Návštěvník freekarol Odesláno 5. května 2021 Sdílet Odesláno 5. května 2021 Dostal jsem od Vodafone tento varovný email: Quote ---------- Původní e-mail ---------- Od: technicalhelpdesk@vodafone.com Komu: ****@seznam.cz Datum: 29. 4. 2021 14:16:08 Předmět: Vodafone bezpecnostni incident id #177693 Vážený zákazníku, dovolujeme si Vás tímto upozornit na pravděpodobné infikování některého z Vašich zařízení připojených do sítě Vodafone Czech Republic a. s. (dále jen "Vodafone") malwarem nebo virem. Abychom předešli zneužití, kvůli němuž by mohlo dojít k narušení bezpečnosti a dostupnosti veřejné komunikační sítě Vodafone včetně služeb elektronických komunikací poskytovaných prostřednictvím této sítě, vyzýváme Vás ke zjednání nezbytné nápravy. Odhalené zranitelnosti: Botnet - zjištěna infikace malwarem IP: 89.176.***.**, čas zjištění: 2021-04-26 00:40:03, incident č. 177693. Podle charakteru aktivity, která byla u Vás zjištěna, se některé Vaše zařízení připojené k Internetu pravděpodobně stalo obětí nákazy malwarem ze sítě botnet. Obecně se jedná o speciálně upravený škodlivý program instalovaný do zařízení zpravidla bez vědomí uživatele nebo z nepozornosti. Často je takto napadána výpočetní technika bez aktivní ochrany v reálném čase (chybí antiviry nebo jiný bezpečnostní program) nebo pravidelně aktualizovaného software. Někdy se malware šíří zneužitím obecně známé nevyřešené zranitelnosti v systémech. Po průniku infekce je aktivita programu řízena skrytě na dálku za účelem způsobení škody ostatním uživatelům veřejné sítě Internet, případně přímo Vám (z Vašeho zařízení se tak může stát nástroj pro rozesílání spamu, DDoS útoky na velké korporace nebo internetové služby, může dojít k odesílání citlivých dat uživatele apod.) Bližší informace o tomto typu nákazy získáte například zde: https://cs.wikipedia.org/wiki/Botnet Přestože je společnost Vodafone přesvědčena, že zmíněný nedostatek není způsoben z Vaší strany úmyslně, musíme Vás touto cestou upozornit a současně nabídnout pomoc. Pro odstranění výše uvedených zranitelností Vám doporučujeme zkontrolovat zabezpečení všech Vašich zařízení, které k internetu připojujete, prostřednictvím některého z dostupných antivirových programů (pro účely okamžité nápravy aktuálního bezpečnostního incidentu lze u řady z nich využít bezplatného zkušebního období, případně existují i zcela bezplatné verze). Příklad některých z nich uvádíme zde: Free Antivirus společnosti AVAST (pro PC s Windows a mobilní zařízení s Android OS a iOS, dostupný na https://www.avast.com/cs-cz/index) Malwarebytes Anti-Malware (vhodný pro odstraňování malware, pro PC a Mac a mobilní zařízení s Android OS, dostupný na https://www.malwarebytes.com/mwb-download/thankyou/) Norton Security společnosti Symantec (pro PC s Windows a mobilní zařízení s Android OS a iOS, zkušební verze, dostupná na https://cz.norton.com/downloads) Eset Family Security Pack (pro PC s Windows a mobilní zařízení s Android OS a iOS, zkušební verze, dostupná na https://www.eset.com/cz/domacnosti/family-security-pack/) Kaspersky Internet Security (pro PC s Windows a mobilní zařízení s Android OS a iOS, zkušební/placená verze, dostupná na https://www.kaspersky.cz/#compare-products) Potřebujete-li více informací s řešením výše uvedeného incidentu, kontaktuje prosím naše pracovníky technického oddělení pomocí e-mailu opravime@vodafone.com, případně na telefonním čísle +420 241 005 100. Při komunikaci s našimi pracovníky uvádějte prosím číslo incidentu 177693. Včasným odstraněním závadného stavu do 14 dnů od doručení tohoto sdělení předejdete situaci, při které bude společnost Vodafone nucena v souladu s Všeobecnými obchodními podmínkami omezit téměř veškerý odchozí provoz služeb. Bude povolena komunikace pouze na portech 80 (http), 443 (https), 110 (POP3), 143 (IMAP), 53 (DNS), 67 a 68 (DHCP). Pro zajištění přiměřené ochrany Vaší výpočetní techniky včetně uložených dat před útoky z internetu doporučujeme v budoucnu nepodceňovat význam placených antivirových programů nebo bezpečnostních balíků a instalovat je nejen na všechny Vaše počítače, ale také na mobilní zařízení, která využívají připojení k internetu (smartphony, tablety aj.), můžete tím omezit nebo vyloučit výskyt podobných bezpečnostních incidentů. Věříme, že výše uvedené sdělení, kterým se snažíme zamezit možné zneužití veřejné komunikační sítě Vodafone a jejich služeb, přijmete s pochopením, neboť tím bude zajištěna nejen bezpečnost Vaše, ale i všech ostatních uživatelů. S pozdravem Centrum technické podpory Vodafone Czech Republic a. s. tel: +420 241 005 100 email: opravime@vodafone.com Pak jsem dostal tyto doplňující informace: Quote Dobrý den, MAC adresu k dispozici nemáme, pouze tento výpis z logu: IP adresa89.176.***.** (rezident s dynamickou IP) Typ reportu Typbotnet drone PopisThis host is most likely infected with malware. Zdrojový port Cílové IP216.218.135.114 Cílový port80 Vím, jistě, že notebok a počítač, které jsou připojené do sítě Vodafone, ničím infikované nejsou, protože žádný podezřelý proces se Správci Úloh není. I tak jsem si nechal FRST a AdwCleaner proskenovat notebok a jak jsem očekával, žádná infekce. Bude oznámení o tomhle výsledku stačit, aby mi nezablokovali porty? Citovat Odkaz ke komentáři https://www.techforum.cz/topic/59893-vodafone-mi-ozn%C3%A1mil-%C5%BEe-jsem-v-botnetu/ Sdílet na ostatní stránky More sharing options...
Marek-26 Odesláno 5. května 2021 Sdílet Odesláno 5. května 2021 A log z FRST by byl? 🙂 Resp. oba. A když mi pošlete číslo smlouvy, můžu mrknout i na ten incident a zjistit k tomu něco bližšího. Citovat Super Premium 5G 18+ Vodafone Station WiFi 6 Brüx Odkaz ke komentáři https://www.techforum.cz/topic/59893-vodafone-mi-ozn%C3%A1mil-%C5%BEe-jsem-v-botnetu/#findComment-444120 Sdílet na ostatní stránky More sharing options...
Návštěvník freekarol Odesláno 5. května 2021 Sdílet Odesláno 5. května 2021 Jasně, žádný problém. 😀 Číslo smlouvy pošlu ve zprávě. FRST Log Spoiler Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021 Ran by Chuck (administrator) on HP (Hewlett-Packard HP ProBook 4535s) (04-05-2021 14:36:30) Running from C:\Users\Karol\Desktop Loaded Profiles: Chuck & Karol Platform: Windows 10 Home Version 20H2 19042.867 (X64) Language: Čeština (Česko) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe (Alexandr Irza) [File not signed] D:\Karol\Archive\1.Extensions\Software\Portable\x32\Volume\Volume2_1.1.7.434\Volume2.exe (Andrea Electronics Corporation) [File not signed] C:\Program Files\IDT\WDM\AESTSr64.exe (Appwork GmbH -> AppWork GmbH) C:\Users\Karol\AppData\Local\JDownloader 2.0\JDownloader2.exe (Atheros) [File not signed] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (David Carpenter -> ) C:\Program Files\Everything\Everything.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (CHENGDU AOMEI Tech Co., Ltd. -> ) C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe (SalvadorSoftware) [File not signed] D:\Karol\Archive\1.Extensions\Software\Portable\x32\app management\portable start menu\asuite_x64-v2.0.0\asuite_x64.exe (StagWare) [File not signed] C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie\SbieCtrl.exe (Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie\SbieSvc.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\update_notifier.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe <18> (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NUSB3MON] => c:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.) [File not signed] HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2197608 2017-06-07] (David Carpenter -> ) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [6531536 2019-10-31] (Paramount Software UK Ltd -> Paramount Software UK Ltd) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.) [File not signed] HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company -> Hewlett-Packard Company) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3500056 2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.) HKLM-x32\...\Run: [ABNotify] => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe [89960 2017-03-25] (CHENGDU AOMEI Tech Co., Ltd. -> ) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3376616 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com) HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\Run: [Vivaldi Update Notifier] => C:\Program Files (x86)\Vivaldi\Application\update_notifier.exe [1880648 2020-03-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS) HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\Software\Policies\...\system: [disablecmd] 0 HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3376616 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com) HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Run: [Vivaldi Update Notifier] => C:\Program Files (x86)\Vivaldi\Application\update_notifier.exe [1880648 2020-03-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS) HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Run: [Volume2] => D:\Karol\Archive\1.Extensions\Software\Portable\x32\Volume\Volume2_1.1.7.434\Volume2.exe [4350464 2021-02-14] (Alexandr Irza) [File not signed] HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Run: [ASuite] => D:\Karol\Archive\1.Extensions\Software\Portable\x32\app management\portable start menu\asuite_x64-v2.0.0\asuite_x64.exe [12268032 2020-04-20] (SalvadorSoftware) [File not signed] HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc) HKLM\Software\Microsoft\Active Setup\Installed Components: [{9C142C0C-124C-4467-B117-EBCC62801D7B}] -> C:\Program Files (x86)\Vivaldi\Application\2.11.1811.47\Installer\chrmstp.exe [2020-06-14] (Vivaldi Technologies AS -> Vivaldi Technologies AS) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2013-09-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2013-09-25] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] Startup: C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2016-12-09] ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {126DD8CE-8C75-430C-B0BD-BD8FDDEFC66F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {184BCB5A-622A-40F3-9750-2FC9C2524F73} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {198E4553-E499-4FEC-BF71-2DE98CD4C0C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1F0EC664-BA70-4489-9D24-703B627D94E0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1FDDF3D9-92F4-4C02-903B-27AF1341F4D0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software) Task: {21F92A90-397C-41F7-B647-3C7C92C85E69} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {282EAD2E-9665-404C-A449-2C7CE67BC5ED} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {299238D2-F47F-430F-80F1-27AC3194A516} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.) Task: {2CBFACDF-FEB3-40D5-9A86-871E18B5F012} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {31537973-BF08-414E-8C18-016AA2E10735} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {34E5E123-1946-44CE-9DC6-9C91413F5368} - System32\Tasks\My Tasks\auto hibernation => shutdown [Argument = /h] Task: {37015500-3F40-4146-9BB5-562F45E40978} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {3C63F250-FAFF-4783-A307-3CF6575A8A9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [124280 2018-08-30] (HP Inc. -> HP Inc.) Task: {3DA20FC9-D65D-4825-B9F7-EF27D257BC08} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {412CE83E-2101-4893-9CC4-11104E16CA07} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {44A78B22-8685-4235-86C9-73FDBF5DD960} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {46901229-9BD7-4281-B999-E978D639CB5A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {474BD1FC-9BA3-4066-A8C2-2916031099CF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {4774AC1A-50B0-4D60-8A12-569BB4B71FAE} - System32\Tasks\{C38DECD5-4820-4B6F-8E4A-1F2445C4096C} => "C:\Program Files\Internet Explorer\IEXPLORE.EXE" https://ui.skype.com/ui/0/7.40.0.103/cs ... Error=1603 Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {49FCE141-CB65-4556-BAEC-325331FEB10F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {4D393590-7F03-484F-804E-71650C2A8334} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {4E0434D3-837C-4592-8AD5-F59D150F5726} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {51D3CA13-D9F2-4E1A-8F6C-CE86C95BF422} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {540ACDE2-69DD-426B-B44A-FCF025497495} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {54460751-1A6C-481B-B80E-1657AE7D6D05} - \My Tasks\Empty Windows Recycle Bin. -> No File <==== ATTENTION Task: {5A6249DF-ADE4-4D85-AAB8-00ED90BDAA12} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {63946C7F-2F66-4269-B0BE-5DE2D5D93C3D} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {6759277E-F575-4256-8495-2835E9584A4D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\mrt.exe [144749672 2016-07-13] (Microsoft Windows -> Microsoft Corporation) Task: {688F3B79-D539-445E-985D-A2BFB75789B8} - System32\Tasks\My Tasks\open gmail afternoon => C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [1771592 2020-03-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS) Task: {69CDD3BE-F780-4BAF-B718-8CEB37983D1C} - System32\Tasks\MasterSeeker.UACBypass.1ee7473df8f6351c77699e1d8f3d0494 => D:\Karol\Archive\1. Extensions\Software\installers\search engines\file-name-no-index\MasterSeeker1.5.1\MasterSeeker.exe Task: {6DB21E63-B367-4731-B550-CD321E5A8FC6} - System32\Tasks\My Tasks\open gmail night => C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe [1771592 2020-03-05] (Vivaldi Technologies AS -> Vivaldi Technologies AS) Task: {6E44B8F0-C812-4658-9B76-E44E0B82A0D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation) Task: {6E79CB94-B352-41D2-A4A0-9367C98AE0A7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {735ECD01-6F6A-454E-9E9F-E022C90C75CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {74874CB4-E137-4889-92BD-3EBA03F78D00} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {7833BD64-D7EB-4F6B-A19E-C170DD7803BE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {888CEB6B-45A0-4895-A2CF-AB3BCC4B1D0E} - System32\Tasks\MasterSeeker.UACBypass.40a67d949b950387fa2284792b5effc7 => D:\Karol\Archive\1. Extensions\Software\Portable\x32\File Management\search engines\no index\MasterSeeker1.5.1\MasterSeeker.exe Task: {8A918489-8464-4268-BDEA-20B9CC9401DC} - System32\Tasks\{768B319C-4286-4539-9A64-D45279719C54} => C:\Windows\system32\pcalua.exe -a C:\Users\Chuck\Desktop\sp56876.exe -d C:\Users\Chuck\Desktop Task: {8BDF57BC-BE22-4E9D-82E1-DC9BE897D639} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {90720BA0-4D63-49B6-A8FA-795E6C5D4BCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC) Task: {921EEFB9-8FB3-4F6E-9561-FC780AD28532} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {93185870-5C8C-4276-A9B0-F2AA88E784D7} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {961BC585-EFA5-4BBC-BC5B-E1D2F12CBCF1} - System32\Tasks\My Tasks\cleanup versioning folder => ForFiles [Argument = /p "D:\Karol\Archive\4.versioning" /s /d -10 /c "cmd /c del @file"] -> /p "D:\Karol\Archive\4.versioning" /s /d -10 /c "cmd /c del @file" Task: {9BFD489B-5F09-42F6-9179-963E0268A092} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {9C1162B6-8F0F-401F-A4C7-6EAC6F191C86} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {9D373580-1126-4A24-8390-8209C423A611} - System32\Tasks\{87A5FB26-48A3-4A66-AA52-8D3A83794FE6} => "c:\program files (x86)\mozilla firefox\firefox.exe" https://www.skype.com/go/downloading?so ... rror=12040 Task: {9DACAB5B-FBE0-430C-92AD-93EA342DED8F} - System32\Tasks\DisableLockScreen => reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData /t REG_DWORD /v AllowLockScreen /d 0 /f Task: {A559D691-E4CE-4FA3-B40E-8BE5B36C2D1E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {AE2D77F8-E407-43CA-AE5F-C1476B92DE54} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {AFCE3371-615A-4DF7-B61B-265516815029} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {B110211B-6594-48BA-A4D9-AC9CE6E62372} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation) Task: {B1FBC68E-EC26-41FC-8424-AC3EF5202884} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {B7B8FB88-F954-493C-A26C-54AEA3239536} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {B8757F00-4BE9-441C-82A1-C02D622CC7F4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C177C83C-0572-4E55-BB23-3B99176F2BE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D286E1A3-2C4D-48AE-A89F-2BC49B0E0E21} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {D2F5091A-D624-4BBA-B909-A10BCCFFFFC0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D49A867E-51BD-4DB8-AEBB-D60B4CE30DAC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D7ABEDB3-8CB2-4BBE-B342-254C882B60C8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {DC659376-2B13-4DF8-9B7C-655E5860D21F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1183256 2018-02-09] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {E1973331-1B79-42A7-8162-BEB646BFE905} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC) Task: {E474C421-6342-4FD0-AE67-326AA69B457C} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {E48428C6-42E5-4FF3-92CF-179A1EEC7685} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [677344 2021-02-02] (Mozilla Corporation -> Mozilla Foundation) Task: {E87652C7-4A47-4B6E-AFF2-4B025DE6C3B7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {EA0E1989-626F-4100-B137-8575E770F8A3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Task: {EB2D4759-3947-46A1-AB62-1090FED2DF37} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {ECB03397-042A-4568-94E5-933D1AF35C2A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {EFED7834-A78C-4E66-8466-35A13701DFF5} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: {F005B929-FDB7-4B46-9B9B-BFE69752C20E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F03EA912-D7A0-41B8-90BD-65A244C72858} - System32\Tasks\{26D164E1-B8C8-4567-9727-7101BBC0AB8E} => "c:\program files (x86)\mozilla firefox\firefox.exe" https://ui.skype.com/ui/0/7.40.0.103/en ... Error=1603 Task: {F1F1B2FA-3B42-4FF0-9698-16783E6526A9} - System32\Tasks\MasterSeeker.UACBypass.34e95470e9903458a022ccd394663e7c => D:\Karol\Archive\1. Extensions\Software\installers\search engines\MasterSeeker1.5.1\MasterSeeker.exe Task: {F5EAA833-79BA-4274-8431-C427DC14923D} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {FA4D6466-39DD-46B7-850E-A55EE0023061} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 213.46.172.38 213.46.172.39 Tcpip\..\Interfaces\{176d9214-02f7-4e63-9c0d-502a9c422f87}: [NameServer] 193.17.47.1,185.43.135.1 Tcpip\..\Interfaces\{2205f461-a79b-4c21-a3d6-5f9ff19b6685}: [NameServer] 193.17.47.1,185.43.135.1,192.168.0.1 Tcpip\..\Interfaces\{2205f461-a79b-4c21-a3d6-5f9ff19b6685}: [DhcpNameServer] 213.46.172.38 213.46.172.39 Tcpip\..\Interfaces\{8137f080-5f60-4f4e-96ea-55efe4e2b74c}: [NameServer] 193.17.47.1,185.43.135.1 Tcpip\..\Interfaces\{86177912-d0b5-40fe-8877-9d1e9dd6dcc6}: [NameServer] 193.17.47.1,185.43.135.1 Tcpip\..\Interfaces\{dac93b1d-61b9-4a71-8643-bf858b70ff4b}: [NameServer] 193.17.47.1,185.43.135.1 Tcpip\..\Interfaces\{f27690ee-9433-475b-863f-23634ed6d325}: [NameServer] 217.31.204.130,193.29.206.206 Tcpip\..\Interfaces\{fe8e91cf-fca4-4ebc-bda8-a69e9ca65b03}: [NameServer] 193.17.47.1,185.43.135.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Chuck\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-10] FireFox: ======== FF DefaultProfile: ypbhsodm.default FF ProfilePath: C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default [2021-04-10] FF DownloadDir: C:\Users\Chuck\Desktop FF Session Restore: Mozilla\Firefox\Profiles\ypbhsodm.default -> is enabled. FF Extension: (All Aboard) - C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default\Extensions\@all-aboard-v1-5.xpi [2017-07-04] [Legacy] FF Extension: (No Name) - C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-02-02] FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-01] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2019-03-14] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin HKU\S-1-5-21-2887156172-1520988294-1417751805-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chuck\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies SF -> Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2887156172-1520988294-1417751805-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Karol\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-11-01] Vivaldi: ======= VIV Profile: C:\Users\Chuck\AppData\Local\Vivaldi\User Data\Default [2021-04-22] VIV Extension: (Adobe Acrobat) - C:\Users\Chuck\AppData\Local\Vivaldi\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-08-10] VIV Extension: (Chrome Media Router) - C:\Users\Chuck\AppData\Local\Vivaldi\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-14] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83984 2018-02-09] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed] R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [122736 2017-03-25] (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) R2 Everything; C:\Program Files\Everything\Everything.exe [2197608 2017-06-07] (David Carpenter -> ) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company -> Hewlett-Packard Company) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [6435880 2019-10-31] (Paramount Software UK Ltd -> Paramount Software UK Ltd) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes) R2 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [8704 2019-04-14] (StagWare) [File not signed] R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [332264 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [File not signed] R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-23] (CHENGDU AOMEI Tech Co., Ltd. -> ) R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-23] (CHENGDU AOMEI Tech Co., Ltd. -> ) S3 ampa; C:\Windows\system32\ampa.sys [19568 2015-11-10] (ChengDu AoMei Tech Co., Ltd -> ) [File not signed] R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [38320 2016-12-23] (CHENGDU AOMEI Tech Co., Ltd. -> ) S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-09-20] (Bitdefender SRL -> BitDefender) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 nusb3hub; C:\WINDOWS\system32\drivers\nusb3hub.sys [78848 2010-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation) S3 nusb3xhc; C:\WINDOWS\system32\drivers\nusb3xhc.sys [180224 2010-07-27] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192504 2021-03-05] (Tonalio GmbH -> sandboxie-plus.com) R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [543744 2012-10-24] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [66520 2018-08-07] (VMware, Inc. -> VMware, Inc.) R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2017-09-05] (VMware, Inc. -> VMware, Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-12] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-12] (Microsoft Windows -> Microsoft Corporation) R1 WinRing0_1_2_0; C:\Program Files (x86)\NoteBook FanControl\WinRing0x64.sys [14544 2021-04-10] (Noriyuki MIYAZAKI -> OpenLibSys.org) R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2019-05-03] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation) U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-05-04 14:36 - 2021-05-04 14:40 - 000035233 _____ C:\Users\Karol\Desktop\FRST.txt 2021-05-04 14:27 - 2021-05-04 14:28 - 002298368 _____ (Farbar) C:\Users\Karol\Desktop\FRST64.exe 2021-04-12 21:38 - 2021-04-26 11:51 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d72e29197199da 2021-04-10 20:56 - 2021-04-10 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteBook FanControl 2021-04-10 20:56 - 2021-04-10 20:56 - 000000000 ____D C:\Program Files (x86)\NoteBook FanControl 2021-04-10 20:32 - 2021-04-10 20:32 - 000000020 ___SH C:\Users\Karol\ntuser.ini 2021-04-10 20:27 - 2021-04-10 20:27 - 000000949 _____ C:\Users\Chuck\Desktop\Sandboxed Web Browser.lnk 2021-04-10 20:27 - 2021-04-10 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2021-04-10 20:09 - 2021-04-10 20:09 - 000000000 ____D C:\Users\Chuck\AppData\Local\PlaceholderTileLogoFolder 2021-04-10 20:04 - 2021-04-10 20:04 - 000000020 ___SH C:\Users\Chuck\ntuser.ini 2021-04-10 19:16 - 2021-04-10 19:16 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2887156172-1520988294-1417751805-500 2021-04-10 19:15 - 2021-04-29 00:31 - 000003354 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2887156172-1520988294-1417751805-1001 2021-04-10 19:15 - 2021-04-21 10:57 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-04-10 19:15 - 2021-04-21 10:57 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-04-10 19:15 - 2021-04-10 19:16 - 000003328 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{718AEF67-758E-4F0B-8548-2EE7294EE2A7} 2021-04-10 19:15 - 2021-04-10 19:16 - 000002770 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2 2021-04-10 19:15 - 2021-04-10 19:16 - 000002514 _____ C:\WINDOWS\system32\Tasks\MasterSeeker.UACBypass.34e95470e9903458a022ccd394663e7c 2021-04-10 19:15 - 2021-04-10 19:16 - 000002246 _____ C:\WINDOWS\system32\Tasks\{26D164E1-B8C8-4567-9727-7101BBC0AB8E} 2021-04-10 19:15 - 2021-04-10 19:15 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2021-04-10 19:15 - 2021-04-10 19:15 - 000003042 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2021-04-10 19:15 - 2021-04-10 19:15 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2887156172-1520988294-1417751805-1000 2021-04-10 19:15 - 2021-04-10 19:15 - 000002622 _____ C:\WINDOWS\system32\Tasks\MasterSeeker.UACBypass.40a67d949b950387fa2284792b5effc7 2021-04-10 19:15 - 2021-04-10 19:15 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0 2021-04-10 19:15 - 2021-04-10 19:15 - 000002590 _____ C:\WINDOWS\system32\Tasks\MasterSeeker.UACBypass.1ee7473df8f6351c77699e1d8f3d0494 2021-04-10 19:15 - 2021-04-10 19:15 - 000002528 _____ C:\WINDOWS\system32\Tasks\DisableLockScreen 2021-04-10 19:15 - 2021-04-10 19:15 - 000002298 _____ C:\WINDOWS\system32\Tasks\{87A5FB26-48A3-4A66-AA52-8D3A83794FE6} 2021-04-10 19:15 - 2021-04-10 19:15 - 000002264 _____ C:\WINDOWS\system32\Tasks\{768B319C-4286-4539-9A64-D45279719C54} 2021-04-10 19:15 - 2021-04-10 19:15 - 000002240 _____ C:\WINDOWS\system32\Tasks\{C38DECD5-4820-4B6F-8E4A-1F2445C4096C} 2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD 2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-2887156172-1520988294-1417751805-1001 2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-2887156172-1520988294-1417751805-1000 2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\OfficeSoftwareProtectionPlatform 2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\My Tasks 2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard 2021-04-10 19:15 - 2021-04-10 19:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software 2021-04-10 19:12 - 2021-04-10 19:14 - 000019053 _____ C:\WINDOWS\diagwrn.xml 2021-04-10 19:12 - 2021-04-10 19:14 - 000019053 _____ C:\WINDOWS\diagerr.xml 2021-04-10 19:08 - 2021-04-10 19:19 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2021-04-10 19:08 - 2021-04-10 19:08 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines 2021-04-10 19:00 - 2021-04-10 19:00 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2021-04-10 18:49 - 2021-04-27 20:53 - 002847556 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-04-10 18:38 - 2021-04-10 18:38 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2021-04-10 18:38 - 2021-04-10 18:38 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2021-04-10 18:38 - 2021-04-10 18:38 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll 2021-04-10 18:37 - 2021-04-10 18:37 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-04-10 18:37 - 2021-04-10 18:37 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2021-04-10 18:37 - 2021-04-10 18:37 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2021-04-10 18:37 - 2021-04-10 18:37 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2021-04-10 18:37 - 2021-04-10 18:37 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax 2021-04-10 18:37 - 2021-04-10 18:37 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2021-04-10 18:37 - 2021-04-10 18:37 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2021-04-10 18:37 - 2021-04-10 18:37 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl 2021-04-10 18:37 - 2021-04-10 18:37 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll 2021-04-10 18:36 - 2021-04-10 18:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-04-10 18:36 - 2021-04-10 18:36 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-04-10 18:36 - 2021-04-10 18:36 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2021-04-10 18:36 - 2021-04-10 18:36 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2021-04-10 18:36 - 2021-04-10 18:36 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2021-04-10 18:36 - 2021-04-10 18:36 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax 2021-04-10 18:36 - 2021-04-10 18:36 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2021-04-10 18:36 - 2021-04-10 18:36 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll 2021-04-10 18:36 - 2021-04-10 18:36 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-04-10 18:35 - 2021-04-10 18:35 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl 2021-04-10 18:35 - 2021-04-10 18:35 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl 2021-04-10 18:35 - 2021-04-10 18:35 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl 2021-04-10 18:35 - 2021-04-10 18:35 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2021-04-10 18:34 - 2021-04-10 18:34 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2021-04-10 18:34 - 2021-04-10 18:34 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll 2021-04-10 18:34 - 2021-04-10 18:34 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-04-10 18:34 - 2021-04-10 18:34 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-04-10 18:34 - 2021-04-10 18:34 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll 2021-04-10 18:33 - 2021-04-10 18:33 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-04-10 18:33 - 2021-04-10 18:33 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-04-10 18:33 - 2021-04-10 18:33 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll 2021-04-10 18:33 - 2021-04-10 18:33 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll 2021-04-10 18:33 - 2021-04-10 18:33 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl 2021-04-10 18:33 - 2021-04-10 18:33 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl 2021-04-10 18:33 - 2021-04-10 18:33 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe 2021-04-10 18:32 - 2021-04-10 18:32 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll 2021-04-10 18:32 - 2021-04-10 18:32 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-04-10 18:32 - 2021-04-10 18:32 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-04-10 18:32 - 2021-04-10 18:32 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl 2021-04-10 18:32 - 2021-04-10 18:32 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2021-04-10 18:32 - 2021-04-10 18:32 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll 2021-04-10 18:32 - 2021-04-10 18:32 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-04-10 18:32 - 2021-04-10 18:32 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2021-04-10 18:32 - 2021-04-10 18:32 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt 2021-04-10 18:31 - 2021-04-10 18:31 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-04-10 18:31 - 2021-04-10 18:31 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-04-10 18:31 - 2021-04-10 18:31 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe 2021-04-10 18:31 - 2021-04-10 18:31 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-04-10 18:30 - 2021-04-29 00:29 - 000002377 _____ C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-04-10 18:30 - 2021-04-10 20:32 - 000000000 ____D C:\Users\Karol 2021-04-10 18:30 - 2021-04-10 20:04 - 000000000 ____D C:\Users\Chuck 2021-04-10 18:30 - 2021-04-10 18:57 - 000000000 ____D C:\Users\DefaultAppPool 2021-04-10 18:30 - 2021-04-10 18:57 - 000000000 ____D C:\Users\Administrator 2021-04-10 18:30 - 2021-04-10 18:30 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2021-04-10 18:30 - 2021-04-10 18:30 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll 2021-04-10 18:30 - 2021-04-10 18:30 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Šablony 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Soubory cookie 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Poslední 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Okolní tiskárny 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Okolní síť 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Nabídka Start 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Dokumenty 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Documents\Obrázky 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Documents\Hudba 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Documents\Filmy 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\Data aplikací 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Karol\AppData\Local\Data aplikací 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Šablony 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Soubory cookie 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Poslední 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Okolní tiskárny 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Okolní síť 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Nabídka Start 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Dokumenty 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Documents\Obrázky 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Documents\Hudba 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Documents\Filmy 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\Data aplikací 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Chuck\AppData\Local\Data aplikací 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Šablony 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Soubory cookie 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Poslední 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Okolní tiskárny 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Okolní síť 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Nabídka Start 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Dokumenty 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Documents\Obrázky 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Documents\Hudba 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Documents\Filmy 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\Data aplikací 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Data aplikací 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Šablony 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Soubory cookie 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Poslední 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Okolní tiskárny 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Okolní síť 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Nabídka Start 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Dokumenty 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Documents\Obrázky 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Documents\Hudba 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Documents\Filmy 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\Data aplikací 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programy 2021-04-10 18:30 - 2021-04-10 18:30 - 000000000 _SHDL C:\Users\Administrator\AppData\Local\Data aplikací 2021-04-10 18:30 - 2019-12-07 11:10 - 000001105 _____ C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-04-10 18:30 - 2019-12-07 11:10 - 000001105 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-04-10 18:30 - 2019-12-07 11:10 - 000001105 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-04-10 18:29 - 2021-04-10 18:29 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-04-10 18:29 - 2021-04-10 18:29 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll 2021-04-10 18:29 - 2021-04-10 18:29 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-04-10 18:29 - 2021-04-10 18:29 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-04-10 18:29 - 2021-04-10 18:29 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl 2021-04-10 18:29 - 2021-04-10 18:29 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-04-10 18:29 - 2021-04-10 18:29 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll 2021-04-10 18:29 - 2021-04-10 18:29 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll 2021-04-10 18:29 - 2021-04-10 18:29 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll 2021-04-10 18:29 - 2021-04-10 18:29 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-04-10 18:20 - 2021-05-01 12:32 - 000008192 ___SH C:\DumpStack.log.tmp 2021-04-10 17:57 - 2019-10-15 14:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml 2021-04-10 17:57 - 2019-04-18 19:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml 2021-04-10 17:47 - 2021-04-27 20:53 - 000808052 _____ C:\WINDOWS\system32\perfh015.dat 2021-04-10 17:47 - 2021-04-27 20:53 - 000163116 _____ C:\WINDOWS\system32\perfc015.dat 2021-04-10 17:47 - 2021-04-10 17:47 - 000343212 _____ C:\WINDOWS\system32\perfi015.dat 2021-04-10 17:47 - 2021-04-10 17:47 - 000041370 _____ C:\WINDOWS\system32\perfd015.dat 2021-04-10 17:47 - 2021-04-10 17:47 - 000000000 ____D C:\WINDOWS\SysWOW64\pl 2021-04-10 17:47 - 2021-04-10 17:47 - 000000000 ____D C:\WINDOWS\system32\pl 2021-04-10 17:20 - 2021-04-10 17:47 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices 2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\WINDOWS\system32\msmq 2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\WINDOWS\system32\BestPractices 2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\Program Files\Reference Assemblies 2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\Program Files\MSBuild 2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\Program Files (x86)\MSBuild 2021-04-10 17:20 - 2021-04-10 17:20 - 000000000 ____D C:\inetpub ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-05-04 14:47 - 2020-04-05 14:45 - 000000000 ____D C:\Users\Karol\AppData\Local\JDownloader 2.0 2021-05-04 14:38 - 2015-09-07 23:48 - 000000000 ____D C:\FRST 2021-05-04 14:35 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-05-04 13:41 - 2016-12-23 14:41 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Everything 2021-05-04 12:28 - 2018-02-06 00:06 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Thunderbird 2021-05-04 12:28 - 2015-08-17 00:23 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Mozilla 2021-05-04 01:46 - 2020-11-19 00:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-05-03 23:20 - 2019-09-24 12:30 - 000000374 _____ C:\Users\Karol\.vivaldi_reporting_data 2021-05-03 22:16 - 2019-10-03 21:17 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2021-05-03 16:03 - 2016-01-22 14:52 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\FreeFileSync 2021-05-03 00:56 - 2017-05-29 11:35 - 000000000 ____D C:\ProgramData\NbfcService 2021-05-02 11:43 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-05-01 12:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-05-01 12:32 - 2020-11-19 01:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-05-01 12:32 - 2017-04-25 01:36 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper 2021-05-01 12:32 - 2015-08-24 09:12 - 000000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat 2021-05-01 12:32 - 2015-08-17 21:09 - 000000000 ____D C:\ProgramData\VMware 2021-05-01 12:29 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-05-01 11:42 - 2020-11-19 01:32 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-04-30 00:04 - 2017-12-25 18:40 - 000000000 ____D C:\Users\Karol\AppData\Local\Packages 2021-04-29 00:30 - 2016-07-02 16:43 - 000000000 ___RD C:\Users\Karol\OneDrive 2021-04-27 20:53 - 2019-12-07 16:41 - 000783098 _____ C:\WINDOWS\system32\perfh005.dat 2021-04-27 20:53 - 2019-12-07 16:41 - 000172796 _____ C:\WINDOWS\system32\perfc005.dat 2021-04-27 20:53 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2021-04-26 11:51 - 2020-11-19 01:32 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-04-26 11:49 - 2017-12-25 21:36 - 000000000 ____D C:\Users\Karol\AppData\Roaming\NoteBookFanControl 2021-04-22 20:51 - 2020-06-14 01:46 - 000000374 _____ C:\Users\Chuck\.vivaldi_reporting_data 2021-04-16 20:50 - 2016-07-26 00:21 - 000000270 __RSH C:\ProgramData\ntuser.pol 2021-04-16 20:45 - 2016-12-23 14:41 - 000000000 ____D C:\Users\Karol\AppData\Local\Everything 2021-04-12 20:42 - 2020-11-19 01:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-04-11 11:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2021-04-11 11:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat 2021-04-11 00:05 - 2016-09-17 20:47 - 000001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk 2021-04-11 00:05 - 2016-09-17 20:47 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnk 2021-04-11 00:05 - 2015-09-01 20:33 - 000000000 ____D C:\Program Files\FreeFileSync 2021-04-10 20:57 - 2016-07-02 15:02 - 000000000 ____D C:\ProgramData\Package Cache 2021-04-10 20:51 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-04-10 20:34 - 2020-11-19 01:33 - 000000000 __RHD C:\Users\Public\AccountPictures 2021-04-10 20:34 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-04-10 20:34 - 2017-12-25 19:42 - 000000000 ___RD C:\Users\Karol\3D Objects 2021-04-10 20:32 - 2017-01-06 18:25 - 000000000 ____D C:\Users\Chuck\AppData\Local\Everything 2021-04-10 20:32 - 2016-12-27 21:36 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Everything 2021-04-10 20:32 - 2016-07-13 23:40 - 000014744 _____ C:\WINDOWS\Sandboxie.ini 2021-04-10 20:31 - 2017-12-25 18:43 - 000000000 ____D C:\Users\Chuck\AppData\Local\Packages 2021-04-10 20:31 - 2016-11-30 14:36 - 000000000 ____D C:\Users\Chuck\AppData\LocalLow\Mozilla 2021-04-10 20:27 - 2015-09-09 10:44 - 000000000 ____D C:\Program Files\Sandboxie 2021-04-10 20:12 - 2019-01-30 13:26 - 000000000 ____D C:\ProgramData\Mozilla 2021-04-10 20:10 - 2015-08-16 20:23 - 000000000 ____D C:\Users\Chuck\AppData\Local\VirtualStore 2021-04-10 20:06 - 2017-12-25 19:22 - 000000000 ___RD C:\Users\Chuck\3D Objects 2021-04-10 19:20 - 2019-12-07 11:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2021-04-10 19:19 - 2021-01-27 13:04 - 000000000 ____D C:\WINDOWS\system32\Download 2021-04-10 19:19 - 2020-11-19 01:33 - 000000000 ____D C:\ProgramData\Packages 2021-04-10 19:19 - 2020-11-04 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2021-04-10 19:19 - 2019-12-07 11:18 - 000000000 ____D C:\WINDOWS\Setup 2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 __SHD C:\Program Files\Windows Sidebar 2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar 2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files 2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\IME 2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Macromed 2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\IME 2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\schemas 2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-04-10 19:19 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-04-10 19:19 - 2019-06-19 12:58 - 000000000 ____D C:\Program Files\UNP 2021-04-10 19:19 - 2019-04-03 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2021-04-10 19:19 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2021-04-10 19:19 - 2019-01-05 02:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2021-04-10 19:19 - 2018-10-14 02:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2021-04-10 19:19 - 2018-08-18 01:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware 2021-04-10 19:19 - 2018-06-19 00:44 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2021-04-10 19:19 - 2018-06-10 01:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XiaoMiFlash 2021-04-10 19:19 - 2018-04-12 17:51 - 000000000 ____D C:\WINDOWS\system32\nn-NO 2021-04-10 19:19 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2021-04-10 19:19 - 2017-08-17 01:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer 2021-04-10 19:19 - 2017-04-25 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper 2021-04-10 19:19 - 2016-10-08 23:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill 2021-04-10 19:19 - 2016-10-08 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 12 2021-04-10 19:19 - 2016-08-10 00:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2021-04-10 19:19 - 2016-07-30 15:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2021-04-10 19:19 - 2016-05-16 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2021-04-10 19:19 - 2016-04-27 08:32 - 000000000 ____D C:\WINDOWS\ShellNew 2021-04-10 19:19 - 2016-04-11 10:21 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2021-04-10 19:19 - 2016-04-08 00:24 - 000000000 ____D C:\WINDOWS\system32\oodag 2021-04-10 19:19 - 2016-03-22 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2021-04-10 19:19 - 2016-03-19 00:42 - 000000000 ____D C:\WINDOWS\en 2021-04-10 19:19 - 2016-03-19 00:42 - 000000000 ____D C:\WINDOWS\cs 2021-04-10 19:19 - 2015-08-19 13:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe 2021-04-10 19:19 - 2015-08-18 12:23 - 000000000 ____D C:\WINDOWS\SysWOW64\SDA 2021-04-10 19:19 - 2009-07-14 05:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2021-04-10 19:18 - 2019-12-07 11:14 - 000000000 __RHD C:\Users\Public\Libraries 2021-04-10 19:18 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate 2021-04-10 19:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-04-10 19:15 - 2020-11-19 01:32 - 000003286 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-04-10 19:15 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows NT 2021-04-10 19:15 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender 2021-04-10 19:11 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Registration 2021-04-10 19:11 - 2018-01-18 00:07 - 000000000 ____D C:\WINDOWS\system32\SRSLabs 2021-04-10 19:10 - 2016-07-02 15:26 - 000023020 _____ C:\WINDOWS\system32\emptyregdb.dat 2021-04-10 19:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Resources 2021-04-10 19:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Help 2021-04-10 19:08 - 2019-11-09 01:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium 2021-04-10 19:08 - 2019-04-04 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 2021-04-10 19:08 - 2017-04-07 20:37 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies 2021-04-10 19:08 - 2017-04-07 20:35 - 000000000 ____D C:\Program Files\Synaptics 2021-04-10 19:08 - 2016-03-15 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\installed apps 2021-04-10 19:08 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files\Microsoft Games 2021-04-10 18:58 - 2019-12-07 11:14 - 000000000 __RSD C:\WINDOWS\Media 2021-04-10 18:55 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-04-10 18:54 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-04-10 18:54 - 2019-12-07 16:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\F12 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Keywords 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Com 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\IME 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-04-10 18:54 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2021-04-10 18:54 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing 2021-04-10 18:41 - 2020-04-05 14:48 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2021-04-10 18:41 - 2019-12-18 01:19 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Calendar 2021-04-10 18:41 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-04-10 18:41 - 2018-10-28 21:20 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XYplorer 2021-04-10 18:41 - 2018-03-25 15:44 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Nox 2021-04-10 18:41 - 2017-06-07 12:51 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything 2021-04-10 18:41 - 2017-05-09 15:14 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2021-04-10 18:41 - 2016-12-27 21:52 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything 2021-04-10 18:41 - 2016-10-08 20:20 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript 2021-04-10 18:37 - 2017-12-25 18:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages 2021-04-10 18:36 - 2019-11-17 22:26 - 000000000 ____D C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wReplace 2021-04-10 18:32 - 2016-03-11 16:07 - 000000000 ____D C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Apps 2021-04-10 18:29 - 2020-11-19 01:32 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2021-04-10 18:28 - 2018-07-04 15:11 - 000001727 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Premium Sound.lnk 2021-04-10 18:21 - 2020-11-19 00:29 - 000457224 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-04-10 18:07 - 2019-12-07 16:43 - 000000000 ____D C:\WINDOWS\OCR 2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-04-10 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm 2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr 2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\winrm 2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\WCN 2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\slmgr 2021-04-10 17:56 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2021-04-10 17:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI 2021-04-10 17:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\MUI 2021-04-10 17:20 - 2019-12-07 11:10 - 001421824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll 2021-04-10 17:20 - 2019-12-07 11:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll 2021-04-10 17:20 - 2019-12-07 11:10 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll 2021-04-10 17:20 - 2019-12-07 11:10 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys 2021-04-10 17:20 - 2019-12-07 11:10 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll 2021-04-10 17:20 - 2019-12-07 11:10 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll 2021-04-10 17:20 - 2019-12-07 11:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll 2021-04-10 17:20 - 2019-12-07 11:10 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb 2021-04-10 17:20 - 2019-12-07 11:10 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb 2021-04-10 17:20 - 2019-12-07 11:10 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb 2021-04-10 17:20 - 2019-12-07 11:10 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb 2021-04-10 17:20 - 2019-12-07 11:10 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll 2021-04-10 17:20 - 2019-12-07 11:10 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb 2021-04-10 17:20 - 2019-12-07 11:10 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb 2021-04-10 17:20 - 2019-12-07 11:10 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll 2021-04-10 17:20 - 2019-12-07 11:10 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb 2021-04-10 17:20 - 2019-12-07 11:10 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb 2021-04-10 17:20 - 2019-12-07 11:10 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll 2021-04-10 17:20 - 2019-12-07 11:10 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll 2021-04-10 17:20 - 2019-12-07 11:10 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe 2021-04-10 17:20 - 2019-12-07 11:10 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe 2021-04-10 17:20 - 2019-12-07 11:10 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll 2021-04-10 17:20 - 2019-12-07 11:10 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll 2021-04-10 17:20 - 2019-12-07 11:10 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll 2021-04-10 17:20 - 2019-12-07 11:10 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll 2021-04-10 17:20 - 2019-12-07 11:10 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll 2021-04-10 17:20 - 2019-12-07 11:10 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll 2021-04-10 17:20 - 2019-12-07 11:10 - 000009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof 2021-04-10 17:20 - 2019-12-07 11:10 - 000009096 _____ C:\WINDOWS\system32\msmqtrc.mof 2021-04-10 17:19 - 2019-12-07 11:10 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll 2021-04-10 17:19 - 2019-12-07 11:10 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe 2021-04-10 17:19 - 2019-12-07 11:10 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe 2021-04-10 13:31 - 2016-11-30 12:49 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER 2021-04-10 02:29 - 2020-11-08 02:56 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-04-10 02:29 - 2009-07-14 04:34 - 000000478 _____ C:\WINDOWS\win.ini 2021-04-09 22:32 - 2010-11-21 05:27 - 000799104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe ==================== Files in the root of some directories ======== 2019-01-07 02:22 - 2019-01-07 02:22 - 000000000 _____ () C:\Users\Chuck\AppData\Local\oobelibMkey.log 2016-05-14 23:27 - 2018-01-28 02:26 - 000007608 _____ () C:\Users\Chuck\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== FRST Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021 Ran by Chuck (04-05-2021 14:49:17) Running from C:\Users\Karol\Desktop Windows 10 Home Version 20H2 19042.867 (X64) (2021-04-10 17:16:41) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2887156172-1520988294-1417751805-500 - Administrator - Disabled) => C:\Users\Administrator Chuck (S-1-5-21-2887156172-1520988294-1417751805-1000 - Administrator - Enabled) => C:\Users\Chuck DefaultAccount (S-1-5-21-2887156172-1520988294-1417751805-503 - Limited - Disabled) Guest (S-1-5-21-2887156172-1520988294-1417751805-501 - Limited - Disabled) Karol (S-1-5-21-2887156172-1520988294-1417751805-1001 - Limited - Enabled) => C:\Users\Karol WDAGUtilityAccount (S-1-5-21-2887156172-1520988294-1417751805-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) ABBYY FineReader 12 Corporate (HKLM-x32\...\{F12000CE-0001-0000-0000-074957833700}) (Version: 12.1.609 - ABBYY Production LLC) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{36381D51-CC5E-4698-A0CC-E939C75EC9D8}) (Version: 1.5 - Eyeo GmbH) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems) Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.10 - Adobe Systems Incorporated) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe) Adobe Shockwave Player 12.3 (HKLM-x32\...\{4487064C-F31E-4499-A1EF-9B8E809A0358}) (Version: 12.3.5.205 - Adobe, Inc) Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.) Alcatel onetouch Manager (HKLM-x32\...\{773A349F-182A-0200-0000-000000000000}) (Version: 13.09.2754 - Mobile Action) AMD Catalyst Install Manager (HKLM\...\{FE960639-C7F8-5888-3CB2-68823485A9C0}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Anki (HKLM-x32\...\Anki) (Version: - ) AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.) AOMEI Partition Assistant Standard Edition 6.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.) AOMEI PE Builder 1.4 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5566909D}_is1) (Version: - AOMEI Technology Co., Ltd.) Aspell Czech Dictionary-0.50-2 (HKLM-x32\...\Aspell Czech Dictionary_is1) (Version: - GNU) Backup and Sync from Google (HKLM\...\{3CBE1074-3A4F-4BA6-95E3-7A660B54FE33}) (Version: 3.55.3625.9414 - Google, Inc.) Balíček ovladače systému Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.) Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Driver (HKLM-x32\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version: - TCL Commumication Technology Holdings Limited) Everything 1.4.1.877 (x64) (HKLM\...\Everything) (Version: 1.4.1.877 (x64) - David Carpenter) FeedDemon (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\FeedDemon_is1) (Version: 4.5.0.0 - NewsGator Technologies, Inc.) Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden FreeFileSync 11.9 (HKLM-x32\...\FreeFileSync_is1) (Version: 11.9 - FreeFileSync.org) GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version: - GNU) Google Calendar Backup Utility (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\389f93cb6637d3c1) (Version: 1.0.0.4 - Google Calendar) GPL Ghostscript 8.63 (HKLM-x32\...\GPL Ghostscript 8.63) (Version: - ) GTD Timer (HKLM-x32\...\{4C1F2B9C-9005-441A-B39B-04C0147A0ABF}) (Version: 2012.12.11.120 - ProductivityScientific.com) HP 3D DriveGuard (HKLM\...\{04927A60-31CD-4614-A25C-055B1AD3A8CE}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP ESU for Microsoft Windows 7 (HKLM-x32\...\{48D74C03-3D33-4A7E-9D93-A59FE58C1DEA}) (Version: 2.6.1 - Hewlett-Packard Company) HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT) HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{3DFFDA17-EE5C-4C09-AB0B-29CD4A9E6C9C}) (Version: 12.10.49.21 - HP) I-Doser Premium (HKLM-x32\...\I-Doser) (Version: 5.0 - I-Doser.com) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT) JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.) LAV Filters 0.74.1 (HKLM-x32\...\laVodafoneilters_is1) (Version: 0.74.1 - Hendrik Leppkes) Macrium Reflect Free Edition (HKLM\...\{5037EDD4-FD4D-43EC-8BBA-BE93D60FCCEA}) (Version: 7.2.4524 - Paramount Software (UK) Ltd.) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 7.2 - Paramount Software (UK) Ltd.) Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2887156172-1520988294-1417751805-500\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) MiPony 2.3.2 (HKLM-x32\...\MiPony) (Version: 2.3.2 - ) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 85.0 (x64 en-US) (HKLM\...\Mozilla Firefox 85.0 (x64 en-US)) (Version: 85.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 85.0.0.7688 - Mozilla) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.8 - F.J. Wechselberger) Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden NoteBook FanControl (HKLM-x32\...\{6ccab7ac-feb0-4395-97e3-75cd6f6c407b}) (Version: 1.6.3.0 - Stefan Hirschmann - StagWare) NoteBook FanControl (HKLM-x32\...\{C027E819-C64C-443E-B6D5-755FE4A7A925}) (Version: 1.6.3.0 - Stefan Hirschmann - StagWare) Hidden Nox APP Player (HKLM-x32\...\Nox) (Version: 6.2.8.1 - Duodian Technology Co. Ltd.) PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 13.0 - PlotSoft LLC) Polski (Akcent) (HKLM\...\{E09BE865-9D80-4440-A740-B1E620ABCC7C}) (Version: 1.0.3.40 - FontyPL) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.83.328.2014 - Realtek) Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.) Sandboxie 5.49.0 (64-bit) (HKLM\...\Sandboxie) (Version: 5.49.0 - sandboxie-plus.com) Screencast-O-Matic v2.0 (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\Screencast-O-Matic v2.0) (Version: v2-1.8 - Screencast-O-Matic) Skype verze 8.66 (HKLM-x32\...\Skype_is1) (Version: 8.66 - Skype Technologies S.A.) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated) Tempus 1.6.0 (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\daf97551-8b86-5eb9-af1a-781f2e64e703) (Version: 1.6.0 - Keziah Moselle) TeraCopy version 3.26 (HKLM\...\TeraCopy_is1) (Version: 3.26 - Code Sector) Unity Web Player (HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS) Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod) Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0405-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden VdhCoApp 1.6.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) Vivaldi (HKLM-x32\...\Vivaldi) (Version: 2.11.1811.47 - Vivaldi Technologies AS.) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) wReplace 1.2 Free (HKLM-x32\...\wReplace) (Version: 1.2 Free - SharkTime.com) XiaoMiFlash (HKLM-x32\...\{17027A8C-4379-424D-9236-075003273CE3}) (Version: 1.1.4 - XiaoMi) Zen Focus 2.1.0 (only current user) (HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\c677a390-e872-5285-bff8-d982a2943b74) (Version: 2.1.0 - builtwithluv) Packages: ========= Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.180.400.0_x86__kgqvnymyfvs32 [2020-11-08] (king.com) Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-04-10] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-11] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-11] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2021-04-10] (Microsoft Studios) [MS Ad] MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-11-08] (Microsoft Corporation) [MS Ad] Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-10-04] (Twitter Inc.) WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2016-07-02] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> D:\Karol\Archive\1.Extensions\Software\Portable\x32\Audio+Video\info\MediaInfo_20.03\MediaInfo_InfoTip.dll (MediaArea.net -> MediaArea.net) CustomCLSID: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001_Classes\CLSID\{930e604a-cc01-4d06-8d7a-5a07914f3afb}\localserver32 -> "C:\Program Files\TechSmith\Camtasia 2019\CamtasiaStudio.exe" -ToastActivated => No File ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File ContextMenuHandlers1: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2016-01-20] (ABBYY Production LLC -> ABBYY Production LLC.) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google) ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed] ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed] ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd) ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd) ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2018-08-07] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2018-08-07] (VMware, Inc. -> VMware, Inc.) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google) ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed] ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-08-30] (Advanced Micro Devices, Inc.) [File not signed] ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers6: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2016-01-20] (ABBYY Production LLC -> ABBYY Production LLC.) ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed] ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group) ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Users\Karol\Desktop\TeraCopy\TeraCopyExt.dll -> No File ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ==================== Loaded Modules (Whitelisted) ============= 2020-04-05 14:45 - 2018-05-09 09:45 - 000142336 _____ () [File not signed] C:\Users\Karol\AppData\Local\JDownloader 2.0\.install4j\i4jinst.dll 2021-05-04 12:54 - 2021-05-04 12:54 - 000043520 _____ () [File not signed] C:\Users\Karol\AppData\Local\Temp\proxy_vole3513242259177334774.dll 2012-04-11 10:40 - 2012-04-11 10:40 - 000067584 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.dll 2017-04-25 01:36 - 2015-05-21 14:32 - 002403504 _____ (Aomei Technology Co., Limited -> ) [File not signed] C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll 2017-04-25 01:36 - 2015-05-21 14:32 - 000068784 _____ (Aomei Technology Co., Limited -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\AOMEI Backupper\vcomp.dll 2012-03-14 14:44 - 2012-03-14 14:44 - 000006656 _____ (Hewlett-Packard Company) [File not signed] [File is in use] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\cs\HandlersStrings.resources.dll 2021-03-31 12:39 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2021-05-04 12:55 - 2021-05-04 12:55 - 000216576 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Users\Karol\AppData\Local\JDownloader 2.0\tmp\jna\jna8151142547056323169.dll 2018-05-06 00:49 - 2017-09-27 17:30 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\Newtonsoft.Json.dll 2018-05-06 00:49 - 2018-01-26 17:08 - 000088064 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppCollect.dll 2018-05-06 00:49 - 2018-01-26 17:08 - 000200192 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppCommon.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00 SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE00 SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE00 SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001 -> DefaultScope {273ED82A-91CB-41D1-AED1-EB3976BC5C24} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?} SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src ... 02&pc=UE00 SearchScopes: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001 -> {273ED82A-91CB-41D1-AED1-EB3976BC5C24} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-2887156172-1520988294-1417751805-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxps://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1439752415659 Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-09-15 14:25 - 2019-01-09 16:32 - 000000832 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\WINDOWS\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\Chuck\AppData\Local\Microsoft\WindowsApps;C:\adb;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\NoteBook FanControl\ HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\Control Panel\Desktop\\Wallpaper -> D:\Karol\Archive\1.Extensions\Pictures\noneducation\windows\my wallpapers\w7\w7 original.jpg HKU\S-1-5-21-2887156172-1520988294-1417751805-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 193.17.47.1 - 185.43.135.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) Windows Firewall is enabled. Network Binding: ============= Ethernet 4: VMware Bridge Protocol -> vmware_bridge (disabled) Ethernet 3: VMware Bridge Protocol -> vmware_bridge (enabled) Wi-Fi 2: VMware Bridge Protocol -> vmware_bridge (enabled) Ethernet 5: VMware Bridge Protocol -> vmware_bridge (disabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "Bonus.SSR.FR12" HKU\S-1-5-21-2887156172-1520988294-1417751805-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\StartupApproved\StartupFolder: => "Odeslat do OneNote.lnk" HKU\S-1-5-21-2887156172-1520988294-1417751805-1001\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{E4E5B7BA-3805-4503-87D2-3132E6D2A58D}C:\program files\freefilesync\bin\freefilesync_x64.exe] => (Allow) C:\program files\freefilesync\bin\freefilesync_x64.exe (Florian BAUER -> FreeFileSync.org) FirewallRules: [TCP Query User{4A845E45-69D2-460E-8077-8F64267454F1}C:\program files\freefilesync\bin\freefilesync_x64.exe] => (Allow) C:\program files\freefilesync\bin\freefilesync_x64.exe (Florian BAUER -> FreeFileSync.org) FirewallRules: [{1B18EE24-2C06-4389-A621-8728598A755E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{E3C5F5D6-E1CF-4795-AA71-65869D5CABBF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{28DB69DC-CB76-4500-87BF-E513E5A60372}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{6FFE87D3-D49E-4F9E-BD2F-12D05D8ADA86}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{DFBCE3C0-69C5-4F27-9437-BCFB56D1BCB6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{04B41ED7-C243-4588-85C4-0E994E7BDAB6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7F4DEC00-723A-457D-9715-E56615B2695C}] => (Allow) C:\Program Files (x86)\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS) FirewallRules: [UDP Query User{6C325D68-4916-4008-8465-4211042665C7}D:\karol\archive\1.extensions\software\portable\x32\documents\editors\text editors\qownnotesportable\app\qownnotes\qownnotes.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\documents\editors\text editors\qownnotesportable\app\qownnotes\qownnotes.exe () [File not signed] FirewallRules: [TCP Query User{A20F3443-19FA-464E-AA3A-C3A4FBB76C47}D:\karol\archive\1.extensions\software\portable\x32\documents\editors\text editors\qownnotesportable\app\qownnotes\qownnotes.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\documents\editors\text editors\qownnotesportable\app\qownnotes\qownnotes.exe () [File not signed] FirewallRules: [UDP Query User{27812ED6-66BF-454E-AD15-F77FB3C305BC}D:\karol\project\now\topics\download\books\must organize\books\qownnotesportable\app\qownnotes\qownnotes.exe] => (Allow) D:\karol\project\now\topics\download\books\must organize\books\qownnotesportable\app\qownnotes\qownnotes.exe => No File FirewallRules: [TCP Query User{DC10A911-B724-4E5F-AFF9-41839313603C}D:\karol\project\now\topics\download\books\must organize\books\qownnotesportable\app\qownnotes\qownnotes.exe] => (Allow) D:\karol\project\now\topics\download\books\must organize\books\qownnotesportable\app\qownnotes\qownnotes.exe => No File FirewallRules: [UDP Query User{A57FB4D8-CEFE-4323-B466-1ED362B05D23}C:\users\karol\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\karol\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH) FirewallRules: [TCP Query User{6CBC343A-B32D-4D27-A2C2-B445DC9379F0}C:\users\karol\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\karol\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH) FirewallRules: [UDP Query User{67E623D5-8528-48E5-B9CD-AE26DA2CB7CB}D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe (Tixati Software Inc. -> Tixati Software Inc.) FirewallRules: [TCP Query User{24699CC1-04A2-4586-85D8-83E3F84EFF6F}D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe (Tixati Software Inc. -> Tixati Software Inc.) FirewallRules: [UDP Query User{54958B7C-7557-4697-84B8-891ACF08EB05}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File FirewallRules: [TCP Query User{7A2FA0FE-DBC9-4154-AD4A-14E565D52C61}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File FirewallRules: [UDP Query User{8B7544A2-FBF3-46B1-BBC4-F85A3049F987}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{9C381A54-BD38-4707-9A66-D27E20E38568}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{65C21616-EA67-4E69-8B72-38EE08040D32}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2C808EAA-9C68-4049-90F3-2B73FEE9989B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{AB768007-57F7-4EF1-89C4-CD6C24DA582E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{EFE4330E-6A08-4B94-993D-2F67870CBDB6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{89491690-4B23-44A3-AF35-3C2D443A2048}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger) FirewallRules: [TCP Query User{FAAE1722-9134-4B17-9AB7-D254CC7C32CB}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger) FirewallRules: [UDP Query User{3818F6ED-4C81-4908-B727-F7071A9E8361}D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe => No File FirewallRules: [TCP Query User{D02DD2EF-3E80-42BC-9538-69EDF73EFBAD}D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe => No File FirewallRules: [{F59B8B16-EA7C-4B1C-80FC-F0BB5D7239A2}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe => No File FirewallRules: [{10F4E470-356D-43E2-B8D7-0CFB3C53C4F1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe => No File FirewallRules: [{F303C763-78E7-42E0-8B0A-0BA41BF8E80A}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [{1A027C43-B62B-4969-A6DC-D00355C0416B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.) FirewallRules: [TCP Query User{4A05A816-D0A7-48B4-B6FE-289F1E4B4F1D}D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe => No File FirewallRules: [UDP Query User{960A5B42-93A4-4471-9FC7-75D4A1890D36}D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe] => (Allow) D:\karol\archive\1. extensions\software\portable\x32\audio\player-recorders\tapinradioportable 2.10\app\programfiles64\tapinradio.exe => No File FirewallRules: [TCP Query User{78400E23-FE93-4B87-B1BF-B216E5B9D867}D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe => No File FirewallRules: [UDP Query User{F6717485-41CA-49F9-909F-3DD4008F491C}D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe] => (Allow) D:\karol\project\later\topics\download\download\qbittorrentportable\app\qbittorrent\qbittorrent.exe => No File FirewallRules: [{C003F9D7-46D5-4620-B8D0-EA49F30B01FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{31AA79F8-C91F-4D9D-8600-74FFF9533DAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{11B7DD5C-8429-462A-A840-76ABDA17496D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File FirewallRules: [UDP Query User{543D5401-8678-409B-A2AD-734E7390AE24}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File FirewallRules: [{B62F5544-D1D4-4248-812D-38A79BA37B42}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File FirewallRules: [{313580C3-6999-4612-B419-4C42088889AA}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File FirewallRules: [TCP Query User{E464F73B-75D6-4D10-9EE8-0F9BA808C812}D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe (Tixati Software Inc. -> Tixati Software Inc.) FirewallRules: [UDP Query User{DF5EE57A-7663-486A-9C48-223AF1AA996B}D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\downloaders\tixati-2.25-1.portable\tixati_portable\tixati_windows32bit.exe (Tixati Software Inc. -> Tixati Software Inc.) FirewallRules: [TCP Query User{EAAE6AE0-3AAC-452D-9E19-62B4A95A8E50}D:\karol\archive\1.extensions\software\portable\x32\rss\opml\opml\opml.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\rss\opml\opml\opml.exe (Scripting News, Inc) [File not signed] FirewallRules: [UDP Query User{4ED501D0-A4B7-4C05-9A67-CC5E9A2B6CD1}D:\karol\archive\1.extensions\software\portable\x32\rss\opml\opml\opml.exe] => (Allow) D:\karol\archive\1.extensions\software\portable\x32\rss\opml\opml\opml.exe (Scripting News, Inc) [File not signed] FirewallRules: [TCP Query User{FE1E3327-D1CB-4F53-8361-4FC91A72CF96}C:\users\karol\desktop\rss\editor\opml\opml.exe] => (Allow) C:\users\karol\desktop\rss\editor\opml\opml.exe => No File FirewallRules: [UDP Query User{DC834467-23B4-40DE-89CF-7A9E7724C84B}C:\users\karol\desktop\rss\editor\opml\opml.exe] => (Allow) C:\users\karol\desktop\rss\editor\opml\opml.exe => No File FirewallRules: [{B68FC80D-B466-4F33-A222-C7BE4DF964D6}] => (Allow) C:\Program Files\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.) FirewallRules: [{A7E785DE-5682-41F6-9EC4-A5E3938432BD}] => (Allow) C:\Program Files (x86)\\Bignox\\BigNoxVM\\RT\NoxVMHandle.exe (Nox Limited -> BigNox Corporation) FirewallRules: [TCP Query User{DB0B30E2-359A-44CE-91F5-E9A681DDE53D}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe => No File FirewallRules: [UDP Query User{A87C368B-EF03-4CCF-A3AA-3882B528498C}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe => No File FirewallRules: [TCP Query User{C5AE4DA6-621D-400D-89A8-12A0EB1E525B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{2C5BAF74-347E-4989-B1BC-B80CDB4FAEC4}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (05/03/2021 03:49:16 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen. . To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli. Operace: Shromažďování dat modulu pro zápis Kontext: ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a} Název modulu pro zápis: MSMQ Writer (MSMQ) Název instance zapisovače: MSMQ Writer (MSMQ) ID instance modulu pro zápis: {54656d95-eca2-476b-b64e-babf32f95ac3} Error: (05/03/2021 03:49:15 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen. . To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli. Operace: Shromažďování dat modulu pro zápis Kontext: ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220} Název modulu pro zápis: System Writer ID instance modulu pro zápis: {d2f94383-f3a7-47a1-af34-75de1e866306} Error: (05/02/2021 08:40:18 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen. . To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli. Operace: Shromažďování dat modulu pro zápis Kontext: ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a} Název modulu pro zápis: MSMQ Writer (MSMQ) Název instance zapisovače: MSMQ Writer (MSMQ) ID instance modulu pro zápis: {54656d95-eca2-476b-b64e-babf32f95ac3} Error: (05/02/2021 08:40:18 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen. . To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli. Operace: Shromažďování dat modulu pro zápis Kontext: ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220} Název modulu pro zápis: System Writer ID instance modulu pro zápis: {d2f94383-f3a7-47a1-af34-75de1e866306} Error: (05/01/2021 09:00:04 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen. . To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli. Operace: Shromažďování dat modulu pro zápis Kontext: ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220} Název modulu pro zápis: System Writer ID instance modulu pro zápis: {d2f94383-f3a7-47a1-af34-75de1e866306} Error: (05/01/2021 09:00:04 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen. . To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli. Operace: Shromažďování dat modulu pro zápis Kontext: ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a} Název modulu pro zápis: MSMQ Writer (MSMQ) Název instance zapisovače: MSMQ Writer (MSMQ) ID instance modulu pro zápis: {54656d95-eca2-476b-b64e-babf32f95ac3} Error: (05/01/2021 12:29:56 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY) Description: Přístup k datům o výkonu byl odepřen pro uživatele SYSTEM (hodnota z GetUsera() pro běžící vlákno), když došlo k příslušnému pokusu z modulu C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (hodnota z GetModuleFileName() pro binární soubor, který vystavil dotaz). Error: (04/30/2021 08:53:14 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen. . To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli. Operace: Shromažďování dat modulu pro zápis Kontext: ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a} Název modulu pro zápis: MSMQ Writer (MSMQ) Název instance zapisovače: MSMQ Writer (MSMQ) ID instance modulu pro zápis: {41cc83d6-46af-446c-862a-d0f47de53b1c} System errors: ============= Error: (05/04/2021 01:02:06 PM) (Source: DCOM) (EventID: 10001) (User: HP) Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca jako Není k dispozici/Není k dispozici. Došlo k chybě: 2147942667 při provádění příkazu: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca Error: (05/04/2021 11:56:30 AM) (Source: DCOM) (EventID: 10001) (User: HP) Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě: 2147942667 při provádění příkazu: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca Error: (05/04/2021 11:56:30 AM) (Source: DCOM) (EventID: 10001) (User: HP) Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca jako Není k dispozici/Není k dispozici. Došlo k chybě: 2147942667 při provádění příkazu: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca Error: (05/04/2021 01:02:05 AM) (Source: DCOM) (EventID: 10001) (User: HP) Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca jako Není k dispozici/Není k dispozici. Došlo k chybě: 2147942667 při provádění příkazu: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca Error: (05/04/2021 12:59:23 AM) (Source: DCOM) (EventID: 10001) (User: HP) Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě: 2147942667 při provádění příkazu: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca Error: (05/03/2021 11:20:10 PM) (Source: DCOM) (EventID: 10001) (User: HP) Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě: 2147942667 při provádění příkazu: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca Error: (05/03/2021 10:11:43 PM) (Source: DCOM) (EventID: 10001) (User: HP) Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca jako Není k dispozici/Není k dispozici. Došlo k chybě: 2147942667 při provádění příkazu: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca Error: (05/03/2021 10:11:43 PM) (Source: DCOM) (EventID: 10001) (User: HP) Description: Nelze spustit server DCOM: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca jako Není k dispozici/Není k dispozici. Došlo k chybě: 2147942667 při provádění příkazu: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca Windows Defender: ================ Date: 2021-05-02 12:13:31 Description: Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením. ID prohledávání: {3AA02220-547F-4598-8C68-FF892A342137} Typ prohledávání: Antimalwarový program Parametry prohledávání: Rychlé prohledávání Uživatel: HP\Karol Date: 2021-05-02 11:47:18 Description: Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software. Další informace: https://go.microsoft.com/fwlink/?linkid ... terprise=0 Název: Trojan:Win32/Tiggre!plock Závažnost: Vážné Kategorie: Trojský kůň Cesta: containerfile:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar; file:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar->xplorer2.Pro.Ult.4.4.0.1.KaranPC\X24LG.1.1.zip->LicGen.exe; webfile:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar|http://51.15.165.169/karanpc.com/cloud/ ... 4205517669 Původ detekce: Internet Typ detekce: Konkrétní Zdroj detekce: Soubory ke stažení a přílohy Uživatel: HP\Karol Název procesu: Unknown Verze bezpečnostních informací: AV: 1.337.336.0, AS: 1.337.336.0, NIS: 1.337.336.0 Verze modulu: AM: 1.1.18100.5, NIS: 1.1.18100.5 Date: 2021-05-02 20:44:04 Description: Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací. Nová verze bezpečnostních informací: Předchozí verze bezpečnostních informací: 1.337.336.0 Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem Typ bezpečnostních informací: Antivirový program Typ aktualizace: Úplné Uživatel: NT AUTHORITY\NETWORK SERVICE Aktuální verze modulu: Předchozí verze modulu: 1.1.18100.5 Kód chyby: 0x80070102 Popis chyby: Vypršel časový limit operace čekání. Date: 2021-04-30 20:56:51 Description: Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací. Nová verze bezpečnostních informací: Předchozí verze bezpečnostních informací: 1.337.186.0 Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem Typ bezpečnostních informací: Antivirový program Typ aktualizace: Úplné Uživatel: NT AUTHORITY\NETWORK SERVICE Aktuální verze modulu: Předchozí verze modulu: 1.1.18100.5 Kód chyby: 0x80070102 Popis chyby: Vypršel časový limit operace čekání. Date: 2021-04-26 21:38:48 Description: Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací. Nová verze bezpečnostních informací: Předchozí verze bezpečnostních informací: 1.335.1700.0 Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem Typ bezpečnostních informací: Antivirový program Typ aktualizace: Úplné Uživatel: NT AUTHORITY\NETWORK SERVICE Aktuální verze modulu: Předchozí verze modulu: 1.1.18000.5 Kód chyby: 0x80070102 Popis chyby: Vypršel časový limit operace čekání. Date: 2021-04-22 20:39:29 Description: Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací. Nová verze bezpečnostních informací: Předchozí verze bezpečnostních informací: 1.335.1334.0 Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem Typ bezpečnostních informací: Antivirový program Typ aktualizace: Úplné Uživatel: NT AUTHORITY\NETWORK SERVICE Aktuální verze modulu: Předchozí verze modulu: 1.1.18000.5 Kód chyby: 0x80072f78 Popis chyby: Server vrátil neplatnou nebo nerozpoznatelnou odezvu. Date: 2021-04-22 20:39:29 Description: Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací. Nová verze bezpečnostních informací: Předchozí verze bezpečnostních informací: 1.335.1334.0 Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem Typ bezpečnostních informací: Antispywarový program Typ aktualizace: Úplné Uživatel: NT AUTHORITY\NETWORK SERVICE Aktuální verze modulu: Předchozí verze modulu: 1.1.18000.5 Kód chyby: 0x80072f78 Popis chyby: Server vrátil neplatnou nebo nerozpoznatelnou odezvu. ==================== Memory info =========================== BIOS: Hewlett-Packard 68CPC Ver. F.40 03/11/2013 Motherboard: Hewlett-Packard 168B Processor: AMD A6-3420M APU with Radeon(tm) HD Graphics Percentage of memory in use: 84% Total physical RAM: 3552.11 MB Available physical RAM: 554.19 MB Total Virtual: 7136.11 MB Available Virtual: 1654.96 MB ==================== Drives ================================ Drive 😄 (WINDOWS+APPS) (Fixed) (Total:151.03 GB) (Free:47.75 GB) NTFS Drive d: (MY DATA) (Fixed) (Total:424.7 GB) (Free:23.2 GB) NTFS Drive e: (HP_RECOVERY) (Fixed) (Total:15.15 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (HP_TOOLS) (Fixed) (Total:4.99 GB) (Free:4.98 GB) FAT32 \\?\Volume{27ffcf37-4440-11e5-a4d0-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: E920C45C) Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=575.7 GB) - (Type=0F Extended) Partition 3: (Not Active) - (Size=15.1 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=5 GB) - (Type=0C) ==================== End of Addition.txt ======================= Citovat Odkaz ke komentáři https://www.techforum.cz/topic/59893-vodafone-mi-ozn%C3%A1mil-%C5%BEe-jsem-v-botnetu/#findComment-444139 Sdílet na ostatní stránky More sharing options...
Marek-26 Odesláno 5. května 2021 Sdílet Odesláno 5. května 2021 Uff, tam toho je. Dám to dohromady zítra s čistou hlavou, něco málo odpovím rovnou do SZ. @freekarol Koukám, že stále řešíš s Rudym, nechám tě v jeho rukách, ať se v tom nepřekrýváme. Už to dle diskuze na viry.cz je pročištěné 🙂 https://forum.viry.cz/viewtopic.php?f=13&t=158059&p=1541490 Citovat Super Premium 5G 18+ Vodafone Station WiFi 6 Brüx Odkaz ke komentáři https://www.techforum.cz/topic/59893-vodafone-mi-ozn%C3%A1mil-%C5%BEe-jsem-v-botnetu/#findComment-444162 Sdílet na ostatní stránky More sharing options...
Návštěvník freekarol Odesláno 6. května 2021 Sdílet Odesláno 6. května 2021 Jo, jo, Rudy se mi podíval na notebook, pročistil a teď zbývá ještě počítač. Tak doufám, že pak už to Vodafonu nebude stále hlásit, že jsem něčím infikovaný. Citovat Odkaz ke komentáři https://www.techforum.cz/topic/59893-vodafone-mi-ozn%C3%A1mil-%C5%BEe-jsem-v-botnetu/#findComment-444182 Sdílet na ostatní stránky More sharing options...
beepee Odesláno 6. května 2021 Sdílet Odesláno 6. května 2021 před 16 hodinami, freekarol napsal: Date: 2021-05-02 11:47:18 Description: Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software. Další informace: https://go.microsoft.com/fwlink/?linkid ... terprise=0 Název: Trojan:Win32/Tiggre!plock Závažnost: Vážné Kategorie: Trojský kůň Cesta: containerfile:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar; file:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar->xplorer2.Pro.Ult.4.4.0.1.KaranPC\X24LG.1.1.zip->LicGen.exe; webfile:_D:\Karol\Project\doing\downloaded\books\xplorer2.Pro.Ult.4.4.0.1.rar|http://51.15.165.169/karanpc.com/cloud/ ... 4205517669 Původ detekce: Internet Typ detekce: Konkrétní Zdroj detekce: Soubory ke stažení a přílohy Uživatel: HP\Karol Název procesu: Unknown Verze bezpečnostních informací: AV: 1.337.336.0, AS: 1.337.336.0, NIS: 1.337.336.0 Verze modulu: AM: 1.1.18100.5, NIS: 1.1.18100.5 Žádná infekce? Citovat 500 Mb/s - Komfort Modem Compal (černý), CA modul Ústí nad Labem Odkaz ke komentáři https://www.techforum.cz/topic/59893-vodafone-mi-ozn%C3%A1mil-%C5%BEe-jsem-v-botnetu/#findComment-444185 Sdílet na ostatní stránky More sharing options...
Návštěvník freekarol Odesláno 6. května 2021 Sdílet Odesláno 6. května 2021 Podle všeho ne. Nějaká preventivní varování jako třeba na MiPony, což je správce stahování, ale už hodně stará verze nepoužívaná, takže jsem to smazal. Nová verze by snad mohla mít v sobě nějaké pup. Nebo na stažený RAR soubor, neotevřený, protože virustotal oznámil možné riziko a Windows Defender ho stejně hodil do karantény. Uvidím jak na tom bude druhý počítač. Citovat Odkaz ke komentáři https://www.techforum.cz/topic/59893-vodafone-mi-ozn%C3%A1mil-%C5%BEe-jsem-v-botnetu/#findComment-444189 Sdílet na ostatní stránky More sharing options...
Návštěvník Pagan Odesláno 7. května 2021 Sdílet Odesláno 7. května 2021 Z mojí zkušenosti jsou často napadené AndroidTV boxy, starší routery a zařízení mikrotik. Jestli máte něco z tohohle na síti tak by nebylo na škodu zarybařit wiresharkem a odchytat si od čeho to chodí Citovat Odkaz ke komentáři https://www.techforum.cz/topic/59893-vodafone-mi-ozn%C3%A1mil-%C5%BEe-jsem-v-botnetu/#findComment-444272 Sdílet na ostatní stránky More sharing options...
Návštěvník freekarol Odesláno 8. května 2021 Sdílet Odesláno 8. května 2021 Vlastní router nemám, takže na vině buďto laptop, počítač a nebo mobily. Jelikož ale ani na jednom zařízení se už nějakou dobu nic neinstalovalo (protože potřebný software už tam je), tak by to musely udělat aktualizace OS a programů, aplikací. V každém případě, si pro jistotu budu radši monitorovat, kam se co připojuje a pak už bude snazší dohledat, jaké zařízení dělá problémy. Technikovi stačilo poslat odkaz na forum viry,cz viz odkaz výše s tím, že pro mě nastaví výjimku, aby ke zablokování portů nedošlo. Citovat Odkaz ke komentáři https://www.techforum.cz/topic/59893-vodafone-mi-ozn%C3%A1mil-%C5%BEe-jsem-v-botnetu/#findComment-444305 Sdílet na ostatní stránky More sharing options...
Doporučené příspěvky
Přidat se ke konverzaci
Přispívat můžete okamžitě a zaregistrovat se později. Pokud máte účet, přihlaste se a přispívejte pod Vaším účtem.
Poznámka: Váš příspěvek vyžaduje před zobrazením schválení moderátorem.