000000 ____D C:\Program Files (x86)\QuickTime
2020-06-01 15:51 - 2015-07-18 15:34 - 000000000 __SHD C:\Users\Marsal\IntelGraphicsProfiles
2020-06-01 15:51 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\registration
2020-06-01 15:50 - 2013-12-10 12:10 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2020-06-01 15:49 - 2018-10-04 08:19 - 000054156 ____H C:\Windows\QTFont.qfn
2020-06-01 15:49 - 2017-02-22 10:24 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-06-01 15:49 - 2016-05-11 06:02 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab39f59ce7e8.job
2020-06-01 15:49 - 2016-02-03 06:56 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e3f4dbed736.job
2020-06-01 15:49 - 2015-12-04 07:02 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e50ffd0952d.job
2020-06-01 15:49 - 2015-09-17 06:51 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f10475820c0d.job
2020-06-01 15:49 - 2015-08-29 15:02 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e25af61709a4.job
2020-06-01 15:49 - 2015-07-15 20:51 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf2f444cd475.job
2020-06-01 15:49 - 2015-05-19 05:56 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d091e7d3ff6caa.job
2020-06-01 15:49 - 2015-02-09 07:51 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0442c6483cad6.job
2020-06-01 15:49 - 2013-12-10 12:10 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2020-06-01 15:49 - 2013-05-30 16:41 - 000000000 ____D C:\ProgramData\VMware
2020-06-01 15:49 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-01 15:43 - 2013-09-20 06:41 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\VMware
2020-06-01 15:43 - 2013-09-20 06:41 - 000000000 ____D C:\Users\Marsal\AppData\Local\VMware
2020-06-01 15:42 - 2013-05-31 09:27 - 000000000 ____D C:\Program Files\Windows XP Mode
2020-06-01 15:38 - 2013-03-22 02:28 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2020-06-01 15:37 - 2013-10-10 09:29 - 000000000 ____D C:\Program Files (x86)\UltraVNC
2020-06-01 15:33 - 2014-06-04 12:30 - 000000000 ____D C:\Users\Marsal\AppData\Local\CrashDumps
2020-06-01 15:28 - 2020-04-29 09:56 - 000000000 ____D C:\Program Files (x86)\Icecream Ebook Reader
2020-06-01 15:21 - 2013-05-31 15:48 - 000000000 ____D C:\Program Files (x86)\FreeCommander
2020-06-01 15:14 - 2016-06-08 11:20 - 000000000 ____D C:\Program Files (x86)\Audacity
2020-06-01 15:13 - 2013-03-22 02:16 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-06-01 15:13 - 2013-03-22 02:16 - 000000000 ____D C:\Windows\system32\Macromed
2020-06-01 15:11 - 2015-08-14 10:09 - 000000000 __SHD C:\Users\Eng_TBII\IntelGraphicsProfiles
2020-06-01 15:11 - 2013-04-08 12:23 - 000110096 _____ C:\Users\Eng_TBII\AppData\Local\GDIPFONTCACHEV1.DAT
2020-06-01 14:04 - 2015-10-26 21:06 - 000173274 _____ C:\Users\Marsal\Desktop\Nový textový dokument.txt
2020-05-31 18:35 - 2015-11-09 10:52 - 000000000 ____D C:\Temp2
2020-05-30 19:16 - 2014-06-26 10:40 - 000000000 ____D C:\Users\Marsal\AppData\Local\Deployment
2020-05-30 08:04 - 2019-10-10 22:33 - 000000000 ____D C:\Zaloha USB
2020-05-30 07:40 - 2015-04-01 17:35 - 000000000 ____D C:\Temp1
2020-05-29 10:09 - 2016-12-03 12:33 - 000000000 ____D C:\Temp
2020-05-27 06:36 - 2014-05-02 09:49 - 000015872 _____ C:\Users\Marsal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-05-26 18:59 - 2020-03-20 21:21 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\Zoom
2020-05-25 11:32 - 2016-03-10 09:19 - 000000000 ____D C:\WinBox
2020-05-24 15:31 - 2013-10-17 13:44 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\TeamViewer
2020-05-24 11:40 - 2020-02-13 07:54 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\Cryptomator
2020-05-24 11:37 - 2020-02-13 07:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cryptomator
2020-05-24 11:37 - 2020-02-13 07:49 - 000000000 ____D C:\Program Files\Cryptomator
2020-05-24 07:05 - 2019-01-24 14:54 - 000000000 ____D C:\Temp3
2020-05-23 19:02 - 2013-09-26 08:33 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2020-05-23 19:02 - 2013-09-26 08:33 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\IrfanView
2020-05-23 18:59 - 2017-05-24 14:20 - 000000000 ___RD C:\Users\Marsal\OneDrive
2020-05-23 17:11 - 2018-04-12 09:45 - 000000000 ____D C:\ProgramData\MaxSyncUp
2020-05-23 08:41 - 2019-03-25 19:32 - 000000000 ____D C:\Temp4
2020-05-23 07:03 - 2020-01-18 12:29 - 000000000 ____D C:\Temp9
2020-05-22 09:46 - 2013-09-19 11:52 - 000000000 ____D C:\Users\Marsal
2020-05-22 06:04 - 2013-07-19 10:13 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-05-21 11:41 - 2020-01-15 14:42 - 000000000 ____D C:\Temp7
2020-05-19 06:04 - 2017-07-25 08:14 - 000002317 _____ C:\Users\Marsal\Desktop\Google Chrome.lnk
2020-05-18 08:26 - 2013-07-19 11:05 - 000000000 ____D C:\Windows\system32\MRT
2020-05-18 08:19 - 2013-05-30 11:59 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-05-18 06:17 - 2020-03-30 14:51 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\WhatsApp
2020-05-18 06:17 - 2020-03-30 14:51 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2020-05-18 06:17 - 2020-03-30 14:51 - 000000000 ____D C:\Users\Marsal\AppData\Local\WhatsApp
2020-05-17 09:14 - 2020-01-16 13:29 - 000000000 ____D C:\Temp8
2020-05-16 17:18 - 2019-06-18 07:40 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\fontconfig
2020-05-13 05:56 - 2013-07-19 10:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-05-12 14:55 - 2009-07-14 06:45 - 000427760 _____ C:\Windows\system32\FNTCACHE.DAT
2020-05-12 09:33 - 2013-09-19 11:53 - 000110096 _____ C:\Users\Marsal\AppData\Local\GDIPFONTCACHEV1.DAT
2020-05-12 07:41 - 2015-10-13 13:08 - 000000000 ____D C:\Users\Marsal\AppData\Local\TeamViewer
2020-05-11 12:44 - 2014-06-19 11:19 - 000001057 _____ C:\Users\Public\Desktop\Rawet Studio.lnk
2020-05-11 12:44 - 2014-06-19 11:19 - 000001057 _____ C:\ProgramData\Desktop\Rawet Studio.lnk
2020-05-11 12:44 - 2014-06-19 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rawet Studio
2020-05-11 12:44 - 2014-06-19 11:19 - 000000000 ____D C:\Program Files (x86)\Rawet Studio
2020-05-07 06:12 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2020-05-05 06:20 - 2018-12-31 16:19 - 000000000 ____D C:\Vzum
2020-05-04 15:32 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2020-05-04 07:59 - 2009-07-14 07:08 - 000032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories ========

2019-06-18 07:43 - 2019-06-18 07:44 - 000002319 _____ () C:\Users\Marsal\AppData\Roaming\ASSDraw3.cfg
2020-05-01 08:35 - 2020-05-01 08:35 - 000000474 _____ () C:\Users\Marsal\AppData\Roaming\buttrc
2013-11-15 10:57 - 2013-11-15 10:57 - 000000130 _____ () C:\Users\Marsal\AppData\Roaming\hlsigset.log
2014-12-17 07:54 - 2018-03-01 10:17 - 000099384 _____ () C:\Users\Marsal\AppData\Roaming\inst.exe
2013-09-20 08:31 - 2014-04-07 08:24 - 000001725 _____ () C:\Users\Marsal\AppData\Roaming\mainhst.zgh
2014-12-17 07:54 - 2018-03-01 10:17 - 000007859 _____ () C:\Users\Marsal\AppData\Roaming\pcouffin.cat
2014-12-17 07:54 - 2018-03-01 10:17 - 000001167 _____ () C:\Users\Marsal\AppData\Roaming\pcouffin.inf
2014-12-17 07:54 - 2018-03-01 10:17 - 000000055 _____ () C:\Users\Marsal\AppData\Roaming\pcouffin.log
2014-12-17 07:54 - 2018-03-01 10:17 - 000082816 _____ (VSO Software) C:\Users\Marsal\AppData\Roaming\pcouffin.sys
2014-07-02 06:19 - 2019-04-15 22:00 - 000000600 _____ () C:\Users\Marsal\AppData\Roaming\winscp.rnd
2014-05-02 09:49 - 2020-05-27 06:36 - 000015872 _____ () C:\Users\Marsal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-10-10 11:34 - 2019-10-10 11:40 - 000000600 _____ () C:\Users\Marsal\AppData\Local\PUTTY.RND
2015-11-14 17:55 - 2015-11-14 17:55 - 000000017 _____ () C:\Users\Marsal\AppData\Local\resmon.resmoncfg
2015-11-28 21:53 - 2015-11-28 21:53 - 000000000 _____ () C:\Users\Marsal\AppData\Local\{AF216E47-AA6F-463E-89E2-FCA0A8233B35}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2020-05-28 10:52
==================== End of FRST.txt ========================

MMMMM · #2 Příspěvek od **MMMMM** » 01 čer 2020 15:20

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-05-2020 01
Ran by Marsal (01-06-2020 16:11:05)
Running from C:\Users\Marsal\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-04-08 10:23:01)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3879696279-2694623716-4221884656-500 - Administrator - Disabled)
Eng_TBII (S-1-5-21-3879696279-2694623716-4221884656-1000 - Administrator - Enabled) => C:\Users\Eng_TBII
Guest (S-1-5-21-3879696279-2694623716-4221884656-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3879696279-2694623716-4221884656-1008 - Limited - Enabled)
Marsal (S-1-5-21-3879696279-2694623716-4221884656-1006 - Administrator - Enabled) => C:\Users\Marsal
___VMware_Conv_SA___ (S-1-5-21-3879696279-2694623716-4221884656-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@MAX SyncUp 6.1 (HKLM\...\{68EF9E48-C970-4124-BBC1-85C8ADD59109}_is1) (Version: - @MAX Software)
Altap Salamander 4.0 (x64) (HKLM\...\Altap Salamander 4.0 (x64)) (Version: 4.0 - ALTAP)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{b6b417a3-1f40-4618-aadd-49628bda7836}) (Version: 16.1.1 - Intel Corporation)
Cryptomator (HKLM\...\Cryptomator_is1) (Version: 1.5.4 - cryptomator.org)
Custom (HKLM\...\{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}) (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{0C8D5FDB-111E-4F8C-B469-5F330066410E}) (Version: 3.1.2 - Dell, Inc.)
Dell Custom Help (HKLM\...\{BE1CF6CA-3182-45D8-9535-A18055B73607}) (Version: 16.01.1000.0235 - Intel Corporation) Hidden
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00001.021 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{7B2D0B6F-F02D-4363-ACDF-00DE6247ACBC}) (Version: 3.5.2015.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.1207.101.109 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DellAccess (HKLM\...\{20A4AA32-B3FF-4A0B-853C-ACDDCD6CB344}) (Version: 01.03.00.046 - Wave Systems Corp.) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
doPDF (HKLM\...\{494AB360-71F4-47A0-93F6-B8AC963DBF11}) (Version: 8.8.946 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{3aba8e0f-add2-4184-a828-80ee3352c738}) (Version: 8.8.946 - Softland)
ELDES Utility (HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\...\{2294d008-d2df-4280-bc29-195b1df672a2}) (Version: 1.0.0 - ELDES UAB)
ELDES Utility (HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\...\{24fa7c2c-87d3-461e-b559-b883be8a1d3b}) (Version: 1.0.0 - ELDES UAB)
ELDES Utility (HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\...\{c1138193-fc38-4a03-b689-746cb93423e6}) (Version: 1.0.0 - ELDES UAB)
EMBASSY Client Core (HKLM\...\{7EC46A4C-E659-418E-A65A-BD7FC82D4C48}) (Version: 01.03.00.092 - Wave Systems Corp.) Hidden
ERAS Connector (HKLM\...\{0A8700AE-1FD3-4986-B9A8-8FDC84786C66}) (Version: 02.09.05.0330 - Wave Systems Corp) Hidden
ESET Endpoint Antivirus (HKLM\...\{6FDDC552-CEAB-4245-B059-0EAFCC01E9EB}) (Version: 5.0.2225.1 - ESET, spol. s r.o.)
Free Merge MP3 8.8.1.1 (HKLM-x32\...\Free Merge MP3_is1) (Version: - FreeAudioVideoSoftTech, Inc.)
GemPcCCID (HKLM\...\{7567A068-2F02-40D1-A34C-16D79ECD35A6}) (Version: 2.0.1 - Gemalto) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.61 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gramblr (HKLM\...\Gramblr) (Version: 2.9.152 - Gramblr Team)
Gramblr (HKLM-x32\...\Gramblr) (Version: 2.9.131 - Gramblr Team)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.11.1193 - Intel Corporation)
Intel(R) Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5059 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® Chipset Device Software (HKLM-x32\...\{4e75a24b-6cc4-4a46-accf-525f8a08c533}) (Version: 10.1.1.18 - Intel(R) Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
IrfanView 4.54 (64-bit) (HKLM\...\IrfanView64) (Version: 4.54 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
jqFancyTransitions Addon for WYSIWYG Web Builder (HKLM-x32\...\WYSIWYG_Web_Builder_jqFancyTransitions) (Version: - )
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702 (HKLM-x32\...\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Most 2.3.68 (HKLM-x32\...\Most 2.3_is1) (Version: - FIEDLER-MÁGR)
Mozilla Firefox 76.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 76.0.1 (x64 cs)) (Version: 76.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 76.0.1.7432 - Mozilla)
MPC-HC 1.9.3 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.9.3 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetSurveillance (HKLM-x32\...\NetSurveillance) (Version: - )
Nivo Slider Addon for WYSIWYG Web Builder (HKLM-x32\...\WYSIWYG_Web_Builder_nivo_slider) (Version: - )
novaPDF 8 Printer Driver (HKLM\...\{45ACC237-36D7-4071-8BFE-54DA41A0EC21}) (Version: 8.8.946 - Softland)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\{D535FC73-1F63-4347-896A-C97A45F11E9C}) (Version: 3.0.07.44 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{D535FC73-1F63-4347-896A-C97A45F11E9C}) (Version: 3.0.07.44 - O2Micro International LTD.)
OPC Core Components Redistributable (x64) 105.0 (HKLM\...\{725FFCF9-5D38-4249-8697-9BDB415E6B00}) (Version: 3.00.10501 - OPC Foundation)
PBA Driver (HKLM\...\{DF5B5BEC-BA44-4669-98C8-2A691C5EA428}) (Version: 1.0.1.7 - Dell Inc.) Hidden
PDFsam Basic (HKLM-x32\...\{003A4226-78E3-4219-B4C0-22FCE7C3FE73}) (Version: 3.20.4.0 - Andrea Vacondio)
PDF-XChange Editor (HKLM\...\{70231D1A-0E44-444B-BBCD-3260316A296C}) (Version: 6.0.320.1 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{2de96974-ac4a-4e83-a12a-40c3c97960b5}) (Version: 6.0.320.1 - Tracker Software Products (Canada) Ltd.)
Preboot Manager (HKLM\...\{59ACD2BB-FC62-4427-81D2-618CF81A2A32}) (Version: 03.05.00.026 - Wave Systems Corp.) Hidden
Private Information Manager (HKLM\...\{0149ECF0-D825-4892-A468-065F2009328A}) (Version: 07.03.00.016 - Wave Systems Corp.) Hidden
Prostředí Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation)
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Rajče průvodce verze 1.59.52.267 (HKLM-x32\...\rajce.net_is1) (Version: - rajce.net)
Rawet Studio verze 2 (HKLM-x32\...\{9EF5F4E0-603F-4CF4-A5BD-3F5D1A03BA23}_is1) (Version: 2 - Rawet, s.r.o.)
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 9.2 - Screaming Frog Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
SI TSS (HKLM\...\{A2309A2F-4BEB-45C8-92E1-84D430AC15AD}) (Version: 2.1.41 - Security Innovation) Hidden
SICAM_1703_USB-Driver_64Bit (HKLM\...\{42FACE7A-95A6-49CB-8925-772089981D9D}) (Version: 1.00.0000 - Siemens AG)
SPBA (WBF) 5.9 (HKLM\...\{DD317AA5-F0EF-480F-9501-507712B5E0B6}) (Version: 5.9.7.7232 - Authentec Inc.) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0046 - ST Microelectronics)
Subtitle Edit 3.5.10 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.10.0 - Nikse)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.5.6 - TeamViewer)
TOOLBOX II (HKLM\...\{9382327F-5545-4D92-AF0E-32068D2BCC3E}) (Version: 5.10.0104 - Siemens AG)
toolkit32for64bit (HKLM-x32\...\{6C2DD120-A13A-48DD-9A65-D5FD8BE63435}) (Version: 7.68.85.0013 - Wave Systems Corp) Hidden
Trusted Drive Manager (HKLM\...\{236EBEF4-8DE5-4E0E-8FD0-27D94F772FF0}) (Version: 5.0.0.304 - Wave Systems Corp.) Hidden
VMware Workstation (HKLM\...\{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}) (Version: 9.0.2 - VMware, Inc.) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 9.0.2 - VMware, Inc)
Vzum (HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\...\6cfa0c5674100ff8) (Version: 1.0.0.22 - Vzum)
Wave Crypto Runtime 2.0.9.0 x64 (HKLM\...\{5F160A36-29D0-4AE0-986C-671A564BC0D4}) (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Crypto Runtime 2.0.9.0 x86 (HKLM-x32\...\{29D07FB4-A026-4E1F-B9A2-8C9EC0E2FEBB}) (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (HKLM\...\{14CFC674-CD4F-4BE5-8B68-07BA3FE941FF}) (Version: 07.68.85.0014 - Wave Systems Corp) Hidden
Wave Support Software Installer (HKLM\...\{86A9BBDF-9B6D-4E3D-810E-23C9079C6217}) (Version: 05.15.00.021 - Wave Systems Corp) Hidden
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: 3.0.7.7 - )
Web Gate Client Files V6.1 SP2.1 (HKLM-x32\...\{95410E4B-F191-4BFF-A996-D6B34733120E}) (Version: 6.1.02.0000 - Schneider Electric)
Web Gate Client Files V6.1 SP3 (HKLM-x32\...\{9878689A-843E-4B12-9620-F1BA87EFFABC}) (Version: 6.1.3 - Schneider Electric)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2410 - Broadcom Corporation)
Windows Driver Package - Siemens E D EA (usbser) Ports (04/21/2009 5.1.2600.0) (HKLM\...\FC832A84170FBA9091BC25DE4FC9497B1D662DAF) (Version: 04/21/2009 5.1.2600.0 - Siemens E D EA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
WYSIWYG Web Builder 14.0.2 (HKLM-x32\...\{8FBE0A8B-AB6F-4E1E-9880-63A0DB756C3B}_is1) (Version: 14.0.2 - Pablo Software Solutions)
WYSIWYG Web Builder 15.0.1 (HKLM-x32\...\{8FBE0A8B-BBFF-4E1E-9880-63A0DB756C3B}_is1) (Version: 15.0.1 - Pablo Software Solutions)
Zoom (HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Marsal\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Marsal\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Marsal\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2012-11-09] (Wave Systems Corp. -> Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2012-11-09] (Wave Systems Corp. -> Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2013-10-07] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => -> No File
ContextMenuHandlers1: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [miranda.shlext] -> {72013A26-A94C-11d6-8540-A5E62932711D} => -> No File
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL -> No File
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2017-02-07] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2012-09-21] (Wondershare Software Co., Ltd. -> )
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2013-10-07] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2013-02-26] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [miranda.shlext] -> {72013A26-A94C-11d6-8540-A5E62932711D} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2018-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2013-10-07] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => -> No File
ContextMenuHandlers6: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [475672 2008-07-26] (Logitech Inc -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [416280 2008-07-26] (Logitech Inc -> Logitech Inc.)
HKLM\...\Drivers32: [VIDC.VMnc] => C:\Windows\SysWOW64\vmnc.dll [360528 2013-02-26] (VMware, Inc. -> VMware, Inc.)
HKLM\...\Drivers32: [vidc.yv12] => C:\Windows\SysWOW64\yv12vfw.dll [70656 2004-01-25] (www.helixcommunity.org) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"CmdLineConsumer_WSCEAA\"",Filter="__EventFilter.Name=\"CmdLinefilter_WSCEAA\"::
WMI:subscription\__EventFilter->CmdLinefilter_WSCEAA::[Query => SELECT * FROM MSNdis_StatusMediaConnect]
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->CmdLineConsumer_WSCEAA::[CommandLineTemplate => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\\WSCEAA.exe -nic][WorkingDirectory => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\Marsal\Desktop\CAEx.lnk -> C:\SAT\TBIIWIN7\CAX_WIN7.bat ()
Shortcut: C:\Users\Marsal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetSurveillance\reg.lnk -> C:\Program Files (x86)\NetSurveillance\CMS\reg.bat ()
ShortcutWithArgument: C:\Users\Marsal\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Marsal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Simple EPUB Reader.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=ojhbgcchcbdjdenibfmjofobklkkhofc
ShortcutWithArgument: C:\Users\Marsal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\Users\Marsal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\Users\Public\Desktop\Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%

==================== Loaded Modules (Whitelisted) =============

2013-03-22 02:32 - 2012-05-30 20:55 - 000059904 _____ ( () [File not signed]) [File is in use ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-03-22 02:32 - 2012-05-30 20:56 - 000032768 _____ ( (Intel Corporation) [File not signed]) [File is in use ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\cs-CZ\IAStorIcon.resources.dll
2013-03-22 02:32 - 2012-05-30 20:55 - 000004608 _____ ( (Intel Corporation) [File not signed]) [File is in use ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\cs-CZ\IntelVisualDesign.resources.dll
2013-03-22 02:32 - 2012-05-30 20:55 - 000176128 _____ ( (Intel Corporation) [File not signed]) [File is in use ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll
2013-03-22 02:32 - 2012-05-30 20:55 - 001319424 _____ ( (Intel Corporation) [File not signed]) [File is in use ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll
2013-07-19 11:06 - 2013-07-19 11:06 - 000225280 _____ ( (Microsoft Corporation) [File not signed]) [File is in use ] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2012-07-06 16:12 - 2014-02-27 13:35 - 000763904 _____ ( (Siemens AG) [File not signed]) [File is in use ] C:\Siemens_EA\TBII\EMII\BIN\SatTbQtControls.dll
2019-06-18 07:29 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2019-06-18 07:29 - 2017-03-23 09:49 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2020-01-08 10:31 - 2013-04-22 18:03 - 022378434 _____ () [File not signed] C:\Program Files\Common Files\Eldes\icudt51.dll
2020-01-08 10:31 - 2013-04-22 18:03 - 003369922 _____ () [File not signed] C:\Program Files\Common Files\Eldes\icuin51.dll
2020-01-08 10:31 - 2013-04-22 18:03 - 001978690 _____ () [File not signed] C:\Program Files\Common Files\Eldes\icuuc51.dll
2020-01-08 10:31 - 2013-04-17 20:18 - 000544817 _____ () [File not signed] C:\Program Files\Common Files\Eldes\libgcc_s_dw2-1.dll
2020-01-08 10:31 - 2013-04-17 20:19 - 000989805 _____ () [File not signed] C:\Program Files\Common Files\Eldes\libstdc++-6.dll
2020-01-08 10:31 - 2018-02-18 23:26 - 000073216 _____ () [File not signed] C:\Program Files\Common Files\Eldes\QtSolutions_Service-head.dll
2010-02-01 16:34 - 2010-02-01 16:34 - 000019456 ____R () [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwjavavm.dll
2011-05-20 07:24 - 2011-05-20 07:24 - 000148992 _____ () [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satcxb.dll
2017-02-23 11:08 - 2015-03-25 18:11 - 000102912 _____ () [File not signed] C:\Siemens_EA\TBII\EMII\BIN\tbiislb.dll
2019-05-23 16:58 - 2019-05-23 16:58 - 000172544 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\59287b78c3ec80a796fc72e83bac8716\IsdiInterop.ni.dll
2020-01-08 10:31 - 2018-02-18 22:45 - 004604928 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Common Files\Eldes\Qt5Core.dll
2020-01-08 10:31 - 2013-12-08 20:00 - 001392128 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Common Files\Eldes\Qt5Network.dll
2012-05-09 17:48 - 2012-05-09 17:48 - 002517504 ____R (Digia Plc) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\QtCore4.dll
2012-05-09 18:01 - 2012-05-09 18:01 - 008351232 ____R (Digia Plc) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\QtGui4.dll
2012-05-09 17:49 - 2012-05-09 17:49 - 001009664 ____R (Digia Plc) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\QtNetwork4.dll
2012-05-09 17:48 - 2012-05-09 17:48 - 000340992 ____R (Digia Plc) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\QtXml4.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000385113 ____R (GFT Solutions GmbH) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwocc.dll
2010-02-01 17:02 - 2010-02-01 17:02 - 000489984 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gw40ctl.dll
2010-02-01 17:04 - 2010-02-01 17:04 - 000264192 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwaxisclnt.dll
2010-02-01 17:02 - 2010-02-01 17:02 - 000276480 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwbase.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000020480 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwbmp.dll
2010-02-01 17:02 - 2010-02-01 17:02 - 000079360 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwcomm.dll
2012-04-27 11:51 - 2012-04-27 11:51 - 001712640 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwcore.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000121344 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwcua.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000309760 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwdoc.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000353792 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwedit.dll
2010-02-01 17:04 - 2010-02-01 17:04 - 000112128 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwhypproc.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000213504 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwchart.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000017408 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwicon.dll
2010-02-01 17:04 - 2010-02-01 17:04 - 000196608 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwinsignclnt.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000521216 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwinter.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000271360 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwolectl.dll
2010-02-01 17:06 - 2010-02-01 17:06 - 000074240 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwora81.dll
2010-02-01 17:05 - 2010-02-01 17:05 - 000075264 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwprtspr.dll
2010-02-01 17:04 - 2010-02-01 17:04 - 004944384 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwrepdev.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000452096 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwspread.dll
2010-02-01 17:04 - 2010-02-01 17:04 - 000947712 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwsql.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000113152 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwtools.dll
2010-02-01 17:04 - 2010-02-01 17:04 - 000099328 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwwfclient.dll
2010-02-01 17:04 - 2010-02-01 17:04 - 001995264 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwxerces.dll
2010-02-01 17:04 - 2010-02-01 17:04 - 000156672 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwxml.dll
2019-05-23 16:58 - 2019-05-23 16:58 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\5f39005543919a2bd9bbf96f2173ba9d\IAStorCommon.ni.dll
2013-03-22 02:32 - 2012-05-30 20:43 - 000279552 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI.dll
2013-03-22 02:31 - 2012-10-16 15:52 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2019-05-23 16:58 - 2019-05-23 16:58 - 000229376 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\50e1760253872115cd1b7788fd6d3e05\IAStorDataMgr.ni.dll
2019-05-23 16:58 - 2019-05-23 16:58 - 000489472 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3f50037b07c82f3ba78a94036d349bfd\IAStorUtil.ni.dll
2009-08-11 12:37 - 2009-08-11 12:37 - 001655296 _____ (Microsoft Corporation) [File not signed] C:\Program Files\ESET\ESET Endpoint Antivirus\MFC80U.DLL
2020-01-08 10:31 - 2013-04-17 19:26 - 000073901 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Program Files\Common Files\Eldes\libwinpthread-1.dll
2017-02-23 10:50 - 2013-10-11 05:20 - 001036288 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\OCI.dll
2017-02-23 10:50 - 2013-10-11 02:43 - 000462848 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraasmclnt11.dll
2017-02-23 10:50 - 2013-10-11 05:17 - 000352256 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oracell11.dll
2017-02-23 10:50 - 2013-10-11 05:05 - 004288512 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\OraClient11.Dll
2017-02-23 10:50 - 2013-10-11 05:05 - 002838528 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oracommon11.dll
2017-02-23 10:50 - 2013-09-18 20:24 - 000987136 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oracore11.dll
2017-02-23 10:50 - 2013-10-11 05:05 - 013963264 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orageneric11.dll
2017-02-23 10:50 - 2013-09-25 23:11 - 004222976 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orahasgen11.dll
2017-02-23 10:50 - 2013-09-21 03:49 - 001646592 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraldapclnt11.dll
2017-02-23 10:50 - 2013-10-10 03:56 - 004243456 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oran11.dll
2017-02-23 10:50 - 2013-10-10 03:28 - 000007680 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orancds11.dll
2017-02-23 10:50 - 2013-10-10 03:29 - 000139264 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orancrypt11.dll
2017-02-23 10:50 - 2013-10-10 03:29 - 000035328 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oranhost11.dll
2017-02-23 10:50 - 2013-10-10 03:29 - 000106496 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\bin\oranipc11.dll
2017-02-23 10:50 - 2013-10-10 03:28 - 000438272 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oranl11.dll
2017-02-23 10:50 - 2013-10-10 03:29 - 000311296 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oranldap11.dll
2017-02-23 10:50 - 2013-09-17 01:51 - 000823296 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oranls11.dll
2017-02-23 10:50 - 2013-09-21 03:49 - 001290240 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orannzsbb11.dll
2017-02-23 10:50 - 2013-10-10 03:28 - 000311296 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oranro11.dll
2017-02-23 10:50 - 2013-10-10 03:28 - 000221184 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orantcp11.dll
2017-02-23 10:50 - 2013-10-10 03:29 - 000051200 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orantns11.dll
2017-02-23 10:50 - 2013-09-25 23:11 - 000716800 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraocr11.dll
2017-02-23 10:50 - 2013-09-25 23:11 - 000573440 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraocrb11.dll
2017-02-23 10:50 - 2013-09-25 23:10 - 000044032 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraocrutl11.dll
2017-02-23 10:50 - 2013-10-11 05:04 - 000094208 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\OraPlc11.Dll
2017-02-23 10:50 - 2013-10-11 05:05 - 002953216 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraplp11.dll
2017-02-23 10:50 - 2013-10-11 05:05 - 004263936 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orapls11.dll
2017-02-23 10:50 - 2010-05-10 06:05 - 000035328 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraslax11.dll
2017-02-23 10:50 - 2013-09-17 01:36 - 000188416 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orasnls11.dll
2017-02-23 10:50 - 2013-10-11 04:57 - 000622592 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orasql11.dll
2017-02-23 10:50 - 2013-09-17 01:35 - 000106496 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraunls11.dll
2017-02-23 10:50 - 2013-09-18 20:24 - 000009728 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orauts.dll
2017-02-23 10:50 - 2013-10-11 02:53 - 000009216 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oravsn11.dll
2017-02-23 10:50 - 2013-09-14 02:06 - 004538368 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraxml11.dll
2017-02-23 10:50 - 2013-09-21 03:51 - 001646592 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orazt11.dll
2017-02-23 10:50 - 2013-09-21 03:53 - 000593920 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraztkg11.dll
2012-07-06 16:11 - 2014-02-27 13:35 - 000076288 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satasy.dll
2012-07-06 16:15 - 2014-10-15 15:58 - 001131008 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satgui.dll
2012-07-06 16:15 - 2014-02-27 13:38 - 000096256 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satpri.dll
2012-07-06 16:13 - 2014-02-27 13:36 - 000048640 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satrdi.dll
2012-07-06 16:12 - 2014-02-27 13:44 - 000030720 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satrmk.dll
2012-07-06 16:11 - 2014-02-27 13:35 - 000069120 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\SatTbQtModels.dll
2012-07-06 16:14 - 2014-02-27 13:37 - 000172544 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\sattbx.dll
2012-07-06 16:11 - 2014-02-27 13:34 - 000048128 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satuoi.dll
2012-07-06 16:11 - 2014-02-27 13:34 - 000101376 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satzbo.dll
2012-07-06 16:12 - 2015-03-10 16:42 - 001710080 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satzdb.dll
2012-07-06 16:13 - 2014-08-20 16:04 - 000266240 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satzdbgrit.dll
2012-07-06 16:11 - 2014-02-27 13:34 - 000031744 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satzip.dll
2012-07-06 16:11 - 2014-11-12 18:31 - 000276992 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satzos.dll
2012-07-06 16:14 - 2014-05-16 12:57 - 000658944 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satzst.dll
2012-07-06 16:10 - 2014-02-27 13:33 - 000009216 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\TbiiDbInfo.dll
2016-12-16 19:32 - 2016-12-16 19:32 - 000018944 _____ (Softland) [File not signed] C:\Windows\System32\novamn8.dll
2012-11-15 23:43 - 2012-11-15 23:43 - 000017920 _____ (Wave Systems Corp.) [File not signed] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\TPMSupport.dll
2013-03-22 02:36 - 2013-03-22 02:36 - 000025600 _____ (Wave Systems Corp.) [File not signed] C:\Windows\WinSxS\amd64_wave.super.superprotocol_1aaab1af848ab112_2.0.0.8_none_d8efad6d2cd9e7ee\Super.dll
2013-03-22 02:36 - 2013-03-22 02:36 - 001175040 _____ (Wave Systems Corp.) [File not signed] C:\Windows\WinSxS\amd64_wave.wcr10.cryptoruntime_1aaab1af848ab112_1.0.2.12_none_68ec49aab7426278\WCR10.dll
2019-06-18 07:29 - 2017-03-23 09:52 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA [346]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\51459171.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\51459171.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2020-02-13 07:51 - 000000869 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 cryptomator-vault

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\SAT\PSR;C:\Siemens_EA\TBII\EMII\BIN;C:\SAT;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client;C:\Program Files\Intel\iCLS Client;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client;C:\Program Files\Intel\iCLS Client;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Intel\WiFi\bin;C:\Program Files\Common Files\Intel\WirelessCommon;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Gemalto\Access Client\v5;C:\Program Files (x86)\Security Innovation\SI TSS\bin;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Acronis\SnapAPI;C:\Program Files (x86)\Schneider Electric\Vijeo-WebGate Control;C:\Program Files (x86)\Common Files\Acronis\SnapAPI;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\WiFi\bin;C:\Program Files\Common Files\Intel\WirelessCommon;C:\Program Files (x86)\Universal Extractor;C:\Program Files (x86)\Universal Extractor\bin;C:\Siemens_EA\TBII\EMII\CAExII\BIN;C:\SAT\CAEX;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\
HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.43.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: hubiC => C:\Program Files\OVH\hubiC\hubiC.exe
MSCONFIG\startupreg: Služba Acronis Scheduler2 => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D853FFD4-4AF6-4D8A-81A1-97DF9C0FC8CD}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel Wireless Display -> Intel Corporation)
FirewallRules: [{907AB259-E4CE-429B-B627-70B5C534801E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E113B460-9DEE-4E6D-A2B1-A03FC935B43B}] => (Allow) LPort=2869
FirewallRules: [{9BBD00B3-7031-4F52-B86F-8591CB779C8C}] => (Allow) LPort=1900
FirewallRules: [{1F94FA34-D010-46EF-9442-46D9E5CA1909}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F5106A74-C80E-4D7D-86D3-65A90190F697}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{9B6ACE50-C1AE-4C45-BABF-F386446E59D9}C:\siemens_ea\tbii\emii\bin\rmd.exe] => (Allow) C:\siemens_ea\tbii\emii\bin\rmd.exe (Siemens AG) [File not signed]
FirewallRules: [UDP Query User{4F823A01-42EA-436D-AD2E-6ECA945C1CF8}C:\siemens_ea\tbii\emii\bin\rmd.exe] => (Allow) C:\siemens_ea\tbii\emii\bin\rmd.exe (Siemens AG) [File not signed]
FirewallRules: [{5D715949-3974-41FF-83EB-D2307D62B83E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{C5FA3C0D-2E3F-4083-98E2-9C1B10248FE1}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{396D030E-6CE8-40B4-A7BB-59327B6576C0}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{F9D6960B-8936-4282-A71E-906A9BB4C64E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{63F803E4-BB44-49D7-A711-3409409B8A35}] => (Allow) LPort=1522
FirewallRules: [{C22CD3F3-82D3-45AC-B759-6E6E24E3D3D2}] => (Allow) LPort=1522
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{64C4A1AF-6C47-43C4-9611-92B70EC02BE5}] => (Allow) LPort=56789
FirewallRules: [{0D4B18DC-0E12-4992-8083-2DF610DDF978}] => (Allow) C:\Program Files (x86)\UltraVNC\winvnc.exe => No File
FirewallRules: [{ADDA4275-A572-4D8F-A912-FAEAA592A695}] => (Allow) C:\Program Files (x86)\UltraVNC\winvnc.exe => No File
FirewallRules: [{04B57C4C-E5AA-4E8A-BF58-BD6F6643B81A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Mobile Wireless Group -> )
FirewallRules: [{1AE2B076-C126-4249-9D7F-3CF4A73C79BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{ACB5F244-E472-4B81-A746-DA41DB479961}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{DCB079CF-07A2-4073-BABE-A872611BE864}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{92FF2134-48FD-4856-91BD-3ECFE96AA742}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1306F528-9CED-4408-A96F-EFA23E4B0CEB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CAD3D1C7-1F84-4268-86C1-DCEC8689D4A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{7480B045-DAE1-4D8D-A107-1CEF7746FF5B}C:\winbox\winbox.exe] => (Allow) C:\winbox\winbox.exe (Mikrotikls SIA -> )
FirewallRules: [UDP Query User{BFEF02F6-4E1D-4306-B28B-214D524F5E9C}C:\winbox\winbox.exe] => (Allow) C:\winbox\winbox.exe (Mikrotikls SIA -> )
FirewallRules: [{893B752C-6EF3-4AB1-9C58-1A1384E14E9B}] => (Allow) C:\Windows\system32\hasplms.exe (SafeNet, Inc. -> SafeNet Inc.)
FirewallRules: [{98907452-29BB-47F0-9C56-A599EAC4A40C}] => (Allow) LPort=8501
FirewallRules: [{89EB3926-365F-485F-BC7C-A5F284656734}] => (Allow) LPort=8501
FirewallRules: [{AA7A3DC7-79B0-410A-BE77-0C369B5F480A}] => (Allow) C:\Users\Marsal\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe => No File
FirewallRules: [{64803718-33DB-4073-A454-19E638341EA5}] => (Allow) C:\Users\Marsal\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe => No File
FirewallRules: [{79B98EF8-50B1-4D84-BC62-C2D526BAE4C5}] => (Allow) C:\Users\Marsal\AppData\Local\Apowersoft\Online Video Downloader\Online Video Downloader.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{86CC0283-178B-487A-9DDB-8E43E2DBCDB4}] => (Allow) C:\Users\Marsal\AppData\Local\Apowersoft\Online Video Downloader\Online Video Downloader.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [TCP Query User{8288BD85-6A11-4B62-B303-07CA34E4B8B7}H:\portable\website realizer\wr.exe] => (Allow) H:\portable\website realizer\wr.exe => No File
FirewallRules: [UDP Query User{4D8C503A-6927-43DA-8B8D-BA01731A845A}H:\portable\website realizer\wr.exe] => (Allow) H:\portable\website realizer\wr.exe => No File
FirewallRules: [{452AB09D-4A94-4B10-833B-5BA565294306}] => (Allow) C:\Program Files (x86)\MaxSyncUp\msusvc.exe (Maxim Deminov -> @MAX Software)
FirewallRules: [{5D5A5FD5-B544-4BF9-8BE7-DDBE5CFA6917}] => (Allow) C:\Program Files (x86)\MaxSyncUp\MaxSyncUp.exe (Maxim Deminov -> @MAX Software)
FirewallRules: [TCP Query User{9110163E-7D01-4DAB-960C-18877C9B916A}C:\winbox\netinstall.exe] => (Allow) C:\winbox\netinstall.exe (Mikrotikls SIA -> )
FirewallRules: [UDP Query User{67377591-F4CD-470A-9FFC-33AD41A146EC}C:\winbox\netinstall.exe] => (Allow) C:\winbox\netinstall.exe (Mikrotikls SIA -> )
FirewallRules: [TCP Query User{3759EAED-58AA-4A1C-A907-5AB385F10836}C:\program files\altap salamander\salamand.exe] => (Allow) C:\program files\altap salamander\salamand.exe (Fine spol. s r.o. -> ALTAP)
FirewallRules: [UDP Query User{193DC7B8-F9B2-4A56-ACAF-6981729E70FB}C:\program files\altap salamander\salamand.exe] => (Allow) C:\program files\altap salamander\salamand.exe (Fine spol. s r.o. -> ALTAP)
FirewallRules: [TCP Query User{B736A94E-E6A3-433D-8A05-E827B6EB4437}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe (Skymatic GmbH -> )
FirewallRules: [UDP Query User{854045F7-7584-4819-AB6B-2042FCD9AEFF}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe (Skymatic GmbH -> )
FirewallRules: [TCP Query User{4CEDDA76-D6C9-45A4-BCA8-8DCD3035D278}C:\winbox\winbox64.exe] => (Allow) C:\winbox\winbox64.exe (Mikrotikls SIA -> )
FirewallRules: [UDP Query User{422439AE-01D6-404C-9D10-F93E54B4534A}C:\winbox\winbox64.exe] => (Allow) C:\winbox\winbox64.exe (Mikrotikls SIA -> )
FirewallRules: [{7DC10D0C-32AF-44F0-9CFC-61577F0ECDF6}] => (Allow) C:\Users\Marsal\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A1AB856C-3D13-40FE-9376-4C98FE7951FB}] => (Allow) C:\Users\Marsal\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E405567B-2ADE-405F-9151-4FBC42E916B9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{538AD67D-22E7-4225-8FE5-70BFE1266C69}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6B3509B8-0A61-4399-8892-DF2EA15705F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{66709F59-001E-43E5-892B-ADE5B4C101F1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3310DC3B-87BD-41BB-A3C0-186AB9E88A39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

==================== Restore Points =========================

31-05-2020 12:02:53 Scheduled Checkpoint
01-06-2020 15:22:44 Removed Dokan Library 1.3.0.1000 (x64)
01-06-2020 15:30:34 Removed Microsoft Silverlight
01-06-2020 15:53:18 Odebráno: OpenOffice 4.1.3

==================== Faulty Device Manager Devices ============

Name: Shrew Soft Lightweight Filter
Description: Shrew Soft Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: vflt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Adaptér miniportu Microsoft Virtual WiFi
Description: Adaptér miniportu Microsoft Virtual WiFi
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Adaptér miniportu Microsoft Virtual WiFi
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: ========================

Application errors:
==================
Error: (06/01/2020 03:49:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/01/2020 03:38:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/01/2020 03:35:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/01/2020 03:33:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: zg.exe, verze: 6.1.2.1244, časové razítko: 0x2a425e19
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0035475a
ID chybujícího procesu: 0x1a2c
Čas spuštění chybující aplikace: 0x01d6381936510854
Cesta k chybující aplikaci: C:\Program Files (x86)\ZipGenius 6\zg.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 74be84b0-a40c-11ea-a224-2016d89e0216

Error: (06/01/2020 03:30:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: integrator.exe, verze: 15.0.4919.1000, časové razítko: 0x58c7ab34
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.24441, časové razítko: 0x5cb93873
Kód výjimky: 0xc06d007e
Posun chyby: 0x0000c5af
ID chybujícího procesu: 0x1ca8
Čas spuštění chybující aplikace: 0x01d63818bec5c7da
Cesta k chybující aplikaci: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\KERNELBASE.dll
ID zprávy: 01581e3e-a40c-11ea-a224-2016d89e0216

Error: (06/01/2020 03:25:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/01/2020 02:57:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/01/2020 05:54:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HidMonitorSvc.exe, verze: 8.1.0.20, časové razítko: 0x55f2d7cb
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x7a8
Čas spuštění chybující aplikace: 0x01d637c84758f909
Cesta k chybující aplikaci: C:\Program Files\DellTPad\HidMonitorSvc.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 8e474d77-a3bb-11ea-b773-2016d89e0216

System errors:
=============
Error: (06/01/2020 03:51:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
vflt

Error: (06/01/2020 03:51:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Dell Client Management Service přestala během spouštění reagovat.

Error: (06/01/2020 03:49:32 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba VMware Workstation Server ukončena s chybou %%-1, specifickou pro službu.

Error: (06/01/2020 03:49:15 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Služba WvPCR závisí na následující službě: TBS. Tato služba pravděpodobně není nainstalována.

Error: (06/01/2020 03:49:15 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Služba SI TSS v1.2.1.41 TCS závisí na následující službě: TBS. Tato služba pravděpodobně není nainstalována.

Error: (06/01/2020 03:40:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
vflt

Error: (06/01/2020 03:40:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Dell Client Management Service přestala během spouštění reagovat.

Error: (06/01/2020 03:38:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba VMware Workstation Server ukončena s chybou %%-1, specifickou pro službu.

Windows Defender:
===================================
Date: 2018-04-27 05:50:21.626
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{D68046FE-12B7-4159-A4FA-7A5D5EC81E0A}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2016-06-15 06:11:07.503
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... tid=225956
Název:SoftwareBundler:Win32/Stallmonitz
ID:225956
Závažnost:High
Kategorie:Software Bundler
Nalezeno v cestě:file:C:\Users\Marsal\AppData\Local\Temp\is-HHA1H.tmp\CBStub.exe;process:pid:1888
Typ zjišťování:Konkrétní
Zdroj zjišťování:Ochrana v reálném čase
Stav:Neznámý
Uživatel:\
Název procesu:

Date: 2015-12-26 05:17:04.989
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... tid=223449
Název:SoftwareBundler:Win32/Mizenota
ID:223449
Závažnost:High
Kategorie:Software Bundler
Nalezeno v cestě:file:C:\Ashampoo+Office+Catalog+E_10924_i103159327_il345.exe
Typ zjišťování:Konkrétní
Zdroj zjišťování:Systém
Stav:Neznámý
Uživatel:NT AUTHORITY\NETWORK SERVICE
Název procesu:c:\program files\windows defender\MpCmdRun.exe

CodeIntegrity:
===================================

Date: 2020-06-01 15:49:07.426
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-01 15:49:06.692
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-01 15:38:18.675
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-01 15:38:17.942
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-01 15:34:52.550
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-01 15:34:51.817
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-01 15:25:31.597
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-01 15:25:30.864
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Dell Inc. A22 11/30/2018
Motherboard: Dell Inc. 0JC5MT
Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Percentage of memory in use: 65%
Total physical RAM: 8094.84 MB
Available physical RAM: 2758.24 MB
Total Virtual: 16487.82 MB
Available Virtual: 10876.23 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:237.7 GB) (Free:39.26 GB) NTFS
Drive k: (OS) (Network) (Total:237.7 GB) (Free:39.26 GB) NTFS

\\?\Volume{0c617744-9296-11e2-aad4-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.49 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: D7F369B2)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=237.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

#3 Příspěvek od **Rudy** » 01 čer 2020 15:52

Zdravím!
Jak je na tom váš oper. systém s legalitou?

MMMMM · #4 Příspěvek od **MMMMM** » 02 čer 2020 04:55

Win7 legálně, je to Dell koupen s Win7. Proč? že nemám 10? Potřebuji kvůli některým programům Win 7.

#5 Příspěvek od **Rudy** » 02 čer 2020 09:21

To ne. Ale máte verzi Ultimate, která se dodávala pouze jako korporátní. S desítkami to nemá nic společného.

MMMMM · #6 Příspěvek od **MMMMM** » 02 čer 2020 09:46

Mám ho z práce, po 5ti letech se PC prodávají a ten systém tam zůstal.

#7 Příspěvek od **Rudy** » 02 čer 2020 13:16

Ok. Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

MMMMM · #8 Příspěvek od **MMMMM** » 09 čer 2020 10:45

# -------------------------------
# Malwarebytes AdwCleaner 8.0.5.0
# -------------------------------
# Build: 05-25-2020
# Database: 2020-05-26.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-09-2020
# Duration: 00:00:04
# OS: Windows 7 Ultimate
# Cleaned: 64
# Failed: 3

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\Program Files\FileViewPro
Deleted C:\ProgramData\BSD\DriverHive
Deleted C:\ProgramData\BSD\DriverHiveEngine
Deleted C:\ProgramData\Gramblr
Deleted C:\Users\Eng_TBII\AppData\Roaming\Seznam.cz
Deleted C:\Users\Marsal\AppData\Local\FileViewPro
Deleted C:\Users\Marsal\AppData\Roaming\Seznam.cz

***** [ Files ] *****

Deleted C:\Windows\System32\drivers\EsgScanner.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
Deleted C:\Users\Eng_TBII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Deleted C:\Users\Marsal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk
Deleted C:\Users\Marsal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Deleted C:\Users\Public\Desktop\Firefox.lnk

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Environment|SNF
Deleted HKCU\Environment|SNP
Deleted HKCU\Software\Seznam.cz
Deleted HKCU\Software\mtMedlight
Deleted HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Deleted HKLM\SOFTWARE\Classes\Applications\WinThrusterSetup.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{9110163E-7D01-4DAB-960C-18877C9B916A}C:\winbox\netinstall.exe
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{67377591-F4CD-470A-9FFC-33AD41A146EC}C:\winbox\netinstall.exe
Deleted HKLM\Software\Classes\CLSID\{00212D92-C5D8-4FF4-AE50-B20F0F85C40A}
Deleted HKLM\Software\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Deleted HKLM\Software\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted HKLM\Software\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Deleted HKLM\Software\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Deleted HKLM\Software\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Deleted HKLM\Software\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted HKLM\Software\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Deleted HKLM\Software\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted HKLM\Software\Microsoft\Internet Explorer\Search|CustomizeSearch
Deleted HKLM\Software\Microsoft\Internet Explorer\Search|SearchAssistant
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gramblr
Deleted HKLM\Software\Wow6432Node\BSD
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\NCTAudioCDGrabber2.DLL
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted HKLM\Software\Wow6432Node\\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Medlight.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Gramblr
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{80107F16-CB2E-42AB-AB9D-6C11540D5A8B}
Deleted HKLM\Software\Wow6432Node\systweak
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting

***** [ Chromium (and derivatives) ] *****

Deleted Downloader for Instagram™ + Direct Message - olkpikmlhoaojbbmmpejnimiglejmboe
Deleted Seznam doplněk - Email - bgjpfhpjcgdppjbgnpnjllokbmcdllig
Deleted Seznam doplněk - Esko - olfeabkoenfaoljndfecamgilllcpiak

***** [ Chromium URLs ] *****

Deleted Facemoods Search
Deleted WebSearch
Deleted https://isearch.avg.com/?cid={6ED243E8- ... 2012-09-28 09:40:19&v=12.2.5.34&sap=hp

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.DellClientSystemUpdate Folder C:\Users\Eng_TBII\AppData\Local\DELL\CLIENTSYSTEMUPDATE
Deleted Preinstalled.DellClientSystemUpdate Folder C:\Users\Marsal\AppData\Local\DELL\CLIENTSYSTEMUPDATE
Deleted Preinstalled.DellCommand|Update Folder C:\Program Files (x86)\DELL\COMMANDUPDATE
Deleted Preinstalled.DellCommand|Update Folder C:\ProgramData\DELL\COMMANDUPDATE
Not Deleted Preinstalled.DellDigitalDelivery Folder C:\Program Files (x86)\DELL DIGITAL DELIVERY
Not Deleted Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Not Deleted Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [7877 octets] - [09/06/2020 11:42:23]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#9 Příspěvek od **Rudy** » 09 čer 2020 13:30

Dejte nové logy FRST+Addition.

MMMMM · #10 Příspěvek od **MMMMM** » 09 čer 2020 16:02

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020
Ran by Marsal (administrator) on POHRS (Dell Inc. Latitude E6530) (09-06-2020 16:56:19)
Running from C:\Users\Marsal\Desktop
Loaded Profiles: Marsal
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
() [File not signed] C:\Windows\SysWOW64\srvany.exe
(ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe <2>
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Apple Computer, Inc.) [File not signed] C:\Program Files (x86)\QuickTime\qttask.exe
(AuthenTec, Inc. -> Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(ELDES UAB -> ) C:\Program Files\Common Files\Eldes\ELDES Service.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(Fine spol. s r.o. -> ALTAP) C:\Program Files\Altap Salamander\salamand.exe
(Fine spol. s r.o. -> ALTAP) C:\Program Files\Altap Salamander\utils\salmon.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Maxim Deminov -> @MAX Software) C:\Program Files (x86)\MaxSyncUp\MaxSyncUp.exe
(Maxim Deminov -> @MAX Software) C:\Program Files (x86)\MaxSyncUp\msusvc.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <6>
(O2Micro Inc. -> O2Micro International) C:\Windows\System32\o2flash.exe
(O2Micro Inc. -> O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(SafeNet, Inc. -> SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\prl.exe
(Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\rmd.exe
(Softland SRL -> Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Wave Systems Corp. -> ) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Wave Systems Corp. -> Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Wave Systems Corp. -> Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Wave Systems Corp.) [File not signed] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [736552 2015-05-29] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [370584 2012-11-09] (Wave Systems Corp. -> Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc. -> Dell Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4148664 2013-10-07] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-07-17] (Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation)
HKLM\...\Run: [PrintDisp] => C:\Windows\system32\PrintDisp.exe [588936 2015-08-18] (ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104528 2013-02-26] (VMware, Inc. -> VMware, Inc.)
HKLM-x32\...\Run: [TBII-PRELOADER] => C:\Siemens_EA\TBII\EMII\BIN\PRL.EXE [97280 2014-02-27] (Siemens AG) [File not signed]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [77824 2018-10-04] (Apple Computer, Inc.) [File not signed]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\ActMask: C:\Windows\System32\spool\prtprocs\x64\ActPrint.dll [51336 2017-02-19] (ActMask Group Co., Ltd -> ActMask Co.,Ltd)
HKLM\...\Windows x64\Print Processors\HP1005PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1005PP.dll [65024 2013-04-01] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\HP1005LM: C:\Windows\system32\HP1005LM.DLL [178688 2013-04-01] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\novaPDF Port Monitor: C:\Windows\system32\novamn8.dll [18944 2016-12-16] (Softland) [File not signed]
HKLM\...\Print\Monitors\PDF-XChange V6 Printer Port Monitor (Lite): C:\Windows\system32\pxcpm5L.dll [150208 2017-02-07] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\Installer\chrmstp.exe [2020-06-09] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\...\Authentication\Credential Providers: [{18CBEEAA-6708-41A1-9379-D08915333CF2}] -> C:\Program Files\Common Files\SPBA\provider.dll [2012-08-17] (AuthenTec, Inc. -> Authentec Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2012-02-22] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll [2012-02-22] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{AE583D93-8D1B-424F-9858-5623FB7824EE}] -> C:\Program Files\Common Files\SPBA\provider.dll [2012-08-17] (AuthenTec, Inc. -> Authentec Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-03-22]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-03-22]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc. -> Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-03-22]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc. -> Dell Inc.)
Startup: C:\Users\Eng_TBII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-03-22]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc. -> Dell Inc.)
Startup: C:\Users\Marsal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2013-03-22]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc. -> Dell Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {009BA484-6FA4-409E-928C-373BAF7AFF4E} - System32\Tasks\GoogleUpdateTaskMachineCore1d12e50ffd0952d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {00FB573A-5990-49FD-BBEB-50570EAAC154} - System32\Tasks\GoogleUpdateTaskMachineUA1d002f2d42d6254 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {095E7A76-8B84-4161-A1BF-99A75EFF7B9B} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f10475820c0d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {0C40A0A5-D478-4A63-B215-EF22991645DD} - System32\Tasks\GoogleUpdateTaskMachineUA1d15e3f4dd45b57 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {0C82E3E5-CD05-461D-A916-7C745877714D} - System32\Tasks\{D5ABCAC2-019B-48CF-B60F-A8D3EC0BDC5C} => C:\Windows\system32\pcalua.exe -a C:\Users\Eng_TBII\Desktop\SALAMAND.EXE -d C:\Users\Eng_TBII\Desktop
Task: {0FB6737A-91AD-4071-9FC0-C010C75B2C84} - System32\Tasks\WinThruster64-Marsal-Startup => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe <==== ATTENTION
Task: {18FD6ED4-2E3D-4C5D-A491-101DE862E032} - System32\Tasks\{DDFDF8E6-9FC9-41F1-A9AF-9A34AF3026BD} => C:\Windows\system32\pcalua.exe -a C:\Windows\iun6002.exe -c "E:\Portable\WYSIWYG Web Builder 10\irunin.ini" <==== ATTENTION
Task: {1975B8DF-3B3A-4688-9EDA-5B7F031528E7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {1975B8DF-3B3A-4688-9EDA-5B7F031528E7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {19FC6C74-65FD-40EE-8761-3DAEB32DF832} - System32\Tasks\GoogleUpdateTaskMachineCore1d0442c6483cad6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {1BE61B9A-7F11-42AE-80BF-368C94890E7A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1eb5c84a67257 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {1F87D442-12D5-4A60-B685-9DA31E969E58} - System32\Tasks\GoogleUpdateTaskMachineUA1d091e7d41a9630 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {2A67726F-3893-427A-8250-BB44B3D4EEA8} - System32\Tasks\GoogleUpdateTaskMachineCore1d15e3f4dbed736 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {3381E415-0A77-4CE0-942C-694F6D0AC7FA} - System32\Tasks\{D6842B4B-4CEF-46FF-88CE-2406810A73E4} => C:\Windows\system32\pcalua.exe -a C:\Windows\unvise32qt.exe -c C:\Windows\system32\QuickTime\Uninstall.log
Task: {35AFFA54-F29D-4CBB-97D1-500B293D36CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {43E11D12-2102-426D-8EBE-B718E0FB43EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {50065D99-36D9-4A1E-963F-41328AA996CF} - System32\Tasks\GoogleUpdateTaskMachineUA1d12e50ffe99bcb => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {52BEBEB5-FC96-4450-BC04-90F52E8549D4} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [682408 2016-12-16] (Softland SRL -> )
Task: {5B77A62B-6201-4DD2-9839-6EC8CEE57181} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {5B77A62B-6201-4DD2-9839-6EC8CEE57181} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {5B77A62B-6201-4DD2-9839-6EC8CEE57181} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {61104FFA-67A1-4611-A529-E14D95770740} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {61104FFA-67A1-4611-A529-E14D95770740} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {7101F7DB-2222-448B-B463-C26870634176} - \SpyHunter4Startup -> No File <==== ATTENTION
Task: {8448F66F-5F55-4695-B7ED-4B299C9122BA} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf2f446dca70 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {8644D8AA-53DD-4FB7-9C14-16692C9A3203} - System32\Tasks\GoogleUpdateTaskMachineUA1d1eb5c84bc6ba9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {A6899650-D6AE-410A-9F1A-1CF5345FB6AA} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf2f444cd475 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {ABF29991-41D5-4248-AB94-F12FDBC1975F} - System32\Tasks\Ashampoo Privacy Protector Weekly Security Scan => C:\Program Files (x86)\Ashampoo\Ashampoo Privacy Protector\PrivacyProtector.exe
Task: {AD38CD45-93B1-4D32-8EC0-11B16EA7E1C8} - System32\Tasks\{4C24CC4B-EC99-4779-ABE4-E4E8277CDE60} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Altap Salamander\remove\remove.exe"
Task: {AE7FCAAB-F6D1-4852-9B39-9F354A60EE5D} - System32\Tasks\GoogleUpdateTaskMachineCore1d091e7d3ff6caa => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {BC48C21B-4F43-4D58-BF0D-D5676AC274F1} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {C185CA7E-36F4-495C-88BD-8153675CD0E3} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f104759fa69c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {C777EF2D-6D0E-4AD3-977D-48C583B82F73} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab39f5bc091d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {D2FCEA62-3DE3-4F62-AF2A-763D32B62025} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [35184 2012-10-18] (Wave Systems Corp. -> Wave Systems Corp.)
Task: {D5AB92BB-1508-4A26-9A0A-A0BC10B17C0B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {D5AB92BB-1508-4A26-9A0A-A0BC10B17C0B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {DE647C46-284E-4EC5-9A3D-5318FEBDD71B} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab39f59ce7e8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {E5FAB1D4-4573-4487-BAA0-B8C24310AC5B} - System32\Tasks\GoogleUpdateTaskMachineUA1d0442c649ef45c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {E73A29F6-ACB6-4C99-B952-8FFC7ED50D88} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e25af61709a4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {EFA8B190-43B0-4D76-B6E9-5338D07FB661} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [855352 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {FFFFA652-CABF-46FC-83C8-896E03FC9F94} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e25af634f254 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0442c6483cad6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d091e7d3ff6caa.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf2f444cd475.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e25af61709a4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f10475820c0d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e50ffd0952d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e3f4dbed736.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab39f59ce7e8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d002f2d42d6254.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0442c649ef45c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d091e7d41a9630.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf2f446dca70.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e25af634f254.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f104759fa69c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e50ffe99bcb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15e3f4dd45b57.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab39f5bc091d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 10.208.10.208 10.208.10.209
Tcpip\..\Interfaces\{05CC11B1-09F3-4C3D-BEB8-9A43A1940489}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{D2118B06-D662-4185-A77F-A85481C96679}: [DhcpNameServer] 192.168.0.1 10.208.10.208 10.208.10.209
Tcpip\..\Interfaces\{DF801C61-BF64-4798-AE02-C0F6FEE5BBAB}: [NameServer] 8.8.8.8,1.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.71.1,1]
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.0.1,-1]

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {3965D173-40FC-424F-9703-F831D32C8393} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {62694250-03A8-4440-96F1-3F6DC0B864AF} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... kSearch_12
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&r ... {startPage}
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {7C791268-4AF8-4919-9304-07B755B8A557} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {923B92C4-B653-4002-8D98-F6A77810DEBD} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... kSearch_12
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {B352A849-9513-44A9-B119-CED8E358CF4F} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {C0054516-41EE-4ABF-853D-3D301DC05C2A} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {C7851CF3-22CC-4B91-8736-07D868E1B4CE} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... kSearch_12
SearchScopes: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006 -> {D70ACB0B-5D3F-43EB-94CA-5127B0180311} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab

FireFox:
========
FF DefaultProfile: 2wmfnqiv.default-1441599875080
FF ProfilePath: C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080 [2020-06-09]
FF DownloadDir: C:
FF NewTab: Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080 -> C:\\ProgramData\\Medlights\\ff.NT
FF Notifications: Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080 -> hxxps://dashboard.zopim.com; hxxp://dashboard.zopim.com; hxxp://dashboard.smartsupp.com; hxxps://dashboard.smartsupp.com; hxxps://calendar.google.com; hxxps://web.whatsapp.com; hxxps://sofe.ladesk.com; hxxps://www.exasoft.cz; hxxps://www.smartsupp.com; hxxps://forum.chronomag.cz
FF NewTabOverride: Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080 -> Disabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (Firebug) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\firebug@software.joehewitt.com.xpi [2017-03-01] [Legacy]
FF Extension: (MEGA) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\firefox@mega.co.nz.xpi [2020-06-04] [UpdateUrl:hxxps://mega.nz/firefox-web-extension-updates.json]
FF Extension: (Youtube to MP3 Plugin) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\flv2mp3@hotger.com.xpi [2017-11-17]
FF Extension: (SafeInCloud Password Manager) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\info@safe-in-cloud.com.xpi [2020-06-08]
FF Extension: (Add to Wunderlist) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\jid1-3gu11JeYBiIuJA@jetpack.xpi [2017-03-29] [Legacy]
FF Extension: (To Google Translate) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2019-11-25]
FF Extension: (Seznam doplněk - Esko) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\sko-extension@firma.seznam.cz.xpi [2020-04-28]
FF Extension: (Session Manager) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31] [Legacy]
FF Extension: (ePub Reader) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\{323353ee-cfbd-4178-9676-85566d98c8b1}.xpi [2020-01-30]
FF Extension: (gtranslate) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2016-11-30] [Legacy]
FF Extension: (Zoom Scheduler) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}.xpi [2020-04-30]
FF Extension: (No Name) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-04-01]
FF Extension: (Seznam doplněk - Email) - C:\Users\Marsal\AppData\Roaming\Mozilla\Firefox\Profiles\2wmfnqiv.default-1441599875080\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2020-06-03]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Extension: (ESET Endpoint Security Extension) - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2014-07-17] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-02-07] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2017-02-07] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2019-07-16] () [File not signed]
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2019-07-16] () [File not signed]
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2018-12-10] (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-02-07] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3879696279-2694623716-4221884656-1006: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2017-02-07] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3879696279-2694623716-4221884656-1006: www.wansview.com/HYPlayer -> C:\Program Files (x86)\HYPlayer\npHYPlayer.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default [2020-06-08]
CHR Notifications: Default -> hxxps://calendar.google.com
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/","hxxps://www.google.com ... google.com"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Dokumenty) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (SEO META in 1 CLICK) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjogjfinolnhfhkbipphpdlldadpnmhc [2019-07-23]
CHR Extension: (YouTube) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (History 2) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp [2017-05-07]
CHR Extension: (Wondershare Video Converter Ultimate) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp [2017-09-02]
CHR Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2020-04-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-01]
CHR Extension: (Snip it! button for eBay) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhaoojkpcgaobmnnphdpdokcgdiibblh [2019-02-10]
CHR Extension: (SafeInCloud Password Manager) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lchdigjbcmdgcfeijpfkpadacbijihjl [2020-06-03]
CHR Extension: (Rozšíření Google Keep pro Chrome) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2020-06-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Simple EPUB Reader) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2017-06-07]
CHR Extension: (Downloader for Instagram™ + Direct Message) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkpikmlhoaojbbmmpejnimiglejmboe [2020-05-19]
CHR Extension: (Gmail) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-23]
CHR Profile: C:\Users\Marsal\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-23]
CHR HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96000 2015-09-25] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [36544 2020-04-17] (Dell Inc -> )
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc. -> Dell Inc.)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [42048 2013-10-07] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1025584 2013-10-07] (ESET, spol. s r.o. -> ESET)
R2 EldesService; C:\Program Files\Common Files\Eldes\ELDES Service.exe [201416 2018-08-01] (ELDES UAB -> )
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [225720 2012-11-20] (Wave Systems Corp. -> )
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [191368 2013-10-07] (ESET, spol. s r.o. -> ESET)
R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet, Inc. -> SafeNet Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [317416 2018-09-24] (Intel Corporation -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-05-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MaxSyncUpService; C:\Program Files (x86)\MaxSyncUp\msusvc.exe [2340912 2018-05-07] (Maxim Deminov -> @MAX Software)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] (Intel Corporation-Mobile Wireless Group -> )
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51112 2016-12-16] (Softland SRL -> Microsoft)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro Inc. -> O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S2 OracleServiceTBII; C:\Siemens_EA\TBII\DB\ORANT\BIN\oracle.exe [156133376 2013-10-09] (Oracle Corporation) [File not signed]
S2 OracleTBIIORA11R2TNSListener; C:\Siemens_EA\TBII\DB\ORANT\BIN\TNSLSNR.EXE [552960 2013-10-08] (Oracle Corporation) [File not signed]
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [20480 2012-11-23] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13255184 2020-05-19] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13242960 2013-02-26] (VMware, Inc. -> )
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1758720 2012-11-19] (Wave Systems Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254384 2012-11-08] (Wave Systems Corp. -> Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel Corporation-Mobile Wireless Group -> Intel® Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aksdf; C:\Windows\system32\drivers\aksdf.sys [75648 2010-07-27] (Microsoft Windows Hardware Compatibility Publisher -> SafeNet Inc.)
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [131072 2010-09-27] (Microsoft Windows Hardware Compatibility Publisher -> SafeNet Inc.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [53760 2009-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [25344 2009-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Aladdin Knowledge Systems Ltd.)
S3 ASPI; C:\Windows\SysWOW64\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed]
R3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [176096 2010-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc. -> Dell Inc.)
R1 dokan1; C:\Windows\System32\DRIVERS\dokan1.sys [114560 2019-07-24] (D3L -> Dokan Project)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [219184 2013-10-25] (ESET, spol. s r.o. -> ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [185224 2013-09-09] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [155896 2013-09-09] (ESET, spol. s r.o. -> ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [147096 2013-09-09] (ESET, spol. s r.o. -> ESET)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2017-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [94704 2014-01-31] (Future Technology Devices International Ltd -> FTDI Ltd.)
S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [86896 2014-01-31] (Future Technology Devices International Ltd -> FTDI Ltd.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [318464 2009-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Aladdin Knowledge Systems Ltd.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [190032 2016-04-04] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [551936 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics -> STMicroelectronics)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-10] (Intel Wireless Display -> Windows (R) Win 7 DDK provider)
S1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [24064 2013-04-16] (Shrew Soft Inc) [File not signed]
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31824 2013-02-26] (VMware, Inc. -> VMware, Inc.)
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [17408 2013-04-16] (Shrew Soft Inc) [File not signed]
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc. -> VMware, Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-10] (Intel Wireless Display -> Windows (R) Win 7 DDK provider)
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
S3 RHDISK_AMD64; \??\E:\_rohos\RHDISK_AMD64.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-09 16:56 - 2020-06-09 16:58 - 000050516 _____ C:\Users\Marsal\Desktop\FRST.txt
2020-06-09 16:56 - 2020-06-09 16:56 - 000000000 ____D C:\Users\Marsal\Desktop\FRST-OlderVersion
2020-06-09 11:39 - 2020-06-09 11:39 - 008402608 _____ (Malwarebytes) C:\Users\Marsal\Desktop\adwcleaner_8.0.5.exe
2020-06-09 10:31 - 2020-06-09 10:31 - 000012570 _____ C:\ProgramData\lzmiudcz.flf
2020-06-09 10:31 - 2020-06-09 10:31 - 000000000 ____D C:\Users\Marsal\AppData\Local\VideoEditorPlus
2020-06-09 07:40 - 2020-06-09 07:40 - 000000000 ____D C:\Program Files\Dokan
2020-06-09 07:40 - 2019-07-24 14:14 - 000114560 _____ (Dokan Project) C:\Windows\system32\Drivers\dokan1.sys
2020-06-08 19:33 - 2020-06-09 11:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-06-08 08:58 - 2020-06-08 08:58 - 000174229 _____ C:\225_2020.pdf
2020-06-08 08:56 - 2020-06-08 08:56 - 000178328 _____ C:\226_2020.pdf
2020-06-08 08:18 - 2020-06-07 07:59 - 200011700 ____N C:\VID_20200607_075817.mp4
2020-06-07 15:51 - 2020-06-07 15:51 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-06-07 08:56 - 2020-06-07 12:46 - 000000000 ____D C:\Hádanky
2020-06-07 08:20 - 2020-06-07 08:20 - 003050166 _____ C:\tplink.bmp
2020-06-07 08:19 - 2020-06-07 08:19 - 001435806 _____ C:\asus.bmp
2020-06-04 17:15 - 2020-06-02 06:42 - 246469770 _____ C:\148.trida Gilead - Slavnostni zakonceni 1. cast – uvod a proslovy_540.mp4
2020-06-01 20:08 - 2020-06-01 20:08 - 000000000 ____D C:\Users\Eng_TBII\Documents\Zoom
2020-06-01 20:05 - 2020-06-01 20:05 - 000001892 _____ C:\Users\Eng_TBII\Desktop\Zoom.lnk
2020-06-01 19:29 - 2020-06-01 19:29 - 000000000 ____D C:\Users\Eng_TBII\AppData\Local\TeamViewer
2020-06-01 16:46 - 2020-06-01 16:46 - 000001061 _____ C:\Users\Eng_TBII\Desktop\SafeInCloud.lnk
2020-06-01 16:46 - 2020-06-01 16:46 - 000000000 ____D C:\Users\Eng_TBII\AppData\Roaming\SafeInCloud
2020-06-01 16:46 - 2020-06-01 16:46 - 000000000 ____D C:\Users\Eng_TBII\AppData\Local\SafeInCloud
2020-06-01 16:29 - 2020-06-01 16:29 - 000001892 _____ C:\Users\Eng_TBII\Desktop\Start Zoom.lnk
2020-06-01 16:28 - 2020-06-01 16:28 - 000001740 _____ C:\Users\Eng_TBII\Desktop\MPC-HC x64.lnk
2020-06-01 16:28 - 2020-06-01 16:28 - 000000000 ____D C:\Users\Eng_TBII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-06-01 16:27 - 2020-06-01 16:28 - 000000000 ____D C:\Users\Eng_TBII\AppData\Roaming\Zoom
2020-06-01 16:22 - 2020-06-01 16:22 - 000001409 _____ C:\Windows\QTFont.for
2020-06-01 16:07 - 2020-06-09 16:57 - 000000000 ____D C:\FRST
2020-06-01 16:05 - 2020-06-09 16:56 - 002289152 _____ (Farbar) C:\Users\Marsal\Desktop\FRST64.exe
2020-06-01 15:52 - 2020-06-01 15:52 - 000003134 _____ C:\Windows\system32\Tasks\{D6842B4B-4CEF-46FF-88CE-2406810A73E4}
2020-06-01 15:14 - 2020-06-01 15:14 - 000000000 ____D C:\Users\Eng_TBII\AppData\Roaming\audacity
2020-06-01 15:14 - 2020-06-01 15:14 - 000000000 ____D C:\Users\Eng_TBII\AppData\Local\Audacity
2020-05-25 20:19 - 2020-05-25 20:19 - 000000000 _____ C:\Windows\invcol.tmp
2020-05-24 13:12 - 2020-05-24 13:12 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\ProcessKO
2020-05-24 09:27 - 2020-06-09 16:53 - 000005012 _____ C:\Windows\system32\Tasks\WSCEAA
2020-05-23 19:02 - 2020-05-23 19:02 - 000001016 _____ C:\Users\Marsal\Desktop\IrfanView 64.lnk
2020-05-23 19:01 - 2020-06-09 11:49 - 000000000 ____D C:\Program Files\IrfanView
2020-05-23 12:18 - 2020-06-01 16:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2020-05-23 12:18 - 2020-05-23 18:18 - 000001740 _____ C:\Users\Marsal\Desktop\MPC-HC x64.lnk
2020-05-23 12:18 - 2020-05-23 12:18 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\MPC-HC
2020-05-23 12:17 - 2020-06-01 16:28 - 000000000 ____D C:\Program Files\MPC-HC
2020-05-23 10:40 - 2020-05-23 10:40 - 519571494 _____ C:\Temna stranka lodni dopravy 2016.avi
2020-05-23 07:12 - 2020-06-07 12:38 - 000000000 ____D C:\SHROMAZDENI
2020-05-12 07:34 - 2020-05-12 07:34 - 000000969 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2020-05-12 07:34 - 2020-05-12 07:34 - 000000957 _____ C:\Users\Public\Desktop\TeamViewer.lnk
2020-05-12 07:34 - 2020-05-12 07:34 - 000000957 _____ C:\ProgramData\Desktop\TeamViewer.lnk
2020-05-11 06:01 - 2020-05-11 06:01 - 000000000 ____D C:\Windows\{7DA24A28-C923-41B7-A761-BD12300E8634}

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-09 16:56 - 2016-05-11 06:02 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab39f5bc091d.job
2020-06-09 16:56 - 2015-08-29 15:02 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e25af634f254.job
2020-06-09 16:56 - 2015-05-19 05:56 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d091e7d41a9630.job
2020-06-09 16:56 - 2014-11-18 07:45 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d002f2d42d6254.job
2020-06-09 16:54 - 2016-11-18 14:55 - 000000000 ____D C:\Users\Marsal\AppData\LocalLow\Mozilla
2020-06-09 16:52 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-06-09 16:52 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-06-09 16:50 - 2018-02-13 09:26 - 000692616 _____ C:\Windows\system32\perfh007.dat
2020-06-09 16:50 - 2018-02-13 09:26 - 000151114 _____ C:\Windows\system32\perfc007.dat
2020-06-09 16:50 - 2013-12-10 12:10 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2020-06-09 16:50 - 2013-05-30 13:48 - 000673472 _____ C:\Windows\system32\perfh005.dat
2020-06-09 16:50 - 2013-05-30 13:48 - 000143602 _____ C:\Windows\system32\perfc005.dat
2020-06-09 16:50 - 2009-07-14 07:13 - 002435084 _____ C:\Windows\system32\PerfStringBackup.INI
2020-06-09 16:50 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-06-09 16:45 - 2015-07-18 15:34 - 000000000 __SHD C:\Users\Marsal\IntelGraphicsProfiles
2020-06-09 16:45 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\registration
2020-06-09 16:44 - 2018-10-04 08:19 - 000054156 ____H C:\Windows\QTFont.qfn
2020-06-09 16:44 - 2016-05-11 06:02 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab39f59ce7e8.job
2020-06-09 16:44 - 2016-02-03 06:56 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e3f4dbed736.job
2020-06-09 16:44 - 2015-12-04 07:02 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e50ffd0952d.job
2020-06-09 16:44 - 2015-09-17 06:51 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f10475820c0d.job
2020-06-09 16:44 - 2015-08-29 15:02 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e25af61709a4.job
2020-06-09 16:44 - 2015-07-15 20:51 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf2f444cd475.job
2020-06-09 16:44 - 2015-05-19 05:56 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d091e7d3ff6caa.job
2020-06-09 16:44 - 2015-02-09 07:51 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0442c6483cad6.job
2020-06-09 16:44 - 2013-12-10 12:10 - 000000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2020-06-09 16:43 - 2017-02-22 10:24 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-06-09 16:43 - 2013-05-30 16:41 - 000000000 ____D C:\ProgramData\VMware
2020-06-09 16:43 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-09 13:51 - 2016-12-03 12:33 - 000000000 ____D C:\Temp
2020-06-09 13:07 - 2016-02-03 06:56 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15e3f4dd45b57.job
2020-06-09 13:07 - 2015-09-17 06:51 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f104759fa69c.job
2020-06-09 13:07 - 2015-07-15 20:51 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf2f446dca70.job
2020-06-09 13:01 - 2015-12-04 07:02 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e50ffe99bcb.job
2020-06-09 13:01 - 2015-02-09 07:51 - 000000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0442c649ef45c.job
2020-06-09 11:49 - 2013-09-26 08:33 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\IrfanView
2020-06-09 11:45 - 2013-03-22 02:28 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2020-06-09 11:44 - 2013-07-19 10:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-06-09 11:43 - 2019-10-18 11:36 - 000000000 ____D C:\ProgramData\BSD
2020-06-09 11:43 - 2014-06-26 10:37 - 000000000 ____D C:\Users\Marsal\AppData\Local\Dell
2020-06-09 11:43 - 2013-07-19 10:11 - 000001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-06-09 11:43 - 2013-07-19 10:11 - 000001103 _____ C:\Users\Public\Desktop\Firefox.lnk
2020-06-09 11:43 - 2013-07-19 10:11 - 000001103 _____ C:\ProgramData\Desktop\Firefox.lnk
2020-06-09 11:43 - 2013-04-08 12:23 - 000000000 ____D C:\Users\Eng_TBII\AppData\Local\Dell
2020-06-09 11:43 - 2013-03-22 02:40 - 000000000 ____D C:\ProgramData\Dell
2020-06-09 11:43 - 2013-03-22 02:36 - 000000000 ____D C:\Program Files (x86)\Dell
2020-06-09 11:40 - 2020-02-13 07:54 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\Cryptomator
2020-06-09 11:00 - 2019-03-25 19:32 - 000000000 ____D C:\Temp4
2020-06-09 10:32 - 2016-04-23 17:05 - 000000000 ____D C:\Users\Marsal\AppData\Local\Movavi
2020-06-09 10:31 - 2019-01-24 14:54 - 000000000 ____D C:\Temp3
2020-06-09 07:40 - 2020-02-13 07:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cryptomator
2020-06-09 07:40 - 2020-02-13 07:49 - 000000000 ____D C:\Program Files\Cryptomator
2020-06-09 07:40 - 2020-01-18 12:29 - 000000000 ____D C:\Temp9
2020-06-09 07:01 - 2020-01-16 13:29 - 000000000 ____D C:\Temp8
2020-06-09 06:00 - 2013-07-19 10:13 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-08 20:47 - 2016-03-10 09:19 - 000000000 ____D C:\WinBox
2020-06-08 19:59 - 2015-11-09 10:52 - 000000000 ____D C:\Temp2
2020-06-08 19:17 - 2015-10-26 21:06 - 000174972 _____ C:\Users\Marsal\Desktop\Nový textový dokument.txt
2020-06-07 15:51 - 2020-03-20 21:21 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\Zoom
2020-06-07 13:08 - 2019-10-10 22:33 - 000000000 ____D C:\Zaloha USB
2020-06-07 08:35 - 2014-06-26 10:40 - 000000000 ____D C:\Users\Marsal\AppData\Local\Deployment
2020-06-03 16:38 - 2015-08-14 10:09 - 000000000 __SHD C:\Users\Eng_TBII\IntelGraphicsProfiles
2020-06-02 06:02 - 2020-03-09 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2020-06-01 20:05 - 2016-12-15 17:48 - 000000000 ____D C:\Users\Eng_TBII\AppData\LocalLow\Mozilla
2020-06-01 20:03 - 2014-05-21 14:08 - 000000000 ____D C:\Users\Eng_TBII\AppData\Roaming\IrfanView
2020-06-01 16:46 - 2013-07-19 10:11 - 000000000 ____D C:\Users\Eng_TBII\AppData\Roaming\Mozilla
2020-06-01 15:58 - 2015-02-14 23:04 - 000000000 ____D C:\Program Files (x86)\Online TV
2020-06-01 15:57 - 2015-05-15 09:36 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2020-06-01 15:52 - 2018-10-04 08:19 - 000000000 ____D C:\Windows\SysWOW64\QuickTime
2020-06-01 15:52 - 2018-10-04 08:19 - 000000000 ____D C:\Program Files (x86)\QuickTime
2020-06-01 15:43 - 2013-09-20 06:41 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\VMware
2020-06-01 15:43 - 2013-09-20 06:41 - 000000000 ____D C:\Users\Marsal\AppData\Local\VMware
2020-06-01 15:42 - 2013-05-31 09:27 - 000000000 ____D C:\Program Files\Windows XP Mode
2020-06-01 15:37 - 2013-10-10 09:29 - 000000000 ____D C:\Program Files (x86)\UltraVNC
2020-06-01 15:33 - 2014-06-04 12:30 - 000000000 ____D C:\Users\Marsal\AppData\Local\CrashDumps
2020-06-01 15:28 - 2020-04-29 09:56 - 000000000 ____D C:\Program Files (x86)\Icecream Ebook Reader
2020-06-01 15:21 - 2013-05-31 15:48 - 000000000 ____D C:\Program Files (x86)\FreeCommander
2020-06-01 15:14 - 2016-06-08 11:20 - 000000000 ____D C:\Program Files (x86)\Audacity
2020-06-01 15:13 - 2013-03-22 02:16 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-06-01 15:13 - 2013-03-22 02:16 - 000000000 ____D C:\Windows\system32\Macromed
2020-06-01 15:11 - 2013-04-08 12:23 - 000110096 _____ C:\Users\Eng_TBII\AppData\Local\GDIPFONTCACHEV1.DAT
2020-05-30 07:40 - 2015-04-01 17:35 - 000000000 ____D C:\Temp1
2020-05-27 06:36 - 2014-05-02 09:49 - 000015872 _____ C:\Users\Marsal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-05-24 15:31 - 2013-10-17 13:44 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\TeamViewer
2020-05-23 19:02 - 2013-09-26 08:33 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2020-05-23 18:59 - 2017-05-24 14:20 - 000000000 ___RD C:\Users\Marsal\OneDrive
2020-05-23 17:11 - 2018-04-12 09:45 - 000000000 ____D C:\ProgramData\MaxSyncUp
2020-05-22 09:46 - 2013-09-19 11:52 - 000000000 ____D C:\Users\Marsal
2020-05-21 11:41 - 2020-01-15 14:42 - 000000000 ____D C:\Temp7
2020-05-19 06:04 - 2017-07-25 08:14 - 000002317 _____ C:\Users\Marsal\Desktop\Google Chrome.lnk
2020-05-18 08:26 - 2013-07-19 11:05 - 000000000 ____D C:\Windows\system32\MRT
2020-05-18 08:19 - 2013-05-30 11:59 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-05-18 06:17 - 2020-03-30 14:51 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\WhatsApp
2020-05-18 06:17 - 2020-03-30 14:51 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2020-05-18 06:17 - 2020-03-30 14:51 - 000000000 ____D C:\Users\Marsal\AppData\Local\WhatsApp
2020-05-16 17:18 - 2019-06-18 07:40 - 000000000 ____D C:\Users\Marsal\AppData\Roaming\fontconfig
2020-05-12 14:55 - 2009-07-14 06:45 - 000427760 _____ C:\Windows\system32\FNTCACHE.DAT
2020-05-12 09:33 - 2013-09-19 11:53 - 000110096 _____ C:\Users\Marsal\AppData\Local\GDIPFONTCACHEV1.DAT
2020-05-12 07:41 - 2015-10-13 13:08 - 000000000 ____D C:\Users\Marsal\AppData\Local\TeamViewer
2020-05-11 12:44 - 2014-06-19 11:19 - 000001057 _____ C:\Users\Public\Desktop\Rawet Studio.lnk
2020-05-11 12:44 - 2014-06-19 11:19 - 000001057 _____ C:\ProgramData\Desktop\Rawet Studio.lnk
2020-05-11 12:44 - 2014-06-19 11:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rawet Studio
2020-05-11 12:44 - 2014-06-19 11:19 - 000000000 ____D C:\Program Files (x86)\Rawet Studio

==================== Files in the root of some directories ========

2019-06-18 07:43 - 2019-06-18 07:44 - 000002319 _____ () C:\Users\Marsal\AppData\Roaming\ASSDraw3.cfg
2020-05-01 08:35 - 2020-05-01 08:35 - 000000474 _____ () C:\Users\Marsal\AppData\Roaming\buttrc
2013-11-15 10:57 - 2013-11-15 10:57 - 000000130 _____ () C:\Users\Marsal\AppData\Roaming\hlsigset.log
2014-12-17 07:54 - 2018-03-01 10:17 - 000099384 _____ () C:\Users\Marsal\AppData\Roaming\inst.exe
2013-09-20 08:31 - 2014-04-07 08:24 - 000001725 _____ () C:\Users\Marsal\AppData\Roaming\mainhst.zgh
2014-12-17 07:54 - 2018-03-01 10:17 - 000007859 _____ () C:\Users\Marsal\AppData\Roaming\pcouffin.cat
2014-12-17 07:54 - 2018-03-01 10:17 - 000001167 _____ () C:\Users\Marsal\AppData\Roaming\pcouffin.inf
2014-12-17 07:54 - 2018-03-01 10:17 - 000000055 _____ () C:\Users\Marsal\AppData\Roaming\pcouffin.log
2014-12-17 07:54 - 2018-03-01 10:17 - 000082816 _____ (VSO Software) C:\Users\Marsal\AppData\Roaming\pcouffin.sys
2014-07-02 06:19 - 2019-04-15 22:00 - 000000600 _____ () C:\Users\Marsal\AppData\Roaming\winscp.rnd
2014-05-02 09:49 - 2020-05-27 06:36 - 000015872 _____ () C:\Users\Marsal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-10-10 11:34 - 2019-10-10 11:40 - 000000600 _____ () C:\Users\Marsal\AppData\Local\PUTTY.RND
2015-11-14 17:55 - 2015-11-14 17:55 - 000000017 _____ () C:\Users\Marsal\AppData\Local\resmon.resmoncfg
2015-11-28 21:53 - 2015-11-28 21:53 - 000000000 _____ () C:\Users\Marsal\AppData\Local\{AF216E47-AA6F-463E-89E2-FCA0A8233B35}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2020-06-07 10:24
==================== End of FRST.txt ========================

MMMMM · #11 Příspěvek od **MMMMM** » 09 čer 2020 16:02

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020
Ran by Marsal (09-06-2020 17:00:00)
Running from C:\Users\Marsal\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-04-08 10:23:01)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3879696279-2694623716-4221884656-500 - Administrator - Disabled)
Eng_TBII (S-1-5-21-3879696279-2694623716-4221884656-1000 - Administrator - Enabled) => C:\Users\Eng_TBII
Guest (S-1-5-21-3879696279-2694623716-4221884656-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3879696279-2694623716-4221884656-1008 - Limited - Enabled)
Marsal (S-1-5-21-3879696279-2694623716-4221884656-1006 - Administrator - Enabled) => C:\Users\Marsal
___VMware_Conv_SA___ (S-1-5-21-3879696279-2694623716-4221884656-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@MAX SyncUp 6.1 (HKLM\...\{68EF9E48-C970-4124-BBC1-85C8ADD59109}_is1) (Version: - @MAX Software)
Altap Salamander 4.0 (x64) (HKLM\...\Altap Salamander 4.0 (x64)) (Version: 4.0 - ALTAP)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{b6b417a3-1f40-4618-aadd-49628bda7836}) (Version: 16.1.1 - Intel Corporation)
Cryptomator (HKLM\...\Cryptomator_is1) (Version: 1.5.5 - cryptomator.org)
Custom (HKLM\...\{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}) (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{0C8D5FDB-111E-4F8C-B469-5F330066410E}) (Version: 3.1.2 - Dell, Inc.)
Dell Custom Help (HKLM\...\{BE1CF6CA-3182-45D8-9535-A18055B73607}) (Version: 16.01.1000.0235 - Intel Corporation) Hidden
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00001.021 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{7B2D0B6F-F02D-4363-ACDF-00DE6247ACBC}) (Version: 3.5.2015.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.1207.101.109 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DellAccess (HKLM\...\{20A4AA32-B3FF-4A0B-853C-ACDDCD6CB344}) (Version: 01.03.00.046 - Wave Systems Corp.) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
Dokan Library 1.3.0.1000 (x64) (HKLM\...\{65A3A964-3DC3-0103-0000-190724141005}) (Version: 1.3.0.1000 - Dokany Project)
doPDF (HKLM\...\{494AB360-71F4-47A0-93F6-B8AC963DBF11}) (Version: 8.8.946 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{3aba8e0f-add2-4184-a828-80ee3352c738}) (Version: 8.8.946 - Softland)
ELDES Utility (HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\...\{2294d008-d2df-4280-bc29-195b1df672a2}) (Version: 1.0.0 - ELDES UAB)
ELDES Utility (HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\...\{24fa7c2c-87d3-461e-b559-b883be8a1d3b}) (Version: 1.0.0 - ELDES UAB)
ELDES Utility (HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\...\{c1138193-fc38-4a03-b689-746cb93423e6}) (Version: 1.0.0 - ELDES UAB)
EMBASSY Client Core (HKLM\...\{7EC46A4C-E659-418E-A65A-BD7FC82D4C48}) (Version: 01.03.00.092 - Wave Systems Corp.) Hidden
ERAS Connector (HKLM\...\{0A8700AE-1FD3-4986-B9A8-8FDC84786C66}) (Version: 02.09.05.0330 - Wave Systems Corp) Hidden
ESET Endpoint Antivirus (HKLM\...\{6FDDC552-CEAB-4245-B059-0EAFCC01E9EB}) (Version: 5.0.2225.1 - ESET, spol. s r.o.)
Free Merge MP3 8.8.1.1 (HKLM-x32\...\Free Merge MP3_is1) (Version: - FreeAudioVideoSoftTech, Inc.)
GemPcCCID (HKLM\...\{7567A068-2F02-40D1-A34C-16D79ECD35A6}) (Version: 2.0.1 - Gemalto) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.11.1193 - Intel Corporation)
Intel(R) Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5059 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® Chipset Device Software (HKLM-x32\...\{4e75a24b-6cc4-4a46-accf-525f8a08c533}) (Version: 10.1.1.18 - Intel(R) Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
IrfanView 4.54 (64-bit) (HKLM\...\IrfanView64) (Version: 4.54 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
jqFancyTransitions Addon for WYSIWYG Web Builder (HKLM-x32\...\WYSIWYG_Web_Builder_jqFancyTransitions) (Version: - )
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702 (HKLM-x32\...\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Most 2.3.68 (HKLM-x32\...\Most 2.3_is1) (Version: - FIEDLER-MÁGR)
Mozilla Firefox 77.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 77.0.1 (x64 cs)) (Version: 77.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 77.0.1.7458 - Mozilla)
MPC-HC 1.9.3 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.9.3 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetSurveillance (HKLM-x32\...\NetSurveillance) (Version: - )
Nivo Slider Addon for WYSIWYG Web Builder (HKLM-x32\...\WYSIWYG_Web_Builder_nivo_slider) (Version: - )
novaPDF 8 Printer Driver (HKLM\...\{45ACC237-36D7-4071-8BFE-54DA41A0EC21}) (Version: 8.8.946 - Softland)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\{D535FC73-1F63-4347-896A-C97A45F11E9C}) (Version: 3.0.07.44 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{D535FC73-1F63-4347-896A-C97A45F11E9C}) (Version: 3.0.07.44 - O2Micro International LTD.)
OPC Core Components Redistributable (x64) 105.0 (HKLM\...\{725FFCF9-5D38-4249-8697-9BDB415E6B00}) (Version: 3.00.10501 - OPC Foundation)
PBA Driver (HKLM\...\{DF5B5BEC-BA44-4669-98C8-2A691C5EA428}) (Version: 1.0.1.7 - Dell Inc.) Hidden
PDFsam Basic (HKLM-x32\...\{003A4226-78E3-4219-B4C0-22FCE7C3FE73}) (Version: 3.20.4.0 - Andrea Vacondio)
PDF-XChange Editor (HKLM\...\{70231D1A-0E44-444B-BBCD-3260316A296C}) (Version: 6.0.320.1 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{2de96974-ac4a-4e83-a12a-40c3c97960b5}) (Version: 6.0.320.1 - Tracker Software Products (Canada) Ltd.)
Preboot Manager (HKLM\...\{59ACD2BB-FC62-4427-81D2-618CF81A2A32}) (Version: 03.05.00.026 - Wave Systems Corp.) Hidden
Private Information Manager (HKLM\...\{0149ECF0-D825-4892-A468-065F2009328A}) (Version: 07.03.00.016 - Wave Systems Corp.) Hidden
Prostředí Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation)
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Rajče průvodce verze 1.59.52.267 (HKLM-x32\...\rajce.net_is1) (Version: - rajce.net)
Rawet Studio verze 2 (HKLM-x32\...\{9EF5F4E0-603F-4CF4-A5BD-3F5D1A03BA23}_is1) (Version: 2 - Rawet, s.r.o.)
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 9.2 - Screaming Frog Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
SI TSS (HKLM\...\{A2309A2F-4BEB-45C8-92E1-84D430AC15AD}) (Version: 2.1.41 - Security Innovation) Hidden
SICAM_1703_USB-Driver_64Bit (HKLM\...\{42FACE7A-95A6-49CB-8925-772089981D9D}) (Version: 1.00.0000 - Siemens AG)
SPBA (WBF) 5.9 (HKLM\...\{DD317AA5-F0EF-480F-9501-507712B5E0B6}) (Version: 5.9.7.7232 - Authentec Inc.) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0046 - ST Microelectronics)
Subtitle Edit 3.5.10 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.10.0 - Nikse)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.5.6 - TeamViewer)
TOOLBOX II (HKLM\...\{9382327F-5545-4D92-AF0E-32068D2BCC3E}) (Version: 5.10.0104 - Siemens AG)
toolkit32for64bit (HKLM-x32\...\{6C2DD120-A13A-48DD-9A65-D5FD8BE63435}) (Version: 7.68.85.0013 - Wave Systems Corp) Hidden
Trusted Drive Manager (HKLM\...\{236EBEF4-8DE5-4E0E-8FD0-27D94F772FF0}) (Version: 5.0.0.304 - Wave Systems Corp.) Hidden
VMware Workstation (HKLM\...\{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}) (Version: 9.0.2 - VMware, Inc.) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 9.0.2 - VMware, Inc)
Vzum (HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\...\6cfa0c5674100ff8) (Version: 1.0.0.22 - Vzum)
Wave Crypto Runtime 2.0.9.0 x64 (HKLM\...\{5F160A36-29D0-4AE0-986C-671A564BC0D4}) (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Crypto Runtime 2.0.9.0 x86 (HKLM-x32\...\{29D07FB4-A026-4E1F-B9A2-8C9EC0E2FEBB}) (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (HKLM\...\{14CFC674-CD4F-4BE5-8B68-07BA3FE941FF}) (Version: 07.68.85.0014 - Wave Systems Corp) Hidden
Wave Support Software Installer (HKLM\...\{86A9BBDF-9B6D-4E3D-810E-23C9079C6217}) (Version: 05.15.00.021 - Wave Systems Corp) Hidden
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: 3.0.7.7 - )
Web Gate Client Files V6.1 SP2.1 (HKLM-x32\...\{95410E4B-F191-4BFF-A996-D6B34733120E}) (Version: 6.1.02.0000 - Schneider Electric)
Web Gate Client Files V6.1 SP3 (HKLM-x32\...\{9878689A-843E-4B12-9620-F1BA87EFFABC}) (Version: 6.1.3 - Schneider Electric)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2410 - Broadcom Corporation)
Windows Driver Package - Siemens E D EA (usbser) Ports (04/21/2009 5.1.2600.0) (HKLM\...\FC832A84170FBA9091BC25DE4FC9497B1D662DAF) (Version: 04/21/2009 5.1.2600.0 - Siemens E D EA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
WYSIWYG Web Builder 14.0.2 (HKLM-x32\...\{8FBE0A8B-AB6F-4E1E-9880-63A0DB756C3B}_is1) (Version: 14.0.2 - Pablo Software Solutions)
WYSIWYG Web Builder 15.0.1 (HKLM-x32\...\{8FBE0A8B-BBFF-4E1E-9880-63A0DB756C3B}_is1) (Version: 15.0.1 - Pablo Software Solutions)
Zoom (HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Marsal\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Marsal\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Marsal\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2012-11-09] (Wave Systems Corp. -> Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2012-11-09] (Wave Systems Corp. -> Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2013-10-07] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => -> No File
ContextMenuHandlers1: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [miranda.shlext] -> {72013A26-A94C-11d6-8540-A5E62932711D} => -> No File
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL -> No File
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2017-02-07] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2012-09-21] (Wondershare Software Co., Ltd. -> )
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2013-10-07] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2013-02-26] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [miranda.shlext] -> {72013A26-A94C-11d6-8540-A5E62932711D} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2018-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2013-10-07] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => -> No File
ContextMenuHandlers6: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [475672 2008-07-26] (Logitech Inc -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [416280 2008-07-26] (Logitech Inc -> Logitech Inc.)
HKLM\...\Drivers32: [VIDC.VMnc] => C:\Windows\SysWOW64\vmnc.dll [360528 2013-02-26] (VMware, Inc. -> VMware, Inc.)
HKLM\...\Drivers32: [vidc.yv12] => C:\Windows\SysWOW64\yv12vfw.dll [70656 2004-01-25] (www.helixcommunity.org) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"CmdLineConsumer_WSCEAA\"",Filter="__EventFilter.Name=\"CmdLinefilter_WSCEAA\"::
WMI:subscription\__EventFilter->CmdLinefilter_WSCEAA::[Query => SELECT * FROM MSNdis_StatusMediaConnect]
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->CmdLineConsumer_WSCEAA::[CommandLineTemplate => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\\WSCEAA.exe -nic][WorkingDirectory => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\Marsal\Desktop\CAEx.lnk -> C:\SAT\TBIIWIN7\CAX_WIN7.bat ()
Shortcut: C:\Users\Marsal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetSurveillance\reg.lnk -> C:\Program Files (x86)\NetSurveillance\CMS\reg.bat ()
ShortcutWithArgument: C:\Users\Marsal\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Marsal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Simple EPUB Reader.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=ojhbgcchcbdjdenibfmjofobklkkhofc
ShortcutWithArgument: C:\Users\Marsal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\Users\Marsal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\Users\Public\Desktop\Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%

==================== Loaded Modules (Whitelisted) =============

2013-03-22 02:32 - 2012-05-30 20:55 - 000059904 _____ ( () [File not signed]) [File is in use ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-03-22 02:32 - 2012-05-30 20:56 - 000032768 _____ ( (Intel Corporation) [File not signed]) [File is in use ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\cs-CZ\IAStorIcon.resources.dll
2013-03-22 02:32 - 2012-05-30 20:55 - 000004608 _____ ( (Intel Corporation) [File not signed]) [File is in use ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\cs-CZ\IntelVisualDesign.resources.dll
2013-03-22 02:32 - 2012-05-30 20:55 - 000176128 _____ ( (Intel Corporation) [File not signed]) [File is in use ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll
2013-03-22 02:32 - 2012-05-30 20:55 - 001319424 _____ ( (Intel Corporation) [File not signed]) [File is in use ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll
2013-07-19 11:06 - 2013-07-19 11:06 - 000225280 _____ ( (Microsoft Corporation) [File not signed]) [File is in use ] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2012-07-06 16:12 - 2014-02-27 13:35 - 000763904 _____ ( (Siemens AG) [File not signed]) [File is in use ] C:\Siemens_EA\TBII\EMII\BIN\SatTbQtControls.dll
2019-06-18 07:29 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2019-06-18 07:29 - 2017-03-23 09:49 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2020-01-08 10:31 - 2013-04-22 18:03 - 022378434 _____ () [File not signed] C:\Program Files\Common Files\Eldes\icudt51.dll
2020-01-08 10:31 - 2013-04-22 18:03 - 003369922 _____ () [File not signed] C:\Program Files\Common Files\Eldes\icuin51.dll
2020-01-08 10:31 - 2013-04-22 18:03 - 001978690 _____ () [File not signed] C:\Program Files\Common Files\Eldes\icuuc51.dll
2020-01-08 10:31 - 2013-04-17 20:18 - 000544817 _____ () [File not signed] C:\Program Files\Common Files\Eldes\libgcc_s_dw2-1.dll
2020-01-08 10:31 - 2013-04-17 20:19 - 000989805 _____ () [File not signed] C:\Program Files\Common Files\Eldes\libstdc++-6.dll
2020-01-08 10:31 - 2018-02-18 23:26 - 000073216 _____ () [File not signed] C:\Program Files\Common Files\Eldes\QtSolutions_Service-head.dll
2010-02-01 16:34 - 2010-02-01 16:34 - 000019456 ____R () [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwjavavm.dll
2011-05-20 07:24 - 2011-05-20 07:24 - 000148992 _____ () [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satcxb.dll
2017-02-23 11:08 - 2015-03-25 18:11 - 000102912 _____ () [File not signed] C:\Siemens_EA\TBII\EMII\BIN\tbiislb.dll
2019-05-23 16:58 - 2019-05-23 16:58 - 000172544 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\59287b78c3ec80a796fc72e83bac8716\IsdiInterop.ni.dll
2020-01-08 10:31 - 2018-02-18 22:45 - 004604928 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Common Files\Eldes\Qt5Core.dll
2020-01-08 10:31 - 2013-12-08 20:00 - 001392128 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Common Files\Eldes\Qt5Network.dll
2012-05-09 17:48 - 2012-05-09 17:48 - 002517504 ____R (Digia Plc) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\QtCore4.dll
2012-05-09 18:01 - 2012-05-09 18:01 - 008351232 ____R (Digia Plc) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\QtGui4.dll
2012-05-09 17:49 - 2012-05-09 17:49 - 001009664 ____R (Digia Plc) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\QtNetwork4.dll
2012-05-09 17:48 - 2012-05-09 17:48 - 000340992 ____R (Digia Plc) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\QtXml4.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000385113 ____R (GFT Solutions GmbH) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwocc.dll
2010-02-01 17:02 - 2010-02-01 17:02 - 000489984 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gw40ctl.dll
2010-02-01 17:04 - 2010-02-01 17:04 - 000264192 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwaxisclnt.dll
2010-02-01 17:02 - 2010-02-01 17:02 - 000276480 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwbase.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000020480 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwbmp.dll
2010-02-01 17:02 - 2010-02-01 17:02 - 000079360 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwcomm.dll
2012-04-27 11:51 - 2012-04-27 11:51 - 001712640 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwcore.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000121344 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwcua.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000309760 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwdoc.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000353792 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwedit.dll
2010-02-01 17:04 - 2010-02-01 17:04 - 000112128 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwhypproc.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000213504 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwchart.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000017408 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwicon.dll
2010-02-01 17:04 - 2010-02-01 17:04 - 000196608 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwinsignclnt.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000521216 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwinter.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000271360 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwolectl.dll
2010-02-01 17:06 - 2010-02-01 17:06 - 000074240 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwora81.dll
2010-02-01 17:05 - 2010-02-01 17:05 - 000075264 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwprtspr.dll
2010-02-01 17:04 - 2010-02-01 17:04 - 004944384 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwrepdev.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000452096 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwspread.dll
2010-02-01 17:04 - 2010-02-01 17:04 - 000947712 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwsql.dll
2010-02-01 17:03 - 2010-02-01 17:03 - 000113152 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwtools.dll
2010-02-01 17:04 - 2010-02-01 17:04 - 000099328 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwwfclient.dll
2010-02-01 17:04 - 2010-02-01 17:04 - 001995264 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwxerces.dll
2010-02-01 17:04 - 2010-02-01 17:04 - 000156672 ____R (GFT Technologies AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\gwxml.dll
2019-05-23 16:58 - 2019-05-23 16:58 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\5f39005543919a2bd9bbf96f2173ba9d\IAStorCommon.ni.dll
2013-03-22 02:32 - 2012-05-30 20:43 - 000279552 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI.dll
2013-03-22 02:31 - 2012-10-16 15:52 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2019-05-23 16:58 - 2019-05-23 16:58 - 000229376 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\50e1760253872115cd1b7788fd6d3e05\IAStorDataMgr.ni.dll
2019-05-23 16:58 - 2019-05-23 16:58 - 000489472 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3f50037b07c82f3ba78a94036d349bfd\IAStorUtil.ni.dll
2009-08-11 12:37 - 2009-08-11 12:37 - 001655296 _____ (Microsoft Corporation) [File not signed] C:\Program Files\ESET\ESET Endpoint Antivirus\MFC80U.DLL
2020-01-08 10:31 - 2013-04-17 19:26 - 000073901 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Program Files\Common Files\Eldes\libwinpthread-1.dll
2017-02-23 10:50 - 2013-10-11 05:20 - 001036288 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\OCI.dll
2017-02-23 10:50 - 2013-10-11 02:43 - 000462848 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraasmclnt11.dll
2017-02-23 10:50 - 2013-10-11 05:17 - 000352256 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oracell11.dll
2017-02-23 10:50 - 2013-10-11 05:05 - 004288512 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\OraClient11.Dll
2017-02-23 10:50 - 2013-10-11 05:05 - 002838528 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oracommon11.dll
2017-02-23 10:50 - 2013-09-18 20:24 - 000987136 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oracore11.dll
2017-02-23 10:50 - 2013-10-11 05:05 - 013963264 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orageneric11.dll
2017-02-23 10:50 - 2013-09-25 23:11 - 004222976 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orahasgen11.dll
2017-02-23 10:50 - 2013-09-21 03:49 - 001646592 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraldapclnt11.dll
2017-02-23 10:50 - 2013-10-10 03:56 - 004243456 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oran11.dll
2017-02-23 10:50 - 2013-10-10 03:28 - 000007680 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orancds11.dll
2017-02-23 10:50 - 2013-10-10 03:29 - 000139264 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orancrypt11.dll
2017-02-23 10:50 - 2013-10-10 03:29 - 000035328 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oranhost11.dll
2017-02-23 10:50 - 2013-10-10 03:29 - 000106496 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\bin\oranipc11.dll
2017-02-23 10:50 - 2013-10-10 03:28 - 000438272 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oranl11.dll
2017-02-23 10:50 - 2013-10-10 03:29 - 000311296 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oranldap11.dll
2017-02-23 10:50 - 2013-09-17 01:51 - 000823296 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oranls11.dll
2017-02-23 10:50 - 2013-09-21 03:49 - 001290240 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orannzsbb11.dll
2017-02-23 10:50 - 2013-10-10 03:28 - 000311296 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oranro11.dll
2017-02-23 10:50 - 2013-10-10 03:28 - 000221184 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orantcp11.dll
2017-02-23 10:50 - 2013-10-10 03:29 - 000051200 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orantns11.dll
2017-02-23 10:50 - 2013-09-25 23:11 - 000716800 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraocr11.dll
2017-02-23 10:50 - 2013-09-25 23:11 - 000573440 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraocrb11.dll
2017-02-23 10:50 - 2013-09-25 23:10 - 000044032 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraocrutl11.dll
2017-02-23 10:50 - 2013-10-11 05:04 - 000094208 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\OraPlc11.Dll
2017-02-23 10:50 - 2013-10-11 05:05 - 002953216 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraplp11.dll
2017-02-23 10:50 - 2013-10-11 05:05 - 004263936 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orapls11.dll
2017-02-23 10:50 - 2010-05-10 06:05 - 000035328 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraslax11.dll
2017-02-23 10:50 - 2013-09-17 01:36 - 000188416 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orasnls11.dll
2017-02-23 10:50 - 2013-10-11 04:57 - 000622592 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orasql11.dll
2017-02-23 10:50 - 2013-09-17 01:35 - 000106496 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraunls11.dll
2017-02-23 10:50 - 2013-09-18 20:24 - 000009728 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orauts.dll
2017-02-23 10:50 - 2013-10-11 02:53 - 000009216 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oravsn11.dll
2017-02-23 10:50 - 2013-09-14 02:06 - 004538368 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraxml11.dll
2017-02-23 10:50 - 2013-09-21 03:51 - 001646592 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\orazt11.dll
2017-02-23 10:50 - 2013-09-21 03:53 - 000593920 _____ (Oracle Corporation) [File not signed] C:\Siemens_EA\TBII\DB\ORA11R2_CL\BIN\oraztkg11.dll
2012-07-06 16:11 - 2014-02-27 13:35 - 000076288 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satasy.dll
2012-07-06 16:15 - 2014-10-15 15:58 - 001131008 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satgui.dll
2012-07-06 16:15 - 2014-02-27 13:38 - 000096256 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satpri.dll
2012-07-06 16:13 - 2014-02-27 13:36 - 000048640 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satrdi.dll
2012-07-06 16:12 - 2014-02-27 13:44 - 000030720 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satrmk.dll
2012-07-06 16:11 - 2014-02-27 13:35 - 000069120 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\SatTbQtModels.dll
2012-07-06 16:14 - 2014-02-27 13:37 - 000172544 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\sattbx.dll
2012-07-06 16:11 - 2014-02-27 13:34 - 000048128 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satuoi.dll
2012-07-06 16:11 - 2014-02-27 13:34 - 000101376 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satzbo.dll
2012-07-06 16:12 - 2015-03-10 16:42 - 001710080 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satzdb.dll
2012-07-06 16:13 - 2014-08-20 16:04 - 000266240 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satzdbgrit.dll
2012-07-06 16:11 - 2014-02-27 13:34 - 000031744 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satzip.dll
2012-07-06 16:11 - 2014-11-12 18:31 - 000276992 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satzos.dll
2012-07-06 16:14 - 2014-05-16 12:57 - 000658944 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\satzst.dll
2012-07-06 16:10 - 2014-02-27 13:33 - 000009216 _____ (Siemens AG) [File not signed] C:\Siemens_EA\TBII\EMII\BIN\TbiiDbInfo.dll
2016-12-16 19:32 - 2016-12-16 19:32 - 000018944 _____ (Softland) [File not signed] C:\Windows\System32\novamn8.dll
2012-11-15 23:43 - 2012-11-15 23:43 - 000017920 _____ (Wave Systems Corp.) [File not signed] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\TPMSupport.dll
2013-03-22 02:36 - 2013-03-22 02:36 - 000025600 _____ (Wave Systems Corp.) [File not signed] C:\Windows\WinSxS\amd64_wave.super.superprotocol_1aaab1af848ab112_2.0.0.8_none_d8efad6d2cd9e7ee\Super.dll
2013-03-22 02:36 - 2013-03-22 02:36 - 001175040 _____ (Wave Systems Corp.) [File not signed] C:\Windows\WinSxS\amd64_wave.wcr10.cryptoruntime_1aaab1af848ab112_1.0.2.12_none_68ec49aab7426278\WCR10.dll
2019-06-18 07:29 - 2017-03-23 09:52 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA [346]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\51459171.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\51459171.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2020-02-13 07:51 - 000000869 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 cryptomator-vault

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\SAT\PSR;C:\Siemens_EA\TBII\EMII\BIN;C:\SAT;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client;C:\Program Files\Intel\iCLS Client;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client;C:\Program Files\Intel\iCLS Client;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Intel\WiFi\bin;C:\Program Files\Common Files\Intel\WirelessCommon;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Gemalto\Access Client\v5;C:\Program Files (x86)\Security Innovation\SI TSS\bin;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Acronis\SnapAPI;C:\Program Files (x86)\Schneider Electric\Vijeo-WebGate Control;C:\Program Files (x86)\Common Files\Acronis\SnapAPI;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\WiFi\bin;C:\Program Files\Common Files\Intel\WirelessCommon;C:\Program Files (x86)\Universal Extractor;C:\Program Files (x86)\Universal Extractor\bin;C:\Siemens_EA\TBII\EMII\CAExII\BIN;C:\SAT\CAEX;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\
HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1 - 10.208.10.208
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: hubiC => C:\Program Files\OVH\hubiC\hubiC.exe
MSCONFIG\startupreg: Služba Acronis Scheduler2 => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D853FFD4-4AF6-4D8A-81A1-97DF9C0FC8CD}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel Wireless Display -> Intel Corporation)
FirewallRules: [{907AB259-E4CE-429B-B627-70B5C534801E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E113B460-9DEE-4E6D-A2B1-A03FC935B43B}] => (Allow) LPort=2869
FirewallRules: [{9BBD00B3-7031-4F52-B86F-8591CB779C8C}] => (Allow) LPort=1900
FirewallRules: [{1F94FA34-D010-46EF-9442-46D9E5CA1909}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F5106A74-C80E-4D7D-86D3-65A90190F697}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{9B6ACE50-C1AE-4C45-BABF-F386446E59D9}C:\siemens_ea\tbii\emii\bin\rmd.exe] => (Allow) C:\siemens_ea\tbii\emii\bin\rmd.exe (Siemens AG) [File not signed]
FirewallRules: [UDP Query User{4F823A01-42EA-436D-AD2E-6ECA945C1CF8}C:\siemens_ea\tbii\emii\bin\rmd.exe] => (Allow) C:\siemens_ea\tbii\emii\bin\rmd.exe (Siemens AG) [File not signed]
FirewallRules: [{5D715949-3974-41FF-83EB-D2307D62B83E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{C5FA3C0D-2E3F-4083-98E2-9C1B10248FE1}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{396D030E-6CE8-40B4-A7BB-59327B6576C0}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{F9D6960B-8936-4282-A71E-906A9BB4C64E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{63F803E4-BB44-49D7-A711-3409409B8A35}] => (Allow) LPort=1522
FirewallRules: [{C22CD3F3-82D3-45AC-B759-6E6E24E3D3D2}] => (Allow) LPort=1522
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{64C4A1AF-6C47-43C4-9611-92B70EC02BE5}] => (Allow) LPort=56789
FirewallRules: [{0D4B18DC-0E12-4992-8083-2DF610DDF978}] => (Allow) C:\Program Files (x86)\UltraVNC\winvnc.exe => No File
FirewallRules: [{ADDA4275-A572-4D8F-A912-FAEAA592A695}] => (Allow) C:\Program Files (x86)\UltraVNC\winvnc.exe => No File
FirewallRules: [{04B57C4C-E5AA-4E8A-BF58-BD6F6643B81A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Mobile Wireless Group -> )
FirewallRules: [{1AE2B076-C126-4249-9D7F-3CF4A73C79BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{ACB5F244-E472-4B81-A746-DA41DB479961}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{DCB079CF-07A2-4073-BABE-A872611BE864}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{92FF2134-48FD-4856-91BD-3ECFE96AA742}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1306F528-9CED-4408-A96F-EFA23E4B0CEB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CAD3D1C7-1F84-4268-86C1-DCEC8689D4A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{7480B045-DAE1-4D8D-A107-1CEF7746FF5B}C:\winbox\winbox.exe] => (Allow) C:\winbox\winbox.exe (Mikrotikls SIA -> )
FirewallRules: [UDP Query User{BFEF02F6-4E1D-4306-B28B-214D524F5E9C}C:\winbox\winbox.exe] => (Allow) C:\winbox\winbox.exe (Mikrotikls SIA -> )
FirewallRules: [{893B752C-6EF3-4AB1-9C58-1A1384E14E9B}] => (Allow) C:\Windows\system32\hasplms.exe (SafeNet, Inc. -> SafeNet Inc.)
FirewallRules: [{98907452-29BB-47F0-9C56-A599EAC4A40C}] => (Allow) LPort=8501
FirewallRules: [{89EB3926-365F-485F-BC7C-A5F284656734}] => (Allow) LPort=8501
FirewallRules: [{AA7A3DC7-79B0-410A-BE77-0C369B5F480A}] => (Allow) C:\Users\Marsal\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe => No File
FirewallRules: [{64803718-33DB-4073-A454-19E638341EA5}] => (Allow) C:\Users\Marsal\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe => No File
FirewallRules: [{79B98EF8-50B1-4D84-BC62-C2D526BAE4C5}] => (Allow) C:\Users\Marsal\AppData\Local\Apowersoft\Online Video Downloader\Online Video Downloader.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{86CC0283-178B-487A-9DDB-8E43E2DBCDB4}] => (Allow) C:\Users\Marsal\AppData\Local\Apowersoft\Online Video Downloader\Online Video Downloader.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [TCP Query User{8288BD85-6A11-4B62-B303-07CA34E4B8B7}H:\portable\website realizer\wr.exe] => (Allow) H:\portable\website realizer\wr.exe (Adritech Software Company Limited -> Adritech Software Company Limited)
FirewallRules: [UDP Query User{4D8C503A-6927-43DA-8B8D-BA01731A845A}H:\portable\website realizer\wr.exe] => (Allow) H:\portable\website realizer\wr.exe (Adritech Software Company Limited -> Adritech Software Company Limited)
FirewallRules: [{452AB09D-4A94-4B10-833B-5BA565294306}] => (Allow) C:\Program Files (x86)\MaxSyncUp\msusvc.exe (Maxim Deminov -> @MAX Software)
FirewallRules: [{5D5A5FD5-B544-4BF9-8BE7-DDBE5CFA6917}] => (Allow) C:\Program Files (x86)\MaxSyncUp\MaxSyncUp.exe (Maxim Deminov -> @MAX Software)
FirewallRules: [TCP Query User{3759EAED-58AA-4A1C-A907-5AB385F10836}C:\program files\altap salamander\salamand.exe] => (Allow) C:\program files\altap salamander\salamand.exe (Fine spol. s r.o. -> ALTAP)
FirewallRules: [UDP Query User{193DC7B8-F9B2-4A56-ACAF-6981729E70FB}C:\program files\altap salamander\salamand.exe] => (Allow) C:\program files\altap salamander\salamand.exe (Fine spol. s r.o. -> ALTAP)
FirewallRules: [TCP Query User{B736A94E-E6A3-433D-8A05-E827B6EB4437}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe (Skymatic GmbH -> )
FirewallRules: [UDP Query User{854045F7-7584-4819-AB6B-2042FCD9AEFF}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe (Skymatic GmbH -> )
FirewallRules: [TCP Query User{4CEDDA76-D6C9-45A4-BCA8-8DCD3035D278}C:\winbox\winbox64.exe] => (Allow) C:\winbox\winbox64.exe (Mikrotikls SIA -> )
FirewallRules: [UDP Query User{422439AE-01D6-404C-9D10-F93E54B4534A}C:\winbox\winbox64.exe] => (Allow) C:\winbox\winbox64.exe (Mikrotikls SIA -> )
FirewallRules: [{7DC10D0C-32AF-44F0-9CFC-61577F0ECDF6}] => (Allow) C:\Users\Marsal\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A1AB856C-3D13-40FE-9376-4C98FE7951FB}] => (Allow) C:\Users\Marsal\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{538AD67D-22E7-4225-8FE5-70BFE1266C69}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6B3509B8-0A61-4399-8892-DF2EA15705F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{66709F59-001E-43E5-892B-ADE5B4C101F1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3310DC3B-87BD-41BB-A3C0-186AB9E88A39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5167DF43-3C5C-42FD-A2FD-8AC33856BD73}] => (Allow) C:\Users\Eng_TBII\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C412DC38-1E59-4F98-A20B-6F230C055003}] => (Allow) C:\Users\Eng_TBII\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{F48AF8DA-1BAC-47C2-8FC8-E457529A5FBD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{53829DE4-BA6D-4436-813A-754E644F8C12}E:\winbox.exe] => (Block) E:\winbox.exe => No File
FirewallRules: [UDP Query User{AE0F449E-24FC-498B-8DCE-BABE6578D3FB}E:\winbox.exe] => (Block) E:\winbox.exe => No File

==================== Restore Points =========================

04-06-2020 15:35:35 Scheduled Checkpoint
09-06-2020 07:40:21 Installed Dokan Library 1.3.0.1000 (x64)
09-06-2020 11:43:08 AdwCleaner_BeforeCleaning_09/06/2020_11:43:07

==================== Faulty Device Manager Devices ============

Name: Shrew Soft Lightweight Filter
Description: Shrew Soft Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: vflt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Intel(R) Centrino(R) Advanced-N 6205
Description: Intel(R) Centrino(R) Advanced-N 6205
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: ========================

Application errors:
==================
Error: (06/09/2020 04:43:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/09/2020 11:44:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HidMonitorSvc.exe, verze: 8.1.0.20, časové razítko: 0x55f2d7cb
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x538
Čas spuštění chybující aplikace: 0x01d63e4292b7d24c
Cesta k chybující aplikaci: C:\Program Files\DellTPad\HidMonitorSvc.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: d984e395-aa35-11ea-8571-2016d89e0216

Error: (06/09/2020 11:44:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/09/2020 05:55:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HidMonitorSvc.exe, verze: 8.1.0.20, časové razítko: 0x55f2d7cb
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x7ec
Čas spuštění chybující aplikace: 0x01d63e11d1d3d9b2
Cesta k chybující aplikaci: C:\Program Files\DellTPad\HidMonitorSvc.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 18ab5b2b-aa05-11ea-b2d2-2016d89e0216

Error: (06/09/2020 05:55:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/08/2020 06:06:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HidMonitorSvc.exe, verze: 8.1.0.20, časové razítko: 0x55f2d7cb
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x4d0
Čas spuštění chybující aplikace: 0x01d63daec3e2ea79
Cesta k chybující aplikaci: C:\Program Files\DellTPad\HidMonitorSvc.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 0a894a3e-a9a2-11ea-9500-2016d89e0216

Error: (06/08/2020 06:06:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/08/2020 05:52:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HidMonitorSvc.exe, verze: 8.1.0.20, časové razítko: 0x55f2d7cb
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x794
Čas spuštění chybující aplikace: 0x01d63d48212aca6e
Cesta k chybující aplikaci: C:\Program Files\DellTPad\HidMonitorSvc.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 6812d55a-a93b-11ea-8638-2016d89e0216

System errors:
=============
Error: (06/09/2020 04:45:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
vflt

Error: (06/09/2020 04:45:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Dell Client Management Service přestala během spouštění reagovat.

Error: (06/09/2020 04:43:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba VMware Workstation Server ukončena s chybou %%-1, specifickou pro službu.

Error: (06/09/2020 04:43:19 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Služba WvPCR závisí na následující službě: TBS. Tato služba pravděpodobně není nainstalována.

Error: (06/09/2020 04:43:18 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Služba SI TSS v1.2.1.41 TCS závisí na následující službě: TBS. Tato služba pravděpodobně není nainstalována.

Error: (06/09/2020 11:46:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Alps HID Monitor Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/09/2020 11:46:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
vflt

Error: (06/09/2020 11:46:06 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Dell Client Management Service přestala během spouštění reagovat.

Windows Defender:
===================================
Date: 2018-04-27 05:50:21.626
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{D68046FE-12B7-4159-A4FA-7A5D5EC81E0A}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2016-06-15 06:11:07.503
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... tid=225956
Název:SoftwareBundler:Win32/Stallmonitz
ID:225956
Závažnost:High
Kategorie:Software Bundler
Nalezeno v cestě:file:C:\Users\Marsal\AppData\Local\Temp\is-HHA1H.tmp\CBStub.exe;process:pid:1888
Typ zjišťování:Konkrétní
Zdroj zjišťování:Ochrana v reálném čase
Stav:Neznámý
Uživatel:\
Název procesu:

Date: 2015-12-26 05:17:04.989
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... tid=223449
Název:SoftwareBundler:Win32/Mizenota
ID:223449
Závažnost:High
Kategorie:Software Bundler
Nalezeno v cestě:file:C:\Ashampoo+Office+Catalog+E_10924_i103159327_il345.exe
Typ zjišťování:Konkrétní
Zdroj zjišťování:Systém
Stav:Neznámý
Uživatel:NT AUTHORITY\NETWORK SERVICE
Název procesu:c:\program files\windows defender\MpCmdRun.exe

CodeIntegrity:
===================================

Date: 2020-06-09 16:43:06.566
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-09 16:43:05.833
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-09 11:44:20.462
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-09 11:44:19.931
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-09 05:55:20.555
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-09 05:55:20.025
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-08 18:06:16.664
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-06-08 18:06:16.134
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Dell Inc. A22 11/30/2018
Motherboard: Dell Inc. 0JC5MT
Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Percentage of memory in use: 63%
Total physical RAM: 8094.84 MB
Available physical RAM: 2937.71 MB
Total Virtual: 16487.82 MB
Available Virtual: 11035.43 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:237.7 GB) (Free:34.4 GB) NTFS
Drive h: (Transcend) (Fixed) (Total:1863.01 GB) (Free:374.43 GB) NTFS
Drive k: (OS) (Network) (Total:237.7 GB) (Free:34.4 GB) NTFS

\\?\Volume{0c617744-9296-11e2-aad4-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.49 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: D7F369B2)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=237.7 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 1D9CAA9B)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

#12 Příspěvek od **Rudy** » 09 čer 2020 17:12

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Marsal\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Marsal\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Marsal\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => -> No File
ContextMenuHandlers1: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [miranda.shlext] -> {72013A26-A94C-11d6-8540-A5E62932711D} => -> No File
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [miranda.shlext] -> {72013A26-A94C-11d6-8540-A5E62932711D} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => -> No File
ContextMenuHandlers6: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA [346]
FirewallRules: [{0D4B18DC-0E12-4992-8083-2DF610DDF978}] => (Allow) C:\Program Files (x86)\UltraVNC\winvnc.exe => No File
FirewallRules: [{ADDA4275-A572-4D8F-A912-FAEAA592A695}] => (Allow) C:\Program Files (x86)\UltraVNC\winvnc.exe => No File
FirewallRules: [{AA7A3DC7-79B0-410A-BE77-0C369B5F480A}] => (Allow) C:\Users\Marsal\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe => No File
FirewallRules: [{64803718-33DB-4073-A454-19E638341EA5}] => (Allow) C:\Users\Marsal\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe => No File
FirewallRules: [{C412DC38-1E59-4F98-A20B-6F230C055003}] => (Allow) C:\Users\Eng_TBII\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{53829DE4-BA6D-4436-813A-754E644F8C12}E:\winbox.exe] => (Block) E:\winbox.exe => No File
FirewallRules: [UDP Query User{AE0F449E-24FC-498B-8DCE-BABE6578D3FB}E:\winbox.exe] => (Block) E:\winbox.exe => No File
C:\Users\Marsal\AppData\Local\Temp
C:\Ashampoo+Office+Catalog+E_10924_i103159327_il345.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
Task: {095E7A76-8B84-4161-A1BF-99A75EFF7B9B} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f10475820c0d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {0C40A0A5-D478-4A63-B215-EF22991645DD} - System32\Tasks\GoogleUpdateTaskMachineUA1d15e3f4dd45b57 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {0C82E3E5-CD05-461D-A916-7C745877714D} - System32\Tasks\{D5ABCAC2-019B-48CF-B60F-A8D3EC0BDC5C} => C:\Windows\system32\pcalua.exe -a C:\Users\Eng_TBII\Desktop\SALAMAND.EXE -d C:\Users\Eng_TBII\Desktop
Task: {0FB6737A-91AD-4071-9FC0-C010C75B2C84} - System32\Tasks\WinThruster64-Marsal-Startup => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe <==== ATTENTION
Task: {18FD6ED4-2E3D-4C5D-A491-101DE862E032} - System32\Tasks\{DDFDF8E6-9FC9-41F1-A9AF-9A34AF3026BD} => C:\Windows\system32\pcalua.exe -a C:\Windows\iun6002.exe -c "E:\Portable\WYSIWYG Web Builder 10\irunin.ini" <==== ATTENTION
Task: {19FC6C74-65FD-40EE-8761-3DAEB32DF832} - System32\Tasks\GoogleUpdateTaskMachineCore1d0442c6483cad6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {1BE61B9A-7F11-42AE-80BF-368C94890E7A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1eb5c84a67257 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {1F87D442-12D5-4A60-B685-9DA31E969E58} - System32\Tasks\GoogleUpdateTaskMachineUA1d091e7d41a9630 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {2A67726F-3893-427A-8250-BB44B3D4EEA8} - System32\Tasks\GoogleUpdateTaskMachineCore1d15e3f4dbed736 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {3381E415-0A77-4CE0-942C-694F6D0AC7FA} - System32\Tasks\{D6842B4B-4CEF-46FF-88CE-2406810A73E4} => C:\Windows\system32\pcalua.exe -a C:\Windows\unvise32qt.exe -c C:\Windows\system32\QuickTime\Uninstall.log
Task: {35AFFA54-F29D-4CBB-97D1-500B293D36CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {43E11D12-2102-426D-8EBE-B718E0FB43EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {50065D99-36D9-4A1E-963F-41328AA996CF} - System32\Tasks\GoogleUpdateTaskMachineUA1d12e50ffe99bcb => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {7101F7DB-2222-448B-B463-C26870634176} - \SpyHunter4Startup -> No File <==== ATTENTION
Task: {8448F66F-5F55-4695-B7ED-4B299C9122BA} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf2f446dca70 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {8644D8AA-53DD-4FB7-9C14-16692C9A3203} - System32\Tasks\GoogleUpdateTaskMachineUA1d1eb5c84bc6ba9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {A6899650-D6AE-410A-9F1A-1CF5345FB6AA} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf2f444cd475 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {AE7FCAAB-F6D1-4852-9B39-9F354A60EE5D} - System32\Tasks\GoogleUpdateTaskMachineCore1d091e7d3ff6caa => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {C185CA7E-36F4-495C-88BD-8153675CD0E3} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f104759fa69c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {C777EF2D-6D0E-4AD3-977D-48C583B82F73} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab39f5bc091d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {FFFFA652-CABF-46FC-83C8-896E03FC9F94} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e25af634f254 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0442c6483cad6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d091e7d3ff6caa.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf2f444cd475.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e25af61709a4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f10475820c0d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e50ffd0952d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e3f4dbed736.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab39f59ce7e8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d002f2d42d6254.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0442c649ef45c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d091e7d41a9630.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf2f446dca70.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e25af634f254.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f104759fa69c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e50ffe99bcb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15e3f4dd45b57.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab39f5bc091d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-3879696279-2694623716-4221884656-1006: www.wansview.com/HYPlayer -> C:\Program Files (x86)\HYPlayer\npHYPlayer.dll [No File]
C:\ProgramData\lzmiudcz.flf
C:\Windows\system32\Tasks\{D6842B4B-4CEF-46FF-88CE-2406810A73E4}
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab39f5bc091d.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e25af634f254.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d091e7d41a9630.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d002f2d42d6254.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab39f59ce7e8.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e3f4dbed736.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e50ffd0952d.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f10475820c0d.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e25af61709a4.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf2f444cd475.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d091e7d3ff6caa.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0442c6483cad6.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15e3f4dd45b57.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f104759fa69c.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf2f446dca70.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e50ffe99bcb.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0442c649ef45c.job
C:\Users\Marsal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Marsal\AppData\Local\{AF216E47-AA6F-463E-89E2-FCA0A8233B35}

EmptyTemp:
Hosts:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

MMMMM · #13 Příspěvek od **MMMMM** » 10 čer 2020 05:06

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020
Ran by Marsal (10-06-2020 06:02:00) Run:1
Running from C:\Users\Marsal\Desktop
Loaded Profiles: Marsal
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Marsal\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Marsal\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Marsal\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => -> No File
ContextMenuHandlers1: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [miranda.shlext] -> {72013A26-A94C-11d6-8540-A5E62932711D} => -> No File
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [miranda.shlext] -> {72013A26-A94C-11d6-8540-A5E62932711D} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [JRcm] -> {C20B9A7B-ED5B-4CEB-B2A6-F1F62E99C539} => -> No File
ContextMenuHandlers6: [JRcm64] -> {013BF2A8-A4B1-11DF-A865-F509E0D72085} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:E8BE05FA [346]
FirewallRules: [{0D4B18DC-0E12-4992-8083-2DF610DDF978}] => (Allow) C:\Program Files (x86)\UltraVNC\winvnc.exe => No File
FirewallRules: [{ADDA4275-A572-4D8F-A912-FAEAA592A695}] => (Allow) C:\Program Files (x86)\UltraVNC\winvnc.exe => No File
FirewallRules: [{AA7A3DC7-79B0-410A-BE77-0C369B5F480A}] => (Allow) C:\Users\Marsal\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe => No File
FirewallRules: [{64803718-33DB-4073-A454-19E638341EA5}] => (Allow) C:\Users\Marsal\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe => No File
FirewallRules: [{C412DC38-1E59-4F98-A20B-6F230C055003}] => (Allow) C:\Users\Eng_TBII\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{53829DE4-BA6D-4436-813A-754E644F8C12}E:\winbox.exe] => (Block) E:\winbox.exe => No File
FirewallRules: [UDP Query User{AE0F449E-24FC-498B-8DCE-BABE6578D3FB}E:\winbox.exe] => (Block) E:\winbox.exe => No File
C:\Users\Marsal\AppData\Local\Temp
C:\Ashampoo+Office+Catalog+E_10924_i103159327_il345.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
Task: {095E7A76-8B84-4161-A1BF-99A75EFF7B9B} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f10475820c0d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {0C40A0A5-D478-4A63-B215-EF22991645DD} - System32\Tasks\GoogleUpdateTaskMachineUA1d15e3f4dd45b57 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {0C82E3E5-CD05-461D-A916-7C745877714D} - System32\Tasks\{D5ABCAC2-019B-48CF-B60F-A8D3EC0BDC5C} => C:\Windows\system32\pcalua.exe -a C:\Users\Eng_TBII\Desktop\SALAMAND.EXE -d C:\Users\Eng_TBII\Desktop
Task: {0FB6737A-91AD-4071-9FC0-C010C75B2C84} - System32\Tasks\WinThruster64-Marsal-Startup => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe <==== ATTENTION
Task: {18FD6ED4-2E3D-4C5D-A491-101DE862E032} - System32\Tasks\{DDFDF8E6-9FC9-41F1-A9AF-9A34AF3026BD} => C:\Windows\system32\pcalua.exe -a C:\Windows\iun6002.exe -c "E:\Portable\WYSIWYG Web Builder 10\irunin.ini" <==== ATTENTION
Task: {19FC6C74-65FD-40EE-8761-3DAEB32DF832} - System32\Tasks\GoogleUpdateTaskMachineCore1d0442c6483cad6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {1BE61B9A-7F11-42AE-80BF-368C94890E7A} - System32\Tasks\GoogleUpdateTaskMachineCore1d1eb5c84a67257 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {1F87D442-12D5-4A60-B685-9DA31E969E58} - System32\Tasks\GoogleUpdateTaskMachineUA1d091e7d41a9630 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {2A67726F-3893-427A-8250-BB44B3D4EEA8} - System32\Tasks\GoogleUpdateTaskMachineCore1d15e3f4dbed736 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {3381E415-0A77-4CE0-942C-694F6D0AC7FA} - System32\Tasks\{D6842B4B-4CEF-46FF-88CE-2406810A73E4} => C:\Windows\system32\pcalua.exe -a C:\Windows\unvise32qt.exe -c C:\Windows\system32\QuickTime\Uninstall.log
Task: {35AFFA54-F29D-4CBB-97D1-500B293D36CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {43E11D12-2102-426D-8EBE-B718E0FB43EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {50065D99-36D9-4A1E-963F-41328AA996CF} - System32\Tasks\GoogleUpdateTaskMachineUA1d12e50ffe99bcb => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {7101F7DB-2222-448B-B463-C26870634176} - \SpyHunter4Startup -> No File <==== ATTENTION
Task: {8448F66F-5F55-4695-B7ED-4B299C9122BA} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf2f446dca70 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {8644D8AA-53DD-4FB7-9C14-16692C9A3203} - System32\Tasks\GoogleUpdateTaskMachineUA1d1eb5c84bc6ba9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {A6899650-D6AE-410A-9F1A-1CF5345FB6AA} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf2f444cd475 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {AE7FCAAB-F6D1-4852-9B39-9F354A60EE5D} - System32\Tasks\GoogleUpdateTaskMachineCore1d091e7d3ff6caa => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {C185CA7E-36F4-495C-88BD-8153675CD0E3} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f104759fa69c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {C777EF2D-6D0E-4AD3-977D-48C583B82F73} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab39f5bc091d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {FFFFA652-CABF-46FC-83C8-896E03FC9F94} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e25af634f254 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0442c6483cad6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d091e7d3ff6caa.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf2f444cd475.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e25af61709a4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f10475820c0d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e50ffd0952d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e3f4dbed736.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab39f59ce7e8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d002f2d42d6254.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0442c649ef45c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d091e7d41a9630.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf2f446dca70.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e25af634f254.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f104759fa69c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e50ffe99bcb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15e3f4dd45b57.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab39f5bc091d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-3879696279-2694623716-4221884656-1006: www.wansview.com/HYPlayer -> C:\Program Files (x86)\HYPlayer\npHYPlayer.dll [No File]
C:\ProgramData\lzmiudcz.flf
C:\Windows\system32\Tasks\{D6842B4B-4CEF-46FF-88CE-2406810A73E4}
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab39f5bc091d.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e25af634f254.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d091e7d41a9630.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d002f2d42d6254.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab39f59ce7e8.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e3f4dbed736.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e50ffd0952d.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f10475820c0d.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e25af61709a4.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf2f444cd475.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d091e7d3ff6caa.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0442c6483cad6.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15e3f4dd45b57.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f104759fa69c.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf2f446dca70.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e50ffe99bcb.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0442c649ef45c.job
C:\Users\Marsal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Marsal\AppData\Local\{AF216E47-AA6F-463E-89E2-FCA0A8233B35}

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-3879696279-2694623716-4221884656-1006_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\JRcm => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\JRcm64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\miranda.shlext => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\PDFCreator.ShellContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{d9cea52e-100d-4159-89ea-76e845bc13e1} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\miranda.shlext => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\JRcm => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\JRcm64 => removed successfully
C:\ProgramData\TEMP => ":E8BE05FA" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D4B18DC-0E12-4992-8083-2DF610DDF978}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADDA4275-A572-4D8F-A912-FAEAA592A695}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA7A3DC7-79B0-410A-BE77-0C369B5F480A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64803718-33DB-4073-A454-19E638341EA5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C412DC38-1E59-4F98-A20B-6F230C055003}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{53829DE4-BA6D-4436-813A-754E644F8C12}E:\winbox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AE0F449E-24FC-498B-8DCE-BABE6578D3FB}E:\winbox.exe" => removed successfully

"C:\Users\Marsal\AppData\Local\Temp" folder move:

Could not move "C:\Users\Marsal\AppData\Local\Temp" => Scheduled to move on reboot.

"C:\Ashampoo+Office+Catalog+E_10924_i103159327_il345.exe" => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{095E7A76-8B84-4161-A1BF-99A75EFF7B9B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{095E7A76-8B84-4161-A1BF-99A75EFF7B9B}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0f10475820c0d => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore1d0f10475820c0d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C40A0A5-D478-4A63-B215-EF22991645DD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C40A0A5-D478-4A63-B215-EF22991645DD}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d15e3f4dd45b57 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d15e3f4dd45b57" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C82E3E5-CD05-461D-A916-7C745877714D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C82E3E5-CD05-461D-A916-7C745877714D}" => removed successfully
C:\Windows\System32\Tasks\{D5ABCAC2-019B-48CF-B60F-A8D3EC0BDC5C} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D5ABCAC2-019B-48CF-B60F-A8D3EC0BDC5C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FB6737A-91AD-4071-9FC0-C010C75B2C84}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FB6737A-91AD-4071-9FC0-C010C75B2C84}" => removed successfully
C:\Windows\System32\Tasks\WinThruster64-Marsal-Startup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinThruster64-Marsal-Startup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18FD6ED4-2E3D-4C5D-A491-101DE862E032}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18FD6ED4-2E3D-4C5D-A491-101DE862E032}" => removed successfully
C:\Windows\System32\Tasks\{DDFDF8E6-9FC9-41F1-A9AF-9A34AF3026BD} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DDFDF8E6-9FC9-41F1-A9AF-9A34AF3026BD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{19FC6C74-65FD-40EE-8761-3DAEB32DF832}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19FC6C74-65FD-40EE-8761-3DAEB32DF832}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0442c6483cad6 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore1d0442c6483cad6" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1BE61B9A-7F11-42AE-80BF-368C94890E7A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BE61B9A-7F11-42AE-80BF-368C94890E7A}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1eb5c84a67257 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore1d1eb5c84a67257" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F87D442-12D5-4A60-B685-9DA31E969E58}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F87D442-12D5-4A60-B685-9DA31E969E58}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d091e7d41a9630 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d091e7d41a9630" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A67726F-3893-427A-8250-BB44B3D4EEA8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A67726F-3893-427A-8250-BB44B3D4EEA8}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d15e3f4dbed736 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore1d15e3f4dbed736" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3381E415-0A77-4CE0-942C-694F6D0AC7FA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3381E415-0A77-4CE0-942C-694F6D0AC7FA}" => removed successfully
C:\Windows\System32\Tasks\{D6842B4B-4CEF-46FF-88CE-2406810A73E4} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D6842B4B-4CEF-46FF-88CE-2406810A73E4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35AFFA54-F29D-4CBB-97D1-500B293D36CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35AFFA54-F29D-4CBB-97D1-500B293D36CC}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43E11D12-2102-426D-8EBE-B718E0FB43EB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43E11D12-2102-426D-8EBE-B718E0FB43EB}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50065D99-36D9-4A1E-963F-41328AA996CF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50065D99-36D9-4A1E-963F-41328AA996CF}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d12e50ffe99bcb => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d12e50ffe99bcb" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7101F7DB-2222-448B-B463-C26870634176}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7101F7DB-2222-448B-B463-C26870634176}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8448F66F-5F55-4695-B7ED-4B299C9122BA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8448F66F-5F55-4695-B7ED-4B299C9122BA}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0bf2f446dca70 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d0bf2f446dca70" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8644D8AA-53DD-4FB7-9C14-16692C9A3203}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8644D8AA-53DD-4FB7-9C14-16692C9A3203}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1eb5c84bc6ba9 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d1eb5c84bc6ba9" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A6899650-D6AE-410A-9F1A-1CF5345FB6AA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6899650-D6AE-410A-9F1A-1CF5345FB6AA}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0bf2f444cd475 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore1d0bf2f444cd475" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AE7FCAAB-F6D1-4852-9B39-9F354A60EE5D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE7FCAAB-F6D1-4852-9B39-9F354A60EE5D}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d091e7d3ff6caa => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore1d091e7d3ff6caa" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C185CA7E-36F4-495C-88BD-8153675CD0E3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C185CA7E-36F4-495C-88BD-8153675CD0E3}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0f104759fa69c => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d0f104759fa69c" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C777EF2D-6D0E-4AD3-977D-48C583B82F73}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C777EF2D-6D0E-4AD3-977D-48C583B82F73}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1ab39f5bc091d => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d1ab39f5bc091d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFFFA652-CABF-46FC-83C8-896E03FC9F94}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFFFA652-CABF-46FC-83C8-896E03FC9F94}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0e25af634f254 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d0e25af634f254" => removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0442c6483cad6.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d091e7d3ff6caa.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf2f444cd475.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e25af61709a4.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f10475820c0d.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e50ffd0952d.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e3f4dbed736.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab39f59ce7e8.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d002f2d42d6254.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0442c649ef45c.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d091e7d41a9630.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf2f446dca70.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e25af634f254.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f104759fa69c.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e50ffe99bcb.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15e3f4dd45b57.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab39f5bc091d.job => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => removed successfully
HKLM\Software\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.11 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4 => removed successfully
HKU\S-1-5-21-3879696279-2694623716-4221884656-1006\Software\MozillaPlugins\www.wansview.com/HYPlayer => removed successfully
"C:\Program Files (x86)\HYPlayer\npHYPlayer.dll" => not found
C:\ProgramData\lzmiudcz.flf => moved successfully
"C:\Windows\system32\Tasks\{D6842B4B-4CEF-46FF-88CE-2406810A73E4}" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1ab39f5bc091d.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e25af634f254.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d091e7d41a9630.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d002f2d42d6254.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab39f59ce7e8.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15e3f4dbed736.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e50ffd0952d.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f10475820c0d.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e25af61709a4.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf2f444cd475.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d091e7d3ff6caa.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0442c6483cad6.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15e3f4dd45b57.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f104759fa69c.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf2f446dca70.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e50ffe99bcb.job" => not found
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0442c649ef45c.job" => not found
C:\Users\Marsal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Marsal\AppData\Local\{AF216E47-AA6F-463E-89E2-FCA0A8233B35} => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 49745478 B
Java, Flash, Steam htmlcache => 1396 B
Windows/system/drivers => 7985539176 B
Edge => 0 B
Chrome => 362541302 B
Firefox => 1454516302 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 12 B
Public => 12 B
ProgramData => 12 B
systemprofile => 2613 B
systemprofile32 => 35799 B
LocalService => 35799 B
NetworkService => 60285 B
Eng_TBII => 100123310 B
Marsal => 123802114 B

RecycleBin => 9338656434 B
EmptyTemp: => 18.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-06-2020 06:05:19)

C:\Users\Marsal\AppData\Local\Temp => moved successfully

==== End of Fixlog 06:05:20 ====

#14 Příspěvek od **Rudy** » 10 čer 2020 09:15

Smazáno. Nastala nějaká změna?

MMMMM · #15 Příspěvek od **MMMMM** » 10 čer 2020 09:33

Ano výrazně se to zrachlilo. Můžu vědět, kde byl problém? Co tam bylo za havěť. Děkuji za pomoc.

VIRY.CZ

Prosim o kontrolu pomalé PC

Prosim o kontrolu pomalé PC

Re: Prosim o kontrolu pomalé PC

Re: Prosim o kontrolu pomalé PC

Re: Prosim o kontrolu pomalé PC

Re: Prosim o kontrolu pomalé PC

Re: Prosim o kontrolu pomalé PC

Re: Prosim o kontrolu pomalé PC

Re: Prosim o kontrolu pomalé PC

Re: Prosim o kontrolu pomalé PC

Re: Prosim o kontrolu pomalé PC

Re: Prosim o kontrolu pomalé PC

Re: Prosim o kontrolu pomalé PC

Re: Prosim o kontrolu pomalé PC

Re: Prosim o kontrolu pomalé PC

Re: Prosim o kontrolu pomalé PC