Přejít na obsah

Vodafone mi oznámil, že jsem v botnetu


Návštěvník freekarol

Doporučené příspěvky

Návštěvník freekarol

Dostal jsem od Vodafone tento varovný email:

Quote

 

---------- Původní e-mail ----------
Od: technicalhelpdesk@vodafone.com
Komu: ****@seznam.cz
Datum: 29. 4. 2021 14:16:08
Předmět: Vodafone bezpecnostni incident id #177693

 

Vážený zákazníku,

dovolujeme si Vás tímto upozornit na pravděpodobné infikování některého z Vašich zařízení připojených do sítě Vodafone Czech Republic a. s. (dále jen "Vodafone") malwarem nebo virem. Abychom předešli zneužití, kvůli němuž by mohlo dojít k narušení bezpečnosti a dostupnosti veřejné komunikační sítě Vodafone včetně služeb elektronických komunikací poskytovaných prostřednictvím této sítě, vyzýváme Vás ke zjednání nezbytné nápravy.

Odhalené zranitelnosti:
Botnet - zjištěna infikace malwarem
IP: 89.176.***.**, čas zjištění: 2021-04-26 00:40:03, incident č. 177693.

Podle charakteru aktivity, která byla u Vás zjištěna, se některé Vaše zařízení připojené k Internetu pravděpodobně stalo obětí nákazy malwarem ze sítě botnet. Obecně se jedná o speciálně upravený škodlivý program instalovaný do zařízení zpravidla bez vědomí uživatele nebo z nepozornosti. Často je takto napadána výpočetní technika bez aktivní ochrany v reálném čase (chybí antiviry nebo jiný bezpečnostní program) nebo pravidelně aktualizovaného software. Někdy se malware šíří zneužitím obecně známé nevyřešené zranitelnosti v systémech. Po průniku infekce je aktivita programu řízena skrytě na dálku za účelem způsobení škody ostatním uživatelům veřejné sítě Internet, případně přímo Vám (z Vašeho zařízení se tak může stát nástroj pro rozesílání spamu, DDoS útoky na velké korporace nebo internetové služby, může dojít k odesílání citlivých dat uživatele apod.)
Bližší informace o tomto typu nákazy získáte například zde:
https://cs.wikipedia.org/wiki/Botnet

Přestože je společnost Vodafone přesvědčena, že zmíněný nedostatek není způsoben z Vaší strany úmyslně, musíme Vás touto cestou upozornit a současně nabídnout pomoc. Pro odstranění výše uvedených zranitelností Vám doporučujeme zkontrolovat zabezpečení všech Vašich zařízení, které k internetu připojujete, prostřednictvím některého z dostupných antivirových programů (pro účely okamžité nápravy aktuálního bezpečnostního incidentu lze u řady z nich využít bezplatného zkušebního období, případně existují i zcela bezplatné verze). Příklad některých z nich uvádíme zde:
Free Antivirus společnosti AVAST (pro PC s Windows a mobilní zařízení s Android OS a iOS, dostupný na https://www.avast.com/cs-cz/index)
Malwarebytes Anti-Malware (vhodný pro odstraňování malware, pro PC a Mac a mobilní zařízení s Android OS, dostupný na https://www.malwarebytes.com/mwb-download/thankyou/)
Norton Security společnosti Symantec (pro PC s Windows a mobilní zařízení s Android OS a iOS, zkušební verze, dostupná na https://cz.norton.com/downloads)
Eset Family Security Pack (pro PC s Windows a mobilní zařízení s Android OS a iOS, zkušební verze, dostupná na https://www.eset.com/cz/domacnosti/family-security-pack/)
Kaspersky Internet Security (pro PC s Windows a mobilní zařízení s Android OS a iOS, zkušební/placená verze, dostupná na https://www.kaspersky.cz/#compare-products)

Potřebujete-li více informací s řešením výše uvedeného incidentu, kontaktuje prosím naše pracovníky technického oddělení pomocí e-mailu opravime@vodafone.com, případně na telefonním čísle +420 241 005 100. Při komunikaci s našimi pracovníky uvádějte prosím číslo incidentu 177693.

Včasným odstraněním závadného stavu do 14 dnů od doručení tohoto sdělení předejdete situaci, při které bude společnost Vodafone nucena v souladu s Všeobecnými obchodními podmínkami omezit téměř veškerý odchozí provoz služeb. Bude povolena komunikace pouze na portech 80 (http), 443 (https), 110 (POP3), 143 (IMAP), 53 (DNS), 67 a 68 (DHCP).

Pro zajištění přiměřené ochrany Vaší výpočetní techniky včetně uložených dat před útoky z internetu doporučujeme v budoucnu nepodceňovat význam placených antivirových programů nebo bezpečnostních balíků a instalovat je nejen na všechny Vaše počítače, ale také na mobilní zařízení, která využívají připojení k internetu (smartphony, tablety aj.), můžete tím omezit nebo vyloučit výskyt podobných bezpečnostních incidentů.

Věříme, že výše uvedené sdělení, kterým se snažíme zamezit možné zneužití veřejné komunikační sítě Vodafone a jejich služeb, přijmete s pochopením, neboť tím bude zajištěna nejen bezpečnost Vaše, ale i všech ostatních uživatelů.

S pozdravem

Centrum technické podpory
Vodafone Czech Republic a. s.
tel: +420 241 005 100
email: opravime@vodafone.com

 

 

Pak jsem dostal tyto doplňující informace:

 

Quote

Dobrý den,

MAC adresu k dispozici nemáme, pouze tento výpis z logu:

IP adresa89.176.***.** (rezident s dynamickou IP)
Typ reportu
Typbotnet drone
PopisThis host is most likely infected with malware.
Zdrojový port
Cílové IP216.218.135.114
Cílový port80


Vím, jistě, že notebok a počítač, které jsou připojené do sítě Vodafone, ničím infikované nejsou, protože žádný podezřelý proces se Správci Úloh není. I tak jsem si nechal FRST a AdwCleaner proskenovat notebok a jak jsem očekával, žádná infekce.  Bude oznámení o tomhle výsledku stačit, aby mi nezablokovali porty?

Odkaz ke komentáři
Sdílet na ostatní stránky

Návštěvník freekarol

Jasně, žádný problém. 😀

Číslo smlouvy pošlu ve zprávě.

FRST Log

 

Spoiler

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by Chuck (administrator) on HP (Hewlett-Packard HP ProBook 4535s) (04-05-2021 14:36:30)
Running from C:\Users\Karol\Desktop
Loaded Profiles: Chuck & Karol
Platform: Windows 10 Home Version 20H2 19042.867 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Alexandr Irza) [File not signed] D:\Karol\Archive\1.Extensions\Software\Portable\x32\Volume\Volume2_1.1.7.434\Volume2.exe
(Andrea Electronics Corporation) [File not signed] C:\Program Files\IDT\WDM\AESTSr64.exe
(Appwork GmbH -> AppWork GmbH) C:\Users\Karol\AppData\Local\JDownloader 2.0\JDownloader2.exe
(Atheros) [File not signed] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(David Carpenter -> ) C:\Program Files\Everything\Everything.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(CHENGDU AOMEI Tech Co., Ltd. -> ) C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe
(CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(SalvadorSoftware) [File not signed] D:\Karol\Archive\1.Extensions\Software\Portable\x32\app management\portable start menu\asuite_x64-v2.0.0\asuite_x64.exe
(StagWare) [File not signed] C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie\SbieCtrl.exe
(Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie\SbieSvc.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\update_notifier.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe <18>
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NUSB3MON] => c:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.) [File not signed]
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2197608 2017-06-07] (David Carpenter -> )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [6531536 2019-10-31] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.) [File not signed]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [ABNotify] => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe [89960 2017-03-25] (CHENGDU AOMEI Tech Co., Ltd. -> )
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3376616 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com)
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\Run: [Vivaldi Update Notifier] => C:\Program Files (x86)\Vivaldi\Application\update_notifier.exe [1880648 2020-03-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\Software\Policies\...\system: [disablecmd] 0
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3376616 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com)
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Run: [Vivaldi Update Notifier] => C:\Program Files (x86)\Vivaldi\Application\update_notifier.exe [1880648 2020-03-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Run: [Volume2] => D:\Karol\Archive\1.Extensions\Software\Portable\x32\Volume\Volume2_1.1.7.434\Volume2.exe [4350464 2021-02-14] (Alexandr Irza) [File not signed]
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Run: [ASuite] => D:\Karol\Archive\1.Extensions\Software\Portable\x32\app management\portable start menu\asuite_x64-v2.0.0\asuite_x64.exe [12268032 2020-04-20] (SalvadorSoftware) [File not signed]
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9C142C0C-124C-4467-B117-EBCC62801D7B}] -> C:\Program Files (x86)\Vivaldi\Application\2.11.1811.47\Installer\chrmstp.exe [2020-06-14] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2013-09-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2013-09-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
Startup: C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2016-12-09]
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {126DD8CE-8C75-430C-B0BD-BD8FDDEFC66F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {184BCB5A-622A-40F3-9750-2FC9C2524F73} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {198E4553-E499-4FEC-BF71-2DE98CD4C0C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F0EC664-BA70-4489-9D24-703B627D94E0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1FDDF3D9-92F4-4C02-903B-27AF1341F4D0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software)
Task: {21F92A90-397C-41F7-B647-3C7C92C85E69} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {282EAD2E-9665-404C-A449-2C7CE67BC5ED} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {299238D2-F47F-430F-80F1-27AC3194A516} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {2CBFACDF-FEB3-40D5-9A86-871E18B5F012} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {31537973-BF08-414E-8C18-016AA2E10735} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {34E5E123-1946-44CE-9DC6-9C91413F5368} - System32\Tasks\My Tasks\auto hibernation => shutdown [Argument = /h]
Task: {37015500-3F40-4146-9BB5-562F45E40978} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {3C63F250-FAFF-4783-A307-3CF6575A8A9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [124280 2018-08-30] (HP Inc. -> HP Inc.)
Task: {3DA20FC9-D65D-4825-B9F7-EF27D257BC08} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {412CE83E-2101-4893-9CC4-11104E16CA07} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {44A78B22-8685-4235-86C9-73FDBF5DD960} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {46901229-9BD7-4281-B999-E978D639CB5A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {474BD1FC-9BA3-4066-A8C2-2916031099CF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4774AC1A-50B0-4D60-8A12-569BB4B71FAE} - System32\Tasks\{C38DECD5-4820-4B6F-8E4A-1F2445C4096C} => "C:\Program Files\Internet Explorer\IEXPLORE.EXE" https://ui.skype.com/ui/0/7.40.0.103/cs ... Error=1603
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {49FCE141-CB65-4556-BAEC-325331FEB10F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {4D393590-7F03-484F-804E-71650C2A8334} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4E0434D3-837C-4592-8AD5-F59D150F5726} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {51D3CA13-D9F2-4E1A-8F6C-CE86C95BF422} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {540ACDE2-69DD-426B-B44A-FCF025497495} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {54460751-1A6C-481B-B80E-1657AE7D6D05} - \My Tasks\Empty Windows Recycle Bin. -> No File <==== ATTENTION
Task: {5A6249DF-ADE4-4D85-AAB8-00ED90BDAA12} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {63946C7F-2F66-4269-B0BE-5DE2D5D93C3D} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {6759277E-F575-4256-8495-2835E9584A4D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\mrt.exe [144749672 2016-07-13] (Microsoft Windows -> Microsoft Corporation)
Task: {688F3B79-D539-445E-985D-A2BFB75789B8} - System32\Tasks\My Tasks\open gmail afternoon => C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [1771592 2020-03-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
Task: {69CDD3BE-F780-4BAF-B718-8CEB37983D1C} - System32\Tasks\MasterSeeker.UACBypass.1ee7473df8f6351c77699e1d8f3d0494 => D:\Karol\Archive\1. Extensions\Software\installers\search engines\file-name-no-index\MasterSeeker1.5.1\MasterSeeker.exe
Task: {6DB21E63-B367-4731-B550-CD321E5A8FC6} - System32\Tasks\My Tasks\open gmail night => C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [1771592 2020-03-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
Task: {6E44B8F0-C812-4658-9B76-E44E0B82A0D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {6E79CB94-B352-41D2-A4A0-9367C98AE0A7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {735ECD01-6F6A-454E-9E9F-E022C90C75CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {74874CB4-E137-4889-92BD-3EBA03F78D00} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7833BD64-D7EB-4F6B-A19E-C170DD7803BE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {888CEB6B-45A0-4895-A2CF-AB3BCC4B1D0E} - System32\Tasks\MasterSeeker.UACBypass.40a67d949b950387fa2284792b5effc7 => D:\Karol\Archive\1. Extensions\Software\Portable\x32\File Management\search engines\no index\MasterSeeker1.5.1\MasterSeeker.exe
Task: {8A918489-8464-4268-BDEA-20B9CC9401DC} - System32\Tasks\{768B319C-4286-4539-9A64-D45279719C54} => C:\Windows\system32\pcalua.exe -a C:\Users\Chuck\Desktop\sp56876.exe -d C:\Users\Chuck\Desktop
Task: {8BDF57BC-BE22-4E9D-82E1-DC9BE897D639} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {90720BA0-4D63-49B6-A8FA-795E6C5D4BCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {921EEFB9-8FB3-4F6E-9561-FC780AD28532} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {93185870-5C8C-4276-A9B0-F2AA88E784D7} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {961BC585-EFA5-4BBC-BC5B-E1D2F12CBCF1} - System32\Tasks\My Tasks\cleanup versioning folder => ForFiles [Argument = /p "D:\Karol\Archive\4.versioning" /s /d -10 /c "cmd /c del @file"] -> /p "D:\Karol\Archive\4.versioning" /s /d -10 /c "cmd /c del @file"
Task: {9BFD489B-5F09-42F6-9179-963E0268A092} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9C1162B6-8F0F-401F-A4C7-6EAC6F191C86} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9D373580-1126-4A24-8390-8209C423A611} - System32\Tasks\{87A5FB26-48A3-4A66-AA52-8D3A83794FE6} => "c:\program files (x86)\mozilla firefox\firefox.exe" https://www.skype.com/go/downloading?so ... rror=12040
Task: {9DACAB5B-FBE0-430C-92AD-93EA342DED8F} - System32\Tasks\DisableLockScreen => reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData /t REG_DWORD /v AllowLockScreen /d 0 /f
Task: {A559D691-E4CE-4FA3-B40E-8BE5B36C2D1E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AE2D77F8-E407-43CA-AE5F-C1476B92DE54} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AFCE3371-615A-4DF7-B61B-265516815029} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B110211B-6594-48BA-A4D9-AC9CE6E62372} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {B1FBC68E-EC26-41FC-8424-AC3EF5202884} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B7B8FB88-F954-493C-A26C-54AEA3239536} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B8757F00-4BE9-441C-82A1-C02D622CC7F4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C177C83C-0572-4E55-BB23-3B99176F2BE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D286E1A3-2C4D-48AE-A89F-2BC49B0E0E21} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D2F5091A-D624-4BBA-B909-A10BCCFFFFC0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D49A867E-51BD-4DB8-AEBB-D60B4CE30DAC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D7ABEDB3-8CB2-4BBE-B342-254C882B60C8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DC659376-2B13-4DF8-9B7C-655E5860D21F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1183256 2018-02-09] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {E1973331-1B79-42A7-8162-BEB646BFE905} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {E474C421-6342-4FD0-AE67-326AA69B457C} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {E48428C6-42E5-4FF3-92CF-179A1EEC7685} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [677344 2021-02-02] (Mozilla Corporation -> Mozilla Foundation)
Task: {E87652C7-4A47-4B6E-AFF2-4B025DE6C3B7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EA0E1989-626F-4100-B137-8575E770F8A3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {EB2D4759-3947-46A1-AB62-1090FED2DF37} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {ECB03397-042A-4568-94E5-933D1AF35C2A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {EFED7834-A78C-4E66-8466-35A13701DFF5} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {F005B929-FDB7-4B46-9B9B-BFE69752C20E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F03EA912-D7A0-41B8-90BD-65A244C72858} - System32\Tasks\{26D164E1-B8C8-4567-9727-7101BBC0AB8E} => "c:\program files (x86)\mozilla firefox\firefox.exe" https://ui.skype.com/ui/0/7.40.0.103/en ... Error=1603
Task: {F1F1B2FA-3B42-4FF0-9698-16783E6526A9} - System32\Tasks\MasterSeeker.UACBypass.34e95470e9903458a022ccd394663e7c => D:\Karol\Archive\1. Extensions\Software\installers\search engines\MasterSeeker1.5.1\MasterSeeker.exe
Task: {F5EAA833-79BA-4274-8431-C427DC14923D} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {FA4D6466-39DD-46B7-850E-A55EE0023061} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.38 213.46.172.39
Tcpip\..\Interfaces\{176d9214-02f7-4e63-9c0d-502a9c422f87}: [NameServer] 193.17.47.1,185.43.135.1
Tcpip\..\Interfaces\{2205f461-a79b-4c21-a3d6-5f9ff19b6685}: [NameServer] 193.17.47.1,185.43.135.1,192.168.0.1
Tcpip\..\Interfaces\{2205f461-a79b-4c21-a3d6-5f9ff19b6685}: [DhcpNameServer] 213.46.172.38 213.46.172.39
Tcpip\..\Interfaces\{8137f080-5f60-4f4e-96ea-55efe4e2b74c}: [NameServer] 193.17.47.1,185.43.135.1
Tcpip\..\Interfaces\{86177912-d0b5-40fe-8877-9d1e9dd6dcc6}: [NameServer] 193.17.47.1,185.43.135.1
Tcpip\..\Interfaces\{dac93b1d-61b9-4a71-8643-bf858b70ff4b}: [NameServer] 193.17.47.1,185.43.135.1
Tcpip\..\Interfaces\{f27690ee-9433-475b-863f-23634ed6d325}: [NameServer] 217.31.204.130,193.29.206.206
Tcpip\..\Interfaces\{fe8e91cf-fca4-4ebc-bda8-a69e9ca65b03}: [NameServer] 193.17.47.1,185.43.135.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Chuck\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-10]

FireFox:
========
FF DefaultProfile: ypbhsodm.default
FF ProfilePath: C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default [2021-04-10]
FF DownloadDir: C:\Users\Chuck\Desktop
FF Session Restore: Mozilla\Firefox\Profiles\ypbhsodm.default -> is enabled.
FF Extension: (All Aboard) - C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default\Extensions\@all-aboard-v1-5.xpi [2017-07-04] [Legacy]
FF Extension: (No Name) - C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-02-02]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2019-03-14] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-2887156172-1520988294-1417751805-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chuck\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies SF -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2887156172-1520988294-1417751805-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Karol\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01]

Vivaldi:
=======
VIV Profile: C:\Users\Chuck\AppData\Local\Vivaldi\User Data\Default [2021-04-22]
VIV Extension: (Adobe Acrobat) - C:\Users\Chuck\AppData\Local\Vivaldi\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-08-10]
VIV Extension: (Chrome Media Router) - C:\Users\Chuck\AppData\Local\Vivaldi\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83984 2018-02-09] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122736 2017-03-25] (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.)
R2 Everything; C:\Program Files\Everything\Everything.exe [2197608 2017-06-07] (David Carpenter -> )
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [6435880 2019-10-31] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [8704 2019-04-14] (StagWare) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [332264 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-23] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-23] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 ampa; C:\Windows\system32\ampa.sys [19568 2015-11-10] (ChengDu AoMei Tech Co., Ltd -> ) [File not signed]
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [38320 2016-12-23] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-09-20] (Bitdefender SRL -> BitDefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 nusb3hub; C:\WINDOWS\system32\drivers\nusb3hub.sys [78848 2010-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nusb3xhc; C:\WINDOWS\system32\drivers\nusb3xhc.sys [180224 2010-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192504 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [543744 2012-10-24] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [66520 2018-08-07] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-12] (Microsoft Windows -> Microsoft Corporation)
R1 WinRing0_1_2_0; C:\Program Files (x86)\NoteBook FanControl\WinRing0x64.sys [14544 2021-04-10] (Noriyuki MIYAZAKI -> OpenLibSys.org)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2019-05-03] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-04 14:36 - 2021-05-04 14:40 - 000035233 _____ C:\Users\Karol\Desktop\FRST.txt
2021-05-04 14:27 - 2021-05-04 14:28 - 002298368 _____ (Farbar) C:\Users\Karol\Desktop\FRST64.exe
2021-04-12 21:38 - 2021-04-26 11:51 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d72e29197199da
2021-04-10 20:56 - 2021-04-10 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteBook FanControl
2021-04-10 20:56 - 2021-04-10 20:56 - 000000000 ____D C:\Program Files (x86)\NoteBook FanControl
2021-04-10 20:32 - 2021-04-10 20:32 - 000000020 ___SH C:\Users\Karol\ntuser.ini
2021-04-10 20:27 - 2021-04-10 20:27 - 000000949 _____ C:\Users\Chuck\Desktop\Sandboxed Web Browser.lnk
2021-04-10 20:27 - 2021-04-10 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2021-04-10 20:09 - 2021-04-10 20:09 - 000000000 ____D C:\Users\Chuck\AppData\Local\PlaceholderTileLogoFolder
2021-04-10 20:04 - 2021-04-10 20:04 - 000000020 ___SH C:\Users\Chuck\ntuser.ini
2021-04-10 19:16 - 2021-04-10 19:16 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2887156172-1520988294-1417751805-500
2021-04-10 19:15 - 2021-04-29 00:31 - 000003354 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2887156172-1520988294-1417751805-1001
2021-04-10 19:15 - 2021-04-21 10:57 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-10 19:15 - 2021-04-21 10:57 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-10 19:15 - 2021-04-10 19:16 - 000003328 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{718AEF67-758E-4F0B-8548-2EE7294EE2A7}
2021-04-10 19:15 - 2021-04-10 19:16 - 000002770 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2021-04-10 19:15 - 2021-04-10 19:16 - 000002514 _____ C:\WINDOWS\system32\Tasks\MasterSeeker.UACBypass.34e95470e9903458a022ccd394663e7c
2021-04-10 19:15 - 2021-04-10 19:16 - 000002246 _____ C:\WINDOWS\system32\Tasks\{26D164E1-B8C8-4567-9727-7101BBC0AB8E}
2021-04-10 19:15 - 2021-04-10 19:15 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-04-10 19:15 - 2021-04-10 19:15 - 000003042 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-04-10 19:15 - 2021-04-10 19:15 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2887156172-1520988294-1417751805-1000
2021-04-10 19:15 - 2021-04-10 19:15 - 000002622 _____ C:\WINDOWS\system32\Tasks\MasterSeeker.UACBypass.40a67d949b950387fa2284792b5effc7
2021-04-10 19:15 - 2021-04-10 19:15 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-04-10 19:15 - 2021-04-10 19:15 - 000002590 _____ C:\WINDOWS\system32\Tasks\MasterSeeker.UACBypass.1ee7473df8f6351c77699e1d8f3d0494
2021-04-10 19:15 - 2021-04-10 19:15 - 000002528 _____ C:\WINDOWS\system32\Tasks\DisableLockScreen
2021-04-10 19:15 - 2021-04-10 19:15 - 000002298 _____ C:\WINDOWS\system32\Tasks\{87A5FB26-48A3-4A66-AA52-8D3A83794FE6}
2021-04-10 19:15 - 2021-04-10 19:15 - 000002264 _____ C:\WINDOWS\system32\Tasks\{768B319C-4286-4539-9A64-D45279719C54}
2021-04-10 19:15 - 2021-04-10 19:15 - 000002240 _____ C:\WINDOWS\system32\Tasks\{C38DECD5-4820-4B6F-8E4A-1F2445C4096C}
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-2887156172-1520988294-1417751805-1001
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-2887156172-1520988294-1417751805-1000
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\OfficeSoftwareProtectionPlatform
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\My Tasks
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-04-10 19:12 - 2021-04-10 19:14 - 000019053 _____ C:\WINDOWS\diagwrn.xml
2021-04-10 19:12 - 2021-04-10 19:14 - 000019053 _____ C:\WINDOWS\diagerr.xml
2021-04-10 19:08 - 2021-04-10 19:19 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-04-10 19:08 - 2021-04-10 19:08 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2021-04-10 19:00 - 2021-04-10 19:00 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-04-10 18:49 - 2021-04-27 20:53 - 002847556 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-10 18:38 - 2021-04-10 18:38 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-04-10 18:38 - 2021-04-10 18:38 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-04-10 18:38 - 2021-04-10 18:38 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-04-10 18:37 - 2021-04-10 18:37 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-04-10 18:37 - 2021-04-10 18:37 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-04-10 18:37 - 2021-04-10 18:37 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-04-10 18:37 - 2021-04-10 18:37 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-04-10 18:37 - 2021-04-10 18:37 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-04-10 18:37 - 2021-04-10 18:37 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-04-10 18:37 - 2021-04-10 18:37 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-04-10 18:37 - 2021-04-10 18:37 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-04-10 18:37 - 2021-04-10 18:37 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-04-10 18:36 - 2021-04-10 18:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-04-10 18:36 - 2021-04-10 18:36 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-04-10 18:36 - 2021-04-10 18:36 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-04-10 18:36 - 2021-04-10 18:36 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-04-10 18:36 - 2021-04-10 18:36 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-04-10 18:36 - 2021-04-10 18:36 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-04-10 18:36 - 2021-04-10 18:36 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-04-10 18:36 - 2021-04-10 18:36 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-04-10 18:36 - 2021-04-10 18:36 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-10 18:35 - 2021-04-10 18:35 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-04-10 18:35 - 2021-04-10 18:35 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-04-10 18:35 - 2021-04-10 18:35 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-04-10 18:35 - 2021-04-10 18:35 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-04-10 18:34 - 2021-04-10 18:34 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-04-10 18:34 - 2021-04-10 18:34 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-04-10 18:34 - 2021-04-10 18:34 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-04-10 18:34 - 2021-04-10 18:34 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-10 18:34 - 2021-04-10 18:34 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-04-10 18:33 - 2021-04-10 18:33 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-04-10 18:33 - 2021-04-10 18:33 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-04-10 18:33 - 2021-04-10 18:33 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-04-10 18:33 - 2021-04-10 18:33 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-04-10 18:33 - 2021-04-10 18:33 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-04-10 18:33 - 2021-04-10 18:33 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-04-10 18:33 - 2021-04-10 18:33 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-04-10 18:32 - 2021-04-10 18:32 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-04-10 18:32 - 2021-04-10 18:32 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-10 18:32 - 2021-04-10 18:32 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-04-10 18:32 - 2021-04-10 18:32 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-04-10 18:32 - 2021-04-10 18:32 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-04-10 18:32 - 2021-04-10 18:32 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-04-10 18:32 - 2021-04-10 18:32 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-04-10 18:32 - 2021-04-10 18:32 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-04-10 18:32 - 2021-04-10 18:32 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-04-10 18:31 - 2021-04-10 18:31 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-04-10 18:31 - 2021-04-10 18:31 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-10 18:31 - 2021-04-10 18:31 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-04-10 18:31 - 2021-04-10 18:31 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-04-10 18:30 - 2021-04-29 00:29 - 000002377 _____ C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-10 18:30 - 2021-04-10 20:32 - 000000000 ____D C:\Users\Karol
2021-04-10 18:30 - 2021-04-10 20:04 - 000000000 ____D C:\Users\Chuck
2021-04-10 18:30 - 2021-04-10 18:57 - 000000000 ____D C:\Users\DefaultAppPool
2021-04-10 18:30 - 2021-04-10 18:57 - 000000000 ____D C:\Users\Administrator
2021-04-10 18:30 - 2021-04-10 18:30 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-04-10 18:30 - 2021-04-10 18:30 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-04-10 18:30 - 2021-04-10 18:30 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Šablony
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Soubory cookie
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Poslední
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Okolní tiskárny
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Okolní síť
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Nabídka Start
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Dokumenty
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Documents\Obrázky
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Documents\Hudba
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Documents\Filmy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\AppData\Local\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Šablony
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Soubory cookie
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Poslední
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Okolní tiskárny
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Okolní síť
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Nabídka Start
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Dokumenty
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Documents\Obrázky
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Documents\Hudba
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Documents\Filmy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\AppData\Local\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Šablony
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Soubory cookie
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Poslední
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Okolní tiskárny
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Okolní síť
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Nabídka Start
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Dokumenty
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Documents\Obrázky
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Documents\Hudba
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Documents\Filmy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Šablony
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Soubory cookie
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Poslední
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Okolní tiskárny
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Okolní síť
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Nabídka Start
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Dokumenty
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Documents\Obrázky
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Documents\Hudba
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Documents\Filmy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Data aplikací
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\AppData\Local\Data aplikací
2021-04-10 18:30 - 2019-12-07 11:10 - 000001105 _____ C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-10 18:30 - 2019-12-07 11:10 - 000001105 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-10 18:30 - 2019-12-07 11:10 - 000001105 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-10 18:29 - 2021-04-10 18:29 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-04-10 18:29 - 2021-04-10 18:29 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-04-10 18:29 - 2021-04-10 18:29 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-04-10 18:29 - 2021-04-10 18:29 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-04-10 18:29 - 2021-04-10 18:29 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-04-10 18:20 - 2021-05-01 12:32 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-10 17:57 - 2019-10-15 14:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-04-10 17:57 - 2019-04-18 19:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-04-10 17:47 - 2021-04-27 20:53 - 000808052 _____ C:\WINDOWS\system32\perfh015.dat
2021-04-10 17:47 - 2021-04-27 20:53 - 000163116 _____ C:\WINDOWS\system32\perfc015.dat
2021-04-10 17:47 - 2021-04-10 17:47 - 000343212 _____ C:\WINDOWS\system32\perfi015.dat
2021-04-10 17:47 - 2021-04-10 17:47 - 000041370 _____ C:\WINDOWS\system32\perfd015.dat
2021-04-10 17:47 - 2021-04-10 17:47 - 000000000 ____D C:\WINDOWS\SysWOW64\pl
2021-04-10 17:47 - 2021-04-10 17:47 - 000000000 ____D C:\WINDOWS\system32\pl
2021-04-10 17:20 - 2021-04-10 17:47 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\WINDOWS\system32\msmq
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\Program Files\MSBuild
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\inetpub

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-04 14:47 - 2020-04-05 14:45 - 000000000 ____D C:\Users\Karol\AppData\Local\JDownloader 2.0
2021-05-04 14:38 - 2015-09-07 23:48 - 000000000 ____D C:\FRST
2021-05-04 14:35 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-04 13:41 - 2016-12-23 14:41 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Everything
2021-05-04 12:28 - 2018-02-06 00:06 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Thunderbird
2021-05-04 12:28 - 2015-08-17 00:23 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Mozilla
2021-05-04 01:46 - 2020-11-19 00:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-03 23:20 - 2019-09-24 12:30 - 000000374 _____ C:\Users\Karol\.vivaldi_reporting_data
2021-05-03 22:16 - 2019-10-03 21:17 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-05-03 16:03 - 2016-01-22 14:52 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\FreeFileSync
2021-05-03 00:56 - 2017-05-29 11:35 - 000000000 ____D C:\ProgramData\NbfcService
2021-05-02 11:43 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-01 12:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-01 12:32 - 2020-11-19 01:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-01 12:32 - 2017-04-25 01:36 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper
2021-05-01 12:32 - 2015-08-24 09:12 - 000000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2021-05-01 12:32 - 2015-08-17 21:09 - 000000000 ____D C:\ProgramData\VMware
2021-05-01 12:29 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-05-01 11:42 - 2020-11-19 01:32 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-30 00:04 - 2017-12-25 18:40 - 000000000 ____D C:\Users\Karol\AppData\Local\Packages
2021-04-29 00:30 - 2016-07-02 16:43 - 000000000 ___RD C:\Users\Karol\OneDrive
2021-04-27 20:53 - 2019-12-07 16:41 - 000783098 _____ C:\WINDOWS\system32\perfh005.dat
2021-04-27 20:53 - 2019-12-07 16:41 - 000172796 _____ C:\WINDOWS\system32\perfc005.dat
2021-04-27 20:53 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-26 11:51 - 2020-11-19 01:32 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-26 11:49 - 2017-12-25 21:36 - 000000000 ____D C:\Users\Karol\AppData\Roaming\NoteBookFanControl
2021-04-22 20:51 - 2020-06-14 01:46 - 000000374 _____ C:\Users\Chuck\.vivaldi_reporting_data
2021-04-16 20:50 - 2016-07-26 00:21 - 000000270 __RSH C:\ProgramData\ntuser.pol
2021-04-16 20:45 - 2016-12-23 14:41 - 000000000 ____D C:\Users\Karol\AppData\Local\Everything
2021-04-12 20:42 - 2020-11-19 01:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-11 11:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-04-11 11:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-04-11 00:05 - 2016-09-17 20:47 - 000001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2021-04-11 00:05 - 2016-09-17 20:47 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnk
2021-04-11 00:05 - 2015-09-01 20:33 - 000000000 ____D C:\Program Files\FreeFileSync
2021-04-10 20:57 - 2016-07-02 15:02 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-10 20:51 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-04-10 20:34 - 2020-11-19 01:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-04-10 20:34 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-10 20:34 - 2017-12-25 19:42 - 000000000 ___RD C:\Users\Karol\3D Objects
2021-04-10 20:32 - 2017-01-06 18:25 - 000000000 ____D C:\Users\Chuck\AppData\Local\Everything
2021-04-10 20:32 - 2016-12-27 21:36 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Everything
2021-04-10 20:32 - 2016-07-13 23:40 - 000014744 _____ C:\WINDOWS\Sandboxie.ini
2021-04-10 20:31 - 2017-12-25 18:43 - 000000000 ____D C:\Users\Chuck\AppData\Local\Packages
2021-04-10 20:31 - 2016-11-30 14:36 - 000000000 ____D C:\Users\Chuck\AppData\LocalLow\Mozilla
2021-04-10 20:27 - 2015-09-09 10:44 - 000000000 ____D C:\Program Files\Sandboxie
2021-04-10 20:12 - 2019-01-30 13:26 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-10 20:10 - 2015-08-16 20:23 - 000000000 ____D C:\Users\Chuck\AppData\Local\VirtualStore
2021-04-10 20:06 - 2017-12-25 19:22 - 000000000 ___RD C:\Users\Chuck\3D Objects
2021-04-10 19:20 - 2019-12-07 11:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-04-10 19:19 - 2021-01-27 13:04 - 000000000 ____D C:\WINDOWS\system32\Download
2021-04-10 19:19 - 2020-11-19 01:33 - 000000000 ____D C:\ProgramData\Packages
2021-04-10 19:19 - 2020-11-04 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-04-10 19:19 - 2019-12-07 11:18 - 000000000 ____D C:\WINDOWS\Setup
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 __SHD C:\Program Files\Windows Sidebar
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\IME
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\schemas
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-04-10 19:19 - 2019-06-19 12:58 - 000000000 ____D C:\Program Files\UNP
2021-04-10 19:19 - 2019-04-03 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-04-10 19:19 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-04-10 19:19 - 2019-01-05 02:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2021-04-10 19:19 - 2018-10-14 02:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-10 19:19 - 2018-08-18 01:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2021-04-10 19:19 - 2018-06-19 00:44 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-04-10 19:19 - 2018-06-10 01:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XiaoMiFlash
2021-04-10 19:19 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2021-04-10 19:19 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-04-10 19:19 - 2017-08-17 01:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2021-04-10 19:19 - 2017-04-25 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2021-04-10 19:19 - 2016-10-08 23:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2021-04-10 19:19 - 2016-10-08 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 12
2021-04-10 19:19 - 2016-08-10 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2021-04-10 19:19 - 2016-07-30 15:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2021-04-10 19:19 - 2016-05-16 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-04-10 19:19 - 2016-04-27 08:32 - 000000000 ____D C:\WINDOWS\ShellNew
2021-04-10 19:19 - 2016-04-11 10:21 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-04-10 19:19 - 2016-04-08 00:24 - 000000000 ____D C:\WINDOWS\system32\oodag
2021-04-10 19:19 - 2016-03-22 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2021-04-10 19:19 - 2016-03-19 00:42 - 000000000 ____D C:\WINDOWS\en
2021-04-10 19:19 - 2016-03-19 00:42 - 000000000 ____D C:\WINDOWS\cs
2021-04-10 19:19 - 2015-08-19 13:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2021-04-10 19:19 - 2015-08-18 12:23 - 000000000 ____D C:\WINDOWS\SysWOW64\SDA
2021-04-10 19:19 - 2009-07-14 05:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-04-10 19:18 - 2019-12-07 11:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-04-10 19:18 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-04-10 19:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-10 19:15 - 2020-11-19 01:32 - 000003286 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-10 19:15 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows NT
2021-04-10 19:15 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-04-10 19:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Registration
2021-04-10 19:11 - 2018-01-18 00:07 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2021-04-10 19:10 - 2016-07-02 15:26 - 000023020 _____ C:\WINDOWS\system32\emptyregdb.dat
2021-04-10 19:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Resources
2021-04-10 19:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Help
2021-04-10 19:08 - 2019-11-09 01:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2021-04-10 19:08 - 2019-04-04 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2021-04-10 19:08 - 2017-04-07 20:37 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2021-04-10 19:08 - 2017-04-07 20:35 - 000000000 ____D C:\Program Files\Synaptics
2021-04-10 19:08 - 2016-03-15 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\installed apps
2021-04-10 19:08 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files\Microsoft Games
2021-04-10 18:58 - 2019-12-07 11:14 - 000000000 __RSD C:\WINDOWS\Media
2021-04-10 18:55 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-10 18:54 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-04-10 18:54 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\IME
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-04-10 18:54 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-10 18:41 - 2020-04-05 14:48 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2021-04-10 18:41 - 2019-12-18 01:19 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Calendar
2021-04-10 18:41 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-04-10 18:41 - 2018-10-28 21:20 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XYplorer
2021-04-10 18:41 - 2018-03-25 15:44 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2021-04-10 18:41 - 2017-06-07 12:51 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2021-04-10 18:41 - 2017-05-09 15:14 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2021-04-10 18:41 - 2016-12-27 21:52 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2021-04-10 18:41 - 2016-10-08 20:20 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
2021-04-10 18:37 - 2017-12-25 18:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2021-04-10 18:36 - 2019-11-17 22:26 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wReplace
2021-04-10 18:32 - 2016-03-11 16:07 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Apps
2021-04-10 18:29 - 2020-11-19 01:32 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-10 18:28 - 2018-07-04 15:11 - 000001727 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Premium Sound.lnk
2021-04-10 18:21 - 2020-11-19 00:29 - 000457224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-10 18:07 - 2019-12-07 16:43 - 000000000 ____D C:\WINDOWS\OCR
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-04-10 17:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-04-10 17:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-04-10 17:20 - 2019-12-07 11:10 - 001421824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2021-04-10 17:20 - 2019-12-07 11:10 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2021-04-10 17:20 - 2019-12-07 11:10 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2021-04-10 17:20 - 2019-12-07 11:10 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2021-04-10 17:20 - 2019-12-07 11:10 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2021-04-10 17:20 - 2019-12-07 11:10 - 000009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2021-04-10 17:20 - 2019-12-07 11:10 - 000009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2021-04-10 17:19 - 2019-12-07 11:10 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2021-04-10 17:19 - 2019-12-07 11:10 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2021-04-10 17:19 - 2019-12-07 11:10 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2021-04-10 13:31 - 2016-11-30 12:49 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2021-04-10 02:29 - 2020-11-08 02:56 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-10 02:29 - 2009-07-14 04:34 - 000000478 _____ C:\WINDOWS\win.ini
2021-04-09 22:32 - 2010-11-21 05:27 - 000799104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories ========

2019-01-07 02:22 - 2019-01-07 02:22 - 000000000 _____ () C:\Users\Chuck\AppData\Local\oobelibMkey.log
2016-05-14 23:27 - 2018-01-28 02:26 - 000007608 _____ () C:\Users\Chuck\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

FRST  Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Chuck (04-05-2021 14:49:17)
Running from C:\Users\Karol\Desktop
Windows 10 Home Version 20H2 19042.867 (X64) (2021-04-10 17:16:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2887156172-1520988294-1417751805-500 - Administrator - Disabled) => C:\Users\Administrator
Chuck (S-1-5-21-2887156172-1520988294-1417751805-1000 - Administrator - Enabled) => C:\Users\Chuck
DefaultAccount (S-1-5-21-2887156172-1520988294-1417751805-503 - Limited - Disabled)
Guest (S-1-5-21-2887156172-1520988294-1417751805-501 - Limited - Disabled)
Karol (S-1-5-21-2887156172-1520988294-1417751805-1001 - Limited - Enabled) => C:\Users\Karol
WDAGUtilityAccount (S-1-5-21-2887156172-1520988294-1417751805-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
ABBYY FineReader 12 Corporate (HKLM-x32\...\{F12000CE-0001-0000-0000-074957833700}) (Version: 12.1.609 - ABBYY Production LLC)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{36381D51-CC5E-4698-A0CC-E939C75EC9D8}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.10 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Shockwave Player 12.3 (HKLM-x32\...\{4487064C-F31E-4499-A1EF-9B8E809A0358}) (Version: 12.3.5.205 - Adobe, Inc)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
Alcatel onetouch Manager (HKLM-x32\...\{773A349F-182A-0200-0000-000000000000}) (Version: 13.09.2754 - Mobile Action)
AMD Catalyst Install Manager (HKLM\...\{FE960639-C7F8-5888-3CB2-68823485A9C0}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version: - )
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant Standard Edition 6.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
AOMEI PE Builder 1.4 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5566909D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Aspell Czech Dictionary-0.50-2 (HKLM-x32\...\Aspell Czech Dictionary_is1) (Version: - GNU)
Backup and Sync from Google (HKLM\...\{3CBE1074-3A4F-4BA6-95E3-7A660B54FE33}) (Version: 3.55.3625.9414 - Google, Inc.)
Balíček ovladače systému Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Driver (HKLM-x32\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version: - TCL Commumication Technology Holdings Limited)
Everything 1.4.1.877 (x64) (HKLM\...\Everything) (Version: 1.4.1.877 (x64) - David Carpenter)
FeedDemon (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\FeedDemon_is1) (Version: 4.5.0.0 - NewsGator Technologies, Inc.)
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreeFileSync 11.9 (HKLM-x32\...\FreeFileSync_is1) (Version: 11.9 - FreeFileSync.org)
GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version: - GNU)
Google Calendar Backup Utility (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\389f93cb6637d3c1) (Version: 1.0.0.4 - Google Calendar)
GPL Ghostscript 8.63 (HKLM-x32\...\GPL Ghostscript 8.63) (Version: - )
GTD Timer (HKLM-x32\...\{4C1F2B9C-9005-441A-B39B-04C0147A0ABF}) (Version: 2012.12.11.120 - ProductivityScientific.com)
HP 3D DriveGuard (HKLM\...\{04927A60-31CD-4614-A25C-055B1AD3A8CE}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{48D74C03-3D33-4A7E-9D93-A59FE58C1DEA}) (Version: 2.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{3DFFDA17-EE5C-4C09-AB0B-29CD4A9E6C9C}) (Version: 12.10.49.21 - HP)
I-Doser Premium (HKLM-x32\...\I-Doser) (Version: 5.0 - I-Doser.com)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
LAV Filters 0.74.1 (HKLM-x32\...\laVodafoneilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Macrium Reflect Free Edition (HKLM\...\{5037EDD4-FD4D-43EC-8BBA-BE93D60FCCEA}) (Version: 7.2.4524 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.2 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2887156172-1520988294-1417751805-500\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MiPony 2.3.2 (HKLM-x32\...\MiPony) (Version: 2.3.2 - )
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 85.0 (x64 en-US) (HKLM\...\Mozilla Firefox 85.0 (x64 en-US)) (Version: 85.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 85.0.0.7688 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.8 - F.J. Wechselberger)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NoteBook FanControl (HKLM-x32\...\{6ccab7ac-feb0-4395-97e3-75cd6f6c407b}) (Version: 1.6.3.0 - Stefan Hirschmann - StagWare)
NoteBook FanControl (HKLM-x32\...\{C027E819-C64C-443E-B6D5-755FE4A7A925}) (Version: 1.6.3.0 - Stefan Hirschmann - StagWare) Hidden
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.2.8.1 - Duodian Technology Co. Ltd.)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 13.0 - PlotSoft LLC)
Polski (Akcent) (HKLM\...\{E09BE865-9D80-4440-A740-B1E620ABCC7C}) (Version: 1.0.3.40 - FontyPL)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.83.328.2014 - Realtek)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Sandboxie 5.49.0 (64-bit) (HKLM\...\Sandboxie) (Version: 5.49.0 - sandboxie-plus.com)
Screencast-O-Matic v2.0 (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Screencast-O-Matic v2.0) (Version: v2-1.8 - Screencast-O-Matic)
Skype verze 8.66 (HKLM-x32\...\Skype_is1) (Version: 8.66 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
Tempus 1.6.0 (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\daf97551-8b86-5eb9-af1a-781f2e64e703) (Version: 1.6.0 - Keziah Moselle)
TeraCopy version 3.26 (HKLM\...\TeraCopy_is1) (Version: 3.26 - Code Sector)
Unity Web Player (HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0405-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VdhCoApp 1.6.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Vivaldi (HKLM-x32\...\Vivaldi) (Version: 2.11.1811.47 - Vivaldi Technologies AS.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
wReplace 1.2 Free (HKLM-x32\...\wReplace) (Version: 1.2 Free - SharkTime.com)
XiaoMiFlash (HKLM-x32\...\{17027A8C-4379-424D-9236-075003273CE3}) (Version: 1.1.4 - XiaoMi)
Zen Focus 2.1.0 (only current user) (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\c677a390-e872-5285-bff8-d982a2943b74) (Version: 2.1.0 - builtwithluv)

Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.180.400.0_x86__kgqvnymyfvs32 [2020-11-08] (king.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-04-10] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2021-04-10] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-11-08] (Microsoft Corporation) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-10-04] (Twitter Inc.)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2016-07-02] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> D:\Karol\Archive\1.Extensions\Software\Portable\x32\Audio+Video\info\MediaInfo_20.03\MediaInfo_InfoTip.dll (MediaArea.net -> MediaArea.net)
CustomCLSID: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001_Classes\CLSID\{930e604a-cc01-4d06-8d7a-5a07914f3afb}\localserver32 -> "C:\Program Files\TechSmith\Camtasia 2019\CamtasiaStudio.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2016-01-20] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2018-08-07] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2018-08-07] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2016-01-20] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2020-04-05 14:45 - 2018-05-09 09:45 - 000142336 _____ () [File not signed] C:\Users\Karol\AppData\Local\JDownloader 2.0\.install4j\i4jinst.dll
2021-05-04 12:54 - 2021-05-04 12:54 - 000043520 _____ () [File not signed] C:\Users\Karol\AppData\Local\Temp\proxy_vole3513242259177334774.dll
2012-04-11 10:40 - 2012-04-11 10:40 - 000067584 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.dll
2017-04-25 01:36 - 2015-05-21 14:32 - 002403504 _____ (Aomei Technology Co., Limited -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2017-04-25 01:36 - 2015-05-21 14:32 - 000068784 _____ (Aomei Technology Co., Limited -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\AOMEI Backupper\vcomp.dll
2012-03-14 14:44 - 2012-03-14 14:44 - 000006656 _____ (Hewlett-Packard Company) [File not signed] [File is in use] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\cs\HandlersStrings.resources.dll
2021-03-31 12:39 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-05-04 12:55 - 2021-05-04 12:55 - 000216576 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Users\Karol\AppData\Local\JDownloader 2.0\tmp\jna\jna8151142547056323169.dll
2018-05-06 00:49 - 2017-09-27 17:30 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\Newtonsoft.Json.dll
2018-05-06 00:49 - 2018-01-26 17:08 - 000088064 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppCollect.dll
2018-05-06 00:49 - 2018-01-26 17:08 - 000200192 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppCommon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE00
SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE00
SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001 -> DefaultScope {273ED82A-91CB-41D1-AED1-EB3976BC5C24} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE00
SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001 -> {273ED82A-91CB-41D1-AED1-EB3976BC5C24} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxps://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1439752415659
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-15 14:25 - 2019-01-09 16:32 - 000000832 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\WINDOWS\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\Chuck\AppData\Local\Microsoft\WindowsApps;C:\adb;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\NoteBook FanControl\
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\Control Panel\Desktop\\Wallpaper -> D:\Karol\Archive\1.Extensions\Pictures\noneducation\windows\my wallpapers\w7\w7 original.jpg
HKU\S-1-5-21-2887156172-1520988294-1417751805-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 193.17.47.1 - 185.43.135.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 4: VMware Bridge Protocol -> vmware_bridge (disabled)
Ethernet 3: VMware Bridge Protocol -> vmware_bridge (enabled)
Wi-Fi 2: VMware Bridge Protocol -> vmware_bridge (enabled)
Ethernet 5: VMware Bridge Protocol -> vmware_bridge (disabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Bonus.SSR.FR12"
HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\StartupApproved\StartupFolder: => "Odeslat do OneNote.lnk"
HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{E4E5B7BA-3805-4503-87D2-3132E6D2A58D}C:\program files\freefilesync\bin\freefilesync_x64.exe] => (Allow) C:\program files\freefilesync\bin\freefilesync_x64.exe (Florian BAUER -> FreeFileSync.org)
FirewallRules: [TCP Query User{4A845E45-69D2-460E-8077-8F64267454F1}C:\program files\freefilesync\bin\freefilesync_x64.exe] => (Allow) C:\program files\freefilesync\bin\freefilesync_x64.exe (Florian BAUER -> FreeFileSync.org)
FirewallRules: [{1B18EE24-2C06-4389-A621-8728598A755E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E3C5F5D6-E1CF-4795-AA71-65869D5CABBF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{28DB69DC-CB76-4500-87BF-E513E5A60372}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6FFE87D3-D49E-4F9E-BD2F-12D05D8ADA86}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DFBCE3C0-69C5-4F27-9437-BCFB56D1BCB6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{04B41ED7-C243-4588-85C4-0E994E7BDAB6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7F4DEC00-723A-457D-9715-E56615B2695C}] => (Allow) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [UDP Query User{6C325D68-4916-4008-8465-4211042665C7}D:\karol\archive\1.extensions\software\portable\x32\documents\editors\text editors\qownnotesportable\app\qownnotes\qownnotes.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\documents\editors\text editors\qownnotesportable\app\qownnotes\qownnotes.exe () [File not signed]
FirewallRules: [TCP Query User{A20F3443-19FA-464E-AA3A-C3A4FBB76C47}D:\karol\archive\1.extensions\software\portable\x32\documents\editors\text editors\qownnotesportable\app\qownnotes\qownnotes.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\documents\editors\text editors\qownnotesportable\app\qownnotes\qownnotes.exe () [File not signed]
FirewallRules: [UDP Query User{27812ED6-66BF-454E-AD15-F77FB3C305BC}D:\karol\project\now\topics\download\books\must organize\books\qownnotesportable\app\qownnotes\qownnotes.exe] => (Allow) D:\karol\project\now\topics\download\books\must organize\books\qownnotesportable\app\qownnotes\qownnotes.exe => No File
FirewallRules: [TCP Query User{DC10A911-B724-4E5F-AFF9-41839313603C}D:\karol\project\now\topics\download\books\must organize\books\qownnotesportable\app\qownnotes\qownnotes.exe] => (Allow) D:\karol\project\now\topics\download\books\must organize\books\qownnotesportable\app\qownnotes\qownnotes.exe => No File
FirewallRules: [UDP Query User{A57FB4D8-CEFE-4323-B466-1ED362B05D23}C:\users\karol\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\karol\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [TCP Query User{6CBC343A-B32D-4D27-A2C2-B445DC9379F0}C:\users\karol\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\karol\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{67E623D5-8528-48E5-B9CD-AE26DA2CB7CB}D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [TCP Query User{24699CC1-04A2-4586-85D8-83E3F84EFF6F}D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [UDP Query User{54958B7C-7557-4697-84B8-891ACF08EB05}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7A2FA0FE-DBC9-4154-AD4A-14E565D52C61}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8B7544A2-FBF3-46B1-BBC4-F85A3049F987}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{9C381A54-BD38-4707-9A66-D27E20E38568}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{65C21616-EA67-4E69-8B72-38EE08040D32}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2C808EAA-9C68-4049-90F3-2B73FEE9989B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AB768007-57F7-4EF1-89C4-CD6C24DA582E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EFE4330E-6A08-4B94-993D-2F67870CBDB6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{89491690-4B23-44A3-AF35-3C2D443A2048}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{FAAE1722-9134-4B17-9AB7-D254CC7C32CB}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [UDP Query User{3818F6ED-4C81-4908-B727-F7071A9E8361}D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe => No File
FirewallRules: [TCP Query User{D02DD2EF-3E80-42BC-9538-69EDF73EFBAD}D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe => No File
FirewallRules: [{F59B8B16-EA7C-4B1C-80FC-F0BB5D7239A2}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe => No File
FirewallRules: [{10F4E470-356D-43E2-B8D7-0CFB3C53C4F1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe => No File
FirewallRules: [{F303C763-78E7-42E0-8B0A-0BA41BF8E80A}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{1A027C43-B62B-4969-A6DC-D00355C0416B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [TCP Query User{4A05A816-D0A7-48B4-B6FE-289F1E4B4F1D}D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe => No File
FirewallRules: [UDP Query User{960A5B42-93A4-4471-9FC7-75D4A1890D36}D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe => No File
FirewallRules: [TCP Query User{78400E23-FE93-4B87-B1BF-B216E5B9D867}D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe => No File
FirewallRules: [UDP Query User{F6717485-41CA-49F9-909F-3DD4008F491C}D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe => No File
FirewallRules: [{C003F9D7-46D5-4620-B8D0-EA49F30B01FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{31AA79F8-C91F-4D9D-8600-74FFF9533DAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{11B7DD5C-8429-462A-A840-76ABDA17496D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{543D5401-8678-409B-A2AD-734E7390AE24}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{B62F5544-D1D4-4248-812D-38A79BA37B42}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [{313580C3-6999-4612-B419-4C42088889AA}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [TCP Query User{E464F73B-75D6-4D10-9EE8-0F9BA808C812}D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [UDP Query User{DF5EE57A-7663-486A-9C48-223AF1AA996B}D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [TCP Query User{EAAE6AE0-3AAC-452D-9E19-62B4A95A8E50}D:\karol\archive\1.extensions\software\portable\x32\rss\opml\opml\opml.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\rss\opml\opml\opml.exe (Scripting News, Inc) [File not signed]
FirewallRules: [UDP Query User{4ED501D0-A4B7-4C05-9A67-CC5E9A2B6CD1}D:\karol\archive\1.extensions\software\portable\x32\rss\opml\opml\opml.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\rss\opml\opml\opml.exe (Scripting News, Inc) [File not signed]
FirewallRules: [TCP Query User{FE1E3327-D1CB-4F53-8361-4FC91A72CF96}C:\users\karol\desktop\rss\editor\opml\opml.exe] => (Allow) C:\users\karol\desktop\rss\editor\opml\opml.exe => No File
FirewallRules: [UDP Query User{DC834467-23B4-40DE-89CF-7A9E7724C84B}C:\users\karol\desktop\rss\editor\opml\opml.exe] => (Allow) C:\users\karol\desktop\rss\editor\opml\opml.exe => No File
FirewallRules: [{B68FC80D-B466-4F33-A222-C7BE4DF964D6}] => (Allow) C:\Program Files\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{A7E785DE-5682-41F6-9EC4-A5E3938432BD}] => (Allow) C:\Program Files (x86)\\Bignox\\BigNoxVM\\RT\NoxVMHandle.exe (Nox Limited -> BigNox Corporation)
FirewallRules: [TCP Query User{DB0B30E2-359A-44CE-91F5-E9A681DDE53D}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A87C368B-EF03-4CCF-A3AA-3882B528498C}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe => No File
FirewallRules: [TCP Query User{C5AE4DA6-621D-400D-89A8-12A0EB1E525B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{2C5BAF74-347E-4989-B1BC-B80CDB4FAEC4}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/03/2021 03:49:16 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
Název modulu pro zápis: MSMQ Writer (MSMQ)
Název instance zapisovače: MSMQ Writer (MSMQ)
ID instance modulu pro zápis: {54656d95-eca2-476b-b64e-babf32f95ac3}

Error: (05/03/2021 03:49:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {d2f94383-f3a7-47a1-af34-75de1e866306}

Error: (05/02/2021 08:40:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
Název modulu pro zápis: MSMQ Writer (MSMQ)
Název instance zapisovače: MSMQ Writer (MSMQ)
ID instance modulu pro zápis: {54656d95-eca2-476b-b64e-babf32f95ac3}

Error: (05/02/2021 08:40:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {d2f94383-f3a7-47a1-af34-75de1e866306}

Error: (05/01/2021 09:00:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {d2f94383-f3a7-47a1-af34-75de1e866306}

Error: (05/01/2021 09:00:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
Název modulu pro zápis: MSMQ Writer (MSMQ)
Název instance zapisovače: MSMQ Writer (MSMQ)
ID instance modulu pro zápis: {54656d95-eca2-476b-b64e-babf32f95ac3}

Error: (05/01/2021 12:29:56 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
Description: Přístup k datům o výkonu byl odepřen pro uživatele SYSTEM (hodnota z GetUsera() pro běžící vlákno), když došlo k příslušnému pokusu z modulu C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (hodnota z GetModuleFileName() pro binární soubor, který vystavil dotaz).

Error: (04/30/2021 08:53:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
Název modulu pro zápis: MSMQ Writer (MSMQ)
Název instance zapisovače: MSMQ Writer (MSMQ)
ID instance modulu pro zápis: {41cc83d6-46af-446c-862a-d0f47de53b1c}


System errors:
=============
Error: (05/04/2021 01:02:06 PM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (05/04/2021 11:56:30 AM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/04/2021 11:56:30 AM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (05/04/2021 01:02:05 AM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

Error: (05/04/2021 12:59:23 AM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/03/2021 11:20:10 PM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/03/2021 10:11:43 PM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (05/03/2021 10:11:43 PM) (Source: DCOM) (EventID: 10001) (User: HP)
Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942667
při provádění příkazu:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca


Windows Defender:
================
Date: 2021-05-02 12:13:31
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {3AA02220-547F-4598-8C68-FF892A342137}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: HP\Karol

Date: 2021-05-02 11:47:18
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Tiggre!plock
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: containerfile:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar; file:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar->xplorer2.Pro.Ult.4.4.0.1.KaranPC\X24LG.1.1.zip->LicGen.exe; webfile:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar|http://51.15.165.169/karanpc.com/cloud/ ... 4205517669
Původ detekce: Internet
Typ detekce: Konkrétní
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: HP\Karol
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.337.336.0, AS: 1.337.336.0, NIS: 1.337.336.0
Verze modulu: AM: 1.1.18100.5, NIS: 1.1.18100.5

Date: 2021-05-02 20:44:04
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.337.336.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18100.5
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2021-04-30 20:56:51
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.337.186.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18100.5
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2021-04-26 21:38:48
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.1700.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2021-04-22 20:39:29
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.1334.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80072f78
Popis chyby: Server vrátil neplatnou nebo nerozpoznatelnou odezvu.

Date: 2021-04-22 20:39:29
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.1334.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80072f78
Popis chyby: Server vrátil neplatnou nebo nerozpoznatelnou odezvu.

==================== Memory info ===========================

BIOS: Hewlett-Packard 68CPC Ver. F.40 03/11/2013
Motherboard: Hewlett-Packard 168B
Processor: AMD A6-3420M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 84%
Total physical RAM: 3552.11 MB
Available physical RAM: 554.19 MB
Total Virtual: 7136.11 MB
Available Virtual: 1654.96 MB

==================== Drives ================================

Drive 😄 (WINDOWS+APPS) (Fixed) (Total:151.03 GB) (Free:47.75 GB) NTFS
Drive d: (MY DATA) (Fixed) (Total:424.7 GB) (Free:23.2 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:15.15 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.99 GB) (Free:4.98 GB) FAT32

\\?\Volume{27ffcf37-4440-11e5-a4d0-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: E920C45C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=575.7 GB) - (Type=0F Extended)
Partition 3: (Not Active) - (Size=15.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End of Addition.txt =======================

 

Odkaz ke komentáři
Sdílet na ostatní stránky

Uff, tam toho je. Dám to dohromady zítra s čistou hlavou, něco málo odpovím rovnou do SZ.

 

@freekarol Koukám, že stále řešíš s Rudym, nechám tě v jeho rukách, ať se v tom nepřekrýváme. Už to dle diskuze na viry.cz je pročištěné 🙂 

 

https://forum.viry.cz/viewtopic.php?f=13&t=158059&p=1541490

  • Super
  • Premium 5G
  • 18+
  • Vodafone Station WiFi 6
  • Brüx
  • Speedtest
Odkaz ke komentáři
Sdílet na ostatní stránky

Návštěvník freekarol

Jo, jo, Rudy se mi podíval na notebook, pročistil a teď zbývá ještě počítač. Tak doufám, že pak už to Vodafonu nebude stále hlásit, že jsem něčím infikovaný. 

Odkaz ke komentáři
Sdílet na ostatní stránky

před 16 hodinami, freekarol napsal:

Date: 2021-05-02 11:47:18
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Tiggre!plock
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: containerfile:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar; file:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar->xplorer2.Pro.Ult.4.4.0.1.KaranPC\X24LG.1.1.zip->LicGen.exe; webfile:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar|http://51.15.165.169/karanpc.com/cloud/ ... 4205517669
Původ detekce: Internet
Typ detekce: Konkrétní
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: HP\Karol
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.337.336.0, AS: 1.337.336.0, NIS: 1.337.336.0
Verze modulu: AM: 1.1.18100.5, NIS: 1.1.18100.5

Žádná infekce?

  • 500 Mb/s
  • -
  • Komfort
  • Modem Compal (černý), CA modul
  • Ústí nad Labem
Odkaz ke komentáři
Sdílet na ostatní stránky

Návštěvník freekarol

Podle všeho ne. Nějaká preventivní varování jako třeba na MiPony, což je správce stahování, ale už hodně stará verze nepoužívaná, takže jsem to smazal. Nová verze by snad mohla mít v sobě nějaké pup. Nebo na stažený RAR soubor, neotevřený, protože virustotal oznámil možné riziko a Windows Defender ho stejně hodil do karantény. Uvidím jak na tom bude druhý počítač.

Odkaz ke komentáři
Sdílet na ostatní stránky

Návštěvník Pagan

Z mojí zkušenosti jsou často napadené AndroidTV boxy, starší routery a zařízení mikrotik. Jestli máte něco z tohohle na síti tak by nebylo na škodu zarybařit wiresharkem a odchytat si od čeho to chodí

Odkaz ke komentáři
Sdílet na ostatní stránky

Návštěvník freekarol

Vlastní router nemám, takže na vině buďto laptop, počítač a nebo mobily. Jelikož ale ani na jednom zařízení se už nějakou dobu nic neinstalovalo (protože potřebný software už tam je), tak by to musely udělat aktualizace OS a programů, aplikací.  V každém případě, si pro jistotu budu radši monitorovat, kam se co připojuje a pak už bude snazší dohledat, jaké zařízení dělá problémy. Technikovi stačilo poslat odkaz na forum viry,cz viz odkaz výše s tím, že pro mě nastaví výjimku, aby ke zablokování portů nedošlo.

Odkaz ke komentáři
Sdílet na ostatní stránky

Přidat se ke konverzaci

Přispívat můžete okamžitě a zaregistrovat se později. Pokud máte účet, přihlaste se a přispívejte pod Vaším účtem.
Poznámka: Váš příspěvek vyžaduje před zobrazením schválení moderátorem.

Návštěvník
Odpovědět na toto téma...

×   Vložit jako upravený text.   Obnovit formátování

  Pouze 75 emotikon je povoleno.

×   Váš odkaz byl automaticky vložen.   Místo toho zobrazit jako odkaz

×   Váš předchozí obsah byl obnoven.   Vyčistit editor

×   Nemůžete vložit obrázky přímo. Nahrajte nebo vložte obrázky z URL adresy.

  • Kdo si právě prohlíží tuto stránku   0 registrovaných uživatelů

    • Žádný registrovaný uživatel si neprohlíží tuto stránku
×
×
  • Vytvořit...