Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Dvakrát ukradený účet Steam

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Kaatcha
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 22 črc 2019 10:30

Dvakrát ukradený účet Steam

#1 Příspěvek od Kaatcha »

Zdravím,

letos podruhé mi někdo ukradl účet na Steamu, potřebuji pomoc s tím, jak se to stalo, moc už na compu nehraju, nejsem si jistá, kdy k tomu došlo, naposledy jsem hrála asi v květnu.
Stáhla jsem si malwarebytes a malwerbytes adw cleaner a projela je, aktuální FRST níže.

Předem děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by Katka (administrator) on LAPTOP-ILMEP1E6 (HP HP Pavilion Notebook) (22-07-2019 11:20:47)
Running from C:\Users\Katka\Downloads
Loaded Profiles: Katka (Available Profiles: defaultuser0 & Katka)
Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\Vpn.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Express Vpn LLC -> ) C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVPN.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpnNotificationService.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(GOG Sp. z o.o. -> GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Iain Patterson) [File not signed] C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126176.inf_amd64_694219dc1ebc939c\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126176.inf_amd64_694219dc1ebc939c\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126176.inf_amd64_694219dc1ebc939c\IntelCpHDCPSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(pdfforge GmbH -> © pdfforge GmbH.) C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [701984 2017-07-13] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324600 2017-04-25] (HP Inc. -> HP)
HKLM-x32\...\Run: [ExpressVpnNotificationService] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpnNotificationService.exe [773248 2019-03-21] (Express Vpn LLC -> ExpressVPN)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-14] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22695280 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [7592008 2019-03-14] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVPN.exe [799872 2019-03-21] (Express Vpn LLC -> ExpressVPN)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-22] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2017-12-22]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-06-13]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08442C7B-4ADB-449C-96F5-63E671344E23} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {09DD0D33-6133-44A6-B26E-D3513B44C17A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0CB27EDF-2273-4BAF-AE7A-31B2018A2B40} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113616 2019-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {0CF74098-61EC-486C-BE08-90B4DA636F74} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113616 2019-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {0F2B0386-F1AF-4669-9CB3-D3A17B937870} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {11AC67F5-2381-4941-8D3B-C0401367165E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-05] (HP Inc. -> HP Inc.)
Task: {12D4BFBB-330D-4BB8-9963-7FFEFD3D6D3D} - System32\Tasks\{E6FA35FB-C726-4A62-A64B-0B983B2DEC6A} => C:\windows\system32\pcalua.exe -a D:\Hry\Anno\Anno4.exe -d D:\Hry\Anno
Task: {12F6025D-B4DE-4DB5-A586-AA1B66B601E5} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {132A6084-C34E-4CE3-880B-1947C0C97E74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {164046F5-AF05-4664-98DE-7690966AEB9F} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1356008 2016-01-21] (Hewlett-Packard Company -> HP Development Company, L.P.)
Task: {193AB150-7CD3-4ED4-BD08-787B47FEADA1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1AA6A51D-5716-4E1A-96CE-8E54588D6525} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-09-22] () [File not signed]
Task: {1EB5F7DC-CF1D-426F-ABC7-E41956923099} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {21442B86-A133-4F66-AD77-FDAEA1083381} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-07-22] (AVAST Software s.r.o. -> AVAST Software)
Task: {2D4C6965-AB05-4EB4-89A3-5C3A83C166F4} - System32\Tasks\Avast Driver Updater Startup => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe [30497576 2018-12-13] (Avast Software s.r.o. -> AVAST Software)
Task: {34167FEA-4790-4BE2-802B-7507E9394EBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-05] (HP Inc. -> HP Inc.)
Task: {34ED2C15-5DB6-457A-B9E7-8B5E6D318561} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3B056D74-BDFE-4412-B429-319C2AC6B921} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\HP\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [29184 2016-08-29] (HP Inc.) [File not signed]
Task: {3D25901D-ACB8-4360-8ADB-4A03FE5862A5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.)
Task: {52DA02D5-E647-4D25-AF92-666987529714} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [237432 2019-04-29] (HP Inc. -> HP Inc.)
Task: {53DFAC32-7EEF-4598-81B1-9053D97DFFC0} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-08-31] (Dropbox, Inc -> )
Task: {6B066064-63C9-480A-BB48-0000D6CB9CF7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
Task: {6E86D434-90B6-4CD7-80C5-76B302889961} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [1392008 2019-07-22] (AVAST Software s.r.o. -> AVAST Software)
Task: {7474F262-A818-4333-838A-6AA9E1BAEBA5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448512 2019-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {79AF99D1-7079-47C3-BD1F-430763C4A222} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {7A1B6AEB-93E6-4B1A-BD6C-D06845770AEF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-13] (Adobe Inc. -> Adobe)
Task: {7F3D96E7-976D-40A0-9D1F-B6FF8432D018} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16667424 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7FE8922C-ABF5-4366-AB5C-4851DCF1F4E8} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-07-28] (HP Inc. -> )
Task: {8005BECA-9F04-42F0-8029-1ACE2C3DB226} - System32\Tasks\HPCeeScheduleForKatka => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99392 2016-05-12] (Hewlett-Packard Company -> HP Development Company, L.P.)
Task: {82D0C186-27A6-4C4E-946F-251406A1B621} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-04] (Google Inc -> Google Inc.)
Task: {8332FEF1-CDF8-407A-BAF1-6BCE017BF846} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8A9C61A9-D33C-4D56-B963-B168294F1810} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8D231062-3781-4187-8A0B-22F9F70C4A8D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {904202B6-6BA7-4473-BD40-04C642ACA801} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {999E6C24-D546-45DB-85E4-A914EF8619CE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {9E83FB29-00EE-4DB3-9BC6-AF2135241508} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {A467A2BF-0BCE-4B98-89B1-5747723A5975} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {AAABE4CC-BBC3-4F93-97A0-0FB59A0F719A} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1657880 2016-10-04] (HP Inc. -> HP Inc.)
Task: {AAEEAEA7-55A6-4A3B-8FA4-902CCEE4E3D6} - System32\Tasks\{A8C42E80-3BFB-4D5A-B765-E5B1504DB54C} => C:\windows\system32\pcalua.exe -a D:\Hry\Anno4.exe -d D:\Hry
Task: {AF73A7D4-84F0-45FA-B960-CCAB90373FDB} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B2B7C191-B44A-464F-933C-86A6C7C02BDC} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C32318D8-38A9-4D1F-BA68-0BCF7AE36C7D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {C8B4931B-3A18-472B-84F3-797923EA1351} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {D8D43D6F-D767-4DF2-AECB-DE69B0DC08C5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728752 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DECE7FC7-17C9-45FF-BA69-3FDE9963DBC5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448512 2019-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {DEE5E70A-D8DC-4108-82A6-288CF4253944} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648048 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E1575D0A-B35E-4EAF-9AA4-AFC9F339B2EA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2281944 2019-06-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {E981844E-846B-4B79-BAC1-241BF16397F6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-13] (Adobe Inc. -> Adobe)
Task: {F5B6D126-A4E6-49CD-AFD2-119F83F25DE5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F8B9DBD5-F9FC-41CD-B832-421525C1275B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-04] (Google Inc -> Google Inc.)
Task: {FE9F30EC-D9DA-4502-82F2-F121BD0D3180} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Driver Updater Startup.job => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForKatka.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{341d9250-66fa-4247-af55-71a5eb330741}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{566ebe3f-c46e-4c6b-847c-54e80ebbeed4}: [DhcpNameServer] 40.23.1.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HCTE
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HCTE
SearchScopes: HKLM -> {04B0B942-68B9-48EB-9999-E3C1BE93B2D6} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {04B0B942-68B9-48EB-9999-E3C1BE93B2D6} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-2072171445-3948342329-90923121-1001 -> {04B0B942-68B9-48EB-9999-E3C1BE93B2D6} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-2072171445-3948342329-90923121-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180527__yaie&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-29] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-10-12] (HP Inc. -> HP Inc.)
BHO-x32: PDF Architect 5 Helper -> {AEA429F3-D2D4-4BD7-A03E-5357DA017733} -> C:\Program Files (x86)\PDF Architect 5\creator\plugins\IEAddin\creator-ie-helper.dll [2017-11-29] (pdfforge GmbH -> pdfforge GmbH)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-10-12] (HP Inc. -> HP Inc.)
Toolbar: HKLM-x32 - PDF Architect 5 Toolbar - {84F23192-A475-4038-B5C0-8584777F2DF4} - C:\Program Files (x86)\PDF Architect 5\creator\plugins\IEAddin\creator-ie-plugin.dll [2017-11-29] (pdfforge GmbH -> pdfforge GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-13] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 5 -> C:\Program Files (x86)\PDF Architect 5\np-previewer.dll [2017-11-29] (pdfforge GmbH -> pdfforge GmbH)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR DefaultSearchURL: Default -> hxxp://private.searchplanet.online/search/?category=web&s=59pr&q={searchTerms}
CHR DefaultSearchKeyword: Default -> TheSafe Search
CHR DefaultSuggestURL: Default -> hxxp://sug.searchplanet.online/search/index_sg.php?q={searchTerms}
CHR Profile: C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default [2019-07-22]
CHR Extension: (Prezentace) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Dokumenty) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Disk Google) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (IBM Security Rapport) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-07-22]
CHR Extension: (YouTube) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-15]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-06-05]
CHR Extension: (Hudba Google Play) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-10-06]
CHR Extension: (Tabulky) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (Avast Online Security) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-22]
CHR Extension: (TheSafe Search) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\himbhnomjioebmhjcglcehjabdcfjknh [2019-07-22]
CHR Extension: (Gaco) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnkifijeoijjinpjckmlgedfhpeflakd [2018-07-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (MyTopMovies New Tab) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\odnihbmlbfmfjpgdbbmhdieojmdemnha [2019-07-22]
CHR Extension: (Gmail) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-07]
CHR HKU\S-1-5-21-2072171445-3948342329-90923121-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [423288 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10285680 2019-07-22] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11413600 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-04] (Dropbox, Inc -> Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-04] (Dropbox, Inc -> Dropbox, Inc.)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd -> Disc Soft Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-09-19] (Intel Corporation - pGFX -> Intel Corporation)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [368640 2019-03-21] (Iain Patterson) [File not signed]
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [791112 2019-03-14] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2019-03-14] (GOG Sp. z o.o. -> GOG.com)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [356728 2019-06-12] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 ibtsiva; C:\WINDOWS\System32\ibtsiva.exe [529912 2018-12-21] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [758552 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [719640 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S4 PDF Architect 5; C:\Program Files\PDF Architect 5\ws.exe [2832560 2017-11-29] (pdfforge GmbH -> pdfforge GmbH)
S4 PDF Architect 5 Creator; C:\Program Files\PDF Architect 5\creator\common\creator-ws.exe [874680 2017-11-29] (pdfforge GmbH -> pdfforge GmbH)
R2 PDF Architect 5 Manager; C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [1250592 2018-10-05] (pdfforge GmbH -> © pdfforge GmbH.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5274560 2019-04-15] (IBM -> IBM Corp.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink Corp. -> CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [7343496 2019-07-22] (AVAST Software s.r.o. -> AVAST Software)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [55696 2018-08-31] (HP Inc. -> HP)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [209256 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [263224 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [206056 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61688 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-05] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42504 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [169112 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [549416 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88160 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030992 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477288 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225816 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-10-07] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [387392 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [314016 2017-10-05] (Tages SA -> )
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-09-19] (Intel Corporation -> Intel Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-10-07] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-10-07] (Disc Soft Ltd -> Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-09-19] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [28160 2019-03-21] (ExprsVPN LLC -> )
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [42384 2018-08-31] (HP Inc. -> HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43680 2017-10-05] (Tages SA -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-07-22] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8723648 2018-10-12] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 NVHDA; C:\WINDOWS\system32\drivers\nvhda64v.sys [218968 2018-09-19] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_da7d9a362931e747\nvlddmkm.sys [20177280 2018-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-03-28] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [503000 2019-04-15] (IBM -> IBM Corp.)
R1 RapportCerberus_1930415; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930415.sys [1659544 2019-04-03] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [727000 2019-04-15] (IBM -> IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [463408 2019-04-15] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [610648 2019-04-15] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [766616 2019-04-15] (IBM -> IBM Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [947712 2017-02-15] (Realtek Semiconductor Corp. -> Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [779232 2016-08-22] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2019-07-22] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45024 2019-02-12] (ExprsVPN LLC -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2019-05-16] (HP Inc. -> HP)
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-22 11:20 - 2019-07-22 11:21 - 000044956 _____ C:\Users\Katka\Downloads\FRST.txt
2019-07-22 11:19 - 2019-07-22 11:20 - 000000000 ____D C:\FRST
2019-07-22 11:18 - 2019-07-22 11:18 - 002095104 _____ (Farbar) C:\Users\Katka\Downloads\FRST64.exe
2019-07-22 11:00 - 2019-07-22 11:00 - 000002330 _____ C:\Users\Katka\Desktop\AdwCleaner[C00].txt
2019-07-22 10:59 - 2019-07-22 10:59 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-07-22 10:59 - 2019-07-22 10:59 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-07-22 10:59 - 2019-07-22 10:59 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-07-22 10:59 - 2019-07-22 10:59 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-07-22 10:58 - 2019-07-22 10:59 - 000388016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-22 10:57 - 2019-07-22 10:58 - 000000000 ____D C:\AdwCleaner
2019-07-22 10:57 - 2019-07-22 10:57 - 007025360 _____ (Malwarebytes) C:\Users\Katka\Downloads\adwcleaner_7.3.exe
2019-07-22 10:48 - 2019-07-22 10:48 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-07-22 10:48 - 2019-07-22 10:48 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-22 10:48 - 2019-07-22 10:48 - 000000000 ____D C:\Users\Katka\AppData\Local\mbamtray
2019-07-22 10:48 - 2019-07-22 10:48 - 000000000 ____D C:\Users\Katka\AppData\Local\mbam
2019-07-22 10:48 - 2019-07-22 10:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-22 10:48 - 2019-07-22 10:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-22 10:48 - 2019-07-22 10:48 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-22 10:48 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-07-22 10:48 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-07-22 10:46 - 2019-07-22 10:47 - 064688416 _____ (Malwarebytes ) C:\Users\Katka\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11654.exe
2019-07-09 19:45 - 2019-07-04 11:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-09 19:45 - 2019-07-04 11:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-09 19:45 - 2019-07-04 11:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-09 19:45 - 2019-07-04 11:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-07-09 19:45 - 2019-07-04 11:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-09 19:45 - 2019-07-04 11:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-09 19:45 - 2019-07-04 11:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-09 19:45 - 2019-07-04 11:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-09 19:45 - 2019-07-04 11:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-09 19:45 - 2019-07-04 11:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-09 19:45 - 2019-07-04 11:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-09 19:45 - 2019-07-04 11:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-09 19:45 - 2019-07-04 10:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-09 19:45 - 2019-07-04 10:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-09 19:45 - 2019-07-04 10:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-09 19:45 - 2019-07-04 10:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-09 19:45 - 2019-07-04 10:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-09 19:45 - 2019-07-04 10:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-09 19:45 - 2019-07-04 07:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-09 19:45 - 2019-07-04 06:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-09 19:45 - 2019-07-04 06:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-09 19:45 - 2019-07-04 06:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-09 19:45 - 2019-07-04 06:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-09 19:45 - 2019-07-04 06:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-09 19:45 - 2019-07-04 06:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-09 19:45 - 2019-07-04 06:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-09 19:45 - 2019-07-04 06:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-09 19:45 - 2019-07-04 06:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-09 19:45 - 2019-07-04 06:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-09 19:45 - 2019-07-04 06:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-09 19:45 - 2019-07-04 06:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-09 19:45 - 2019-07-04 06:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-09 19:45 - 2019-07-04 06:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-09 19:45 - 2019-07-04 06:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-07-09 19:45 - 2019-07-04 06:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-07-09 19:45 - 2019-07-04 06:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-09 19:45 - 2019-07-04 06:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-09 19:45 - 2019-07-04 06:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-09 19:45 - 2019-07-04 06:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-09 19:45 - 2019-07-04 06:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-09 19:45 - 2019-07-04 06:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-09 19:45 - 2019-07-04 06:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-09 19:45 - 2019-07-04 06:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-09 19:45 - 2019-07-04 06:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-09 19:45 - 2019-07-04 06:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-09 19:45 - 2019-07-04 06:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-09 19:45 - 2019-07-04 06:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-09 19:45 - 2019-07-04 06:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-09 19:45 - 2019-07-04 06:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-07-09 19:45 - 2019-07-04 06:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-09 19:45 - 2019-07-04 06:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-09 19:45 - 2019-07-04 06:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-09 19:45 - 2019-07-04 06:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-09 19:45 - 2019-07-04 06:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-09 19:45 - 2019-07-04 06:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-09 19:45 - 2019-07-04 06:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-09 19:45 - 2019-07-04 06:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-09 19:45 - 2019-07-04 06:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-09 19:45 - 2019-07-04 06:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-09 19:45 - 2019-07-04 06:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-09 19:45 - 2019-07-04 06:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-09 19:45 - 2019-07-04 06:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-09 19:45 - 2019-07-04 06:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-09 19:45 - 2019-07-04 06:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-09 19:45 - 2019-07-04 06:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-07-09 19:45 - 2019-07-04 06:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-09 19:45 - 2019-07-04 06:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-09 19:45 - 2019-07-04 06:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-09 19:45 - 2019-07-04 06:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-09 19:45 - 2019-07-04 06:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-09 19:45 - 2019-07-04 06:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-09 19:45 - 2019-07-04 06:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-09 19:45 - 2019-07-04 06:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-09 19:45 - 2019-07-04 06:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-09 19:45 - 2019-07-04 06:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-09 19:45 - 2019-07-04 06:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-09 19:45 - 2019-07-04 06:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-09 19:45 - 2019-07-04 06:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-09 19:45 - 2019-07-04 06:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-09 19:45 - 2019-07-04 06:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-09 19:45 - 2019-07-04 06:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-09 19:45 - 2019-07-04 06:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-09 19:45 - 2019-07-04 06:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-09 19:45 - 2019-07-04 06:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-09 19:45 - 2019-07-04 06:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-07-09 19:45 - 2019-07-04 06:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-09 19:45 - 2019-07-04 06:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-07-09 19:45 - 2019-07-04 06:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-09 19:45 - 2019-07-04 06:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-09 19:45 - 2019-07-04 06:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-09 19:45 - 2019-07-04 06:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-09 19:45 - 2019-07-04 06:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-09 19:45 - 2019-07-04 06:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-09 19:45 - 2019-07-04 06:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-09 19:45 - 2019-07-04 06:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-09 19:45 - 2019-07-04 06:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-09 19:45 - 2019-07-04 06:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-09 19:45 - 2019-07-04 06:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-09 19:45 - 2019-07-04 06:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-09 19:45 - 2019-07-04 06:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-09 19:45 - 2019-07-04 06:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-09 19:45 - 2019-07-04 06:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-09 19:45 - 2019-07-04 06:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-09 19:45 - 2019-07-04 06:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-09 19:45 - 2019-07-04 06:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-09 19:45 - 2019-07-04 06:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-09 19:45 - 2019-07-04 05:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-07-09 19:45 - 2019-06-21 10:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-09 19:45 - 2019-06-13 14:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-09 19:45 - 2019-06-13 14:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-09 19:45 - 2019-06-13 14:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-09 19:45 - 2019-06-13 14:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-09 19:45 - 2019-06-13 14:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-09 19:45 - 2019-06-13 13:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-09 19:45 - 2019-06-13 13:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-09 19:45 - 2019-06-13 13:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-09 19:45 - 2019-06-13 13:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-09 19:45 - 2019-06-13 13:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-09 19:45 - 2019-06-13 13:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-09 19:45 - 2019-06-13 13:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-09 19:45 - 2019-06-13 13:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-09 19:45 - 2019-06-13 13:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-09 19:45 - 2019-06-13 13:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-07-09 19:45 - 2019-06-13 13:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-07-09 19:45 - 2019-06-13 13:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-07-09 19:45 - 2019-06-13 13:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-07-09 19:45 - 2019-06-13 13:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-09 19:45 - 2019-06-13 13:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-09 19:45 - 2019-06-13 13:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-09 19:45 - 2019-06-13 13:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-09 19:45 - 2019-06-13 13:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-09 19:45 - 2019-06-13 13:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-09 19:45 - 2019-06-13 13:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-09 19:45 - 2019-06-13 13:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-09 19:45 - 2019-06-13 13:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-09 19:45 - 2019-06-13 13:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-09 19:45 - 2019-06-13 13:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-09 19:45 - 2019-06-13 13:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-09 19:45 - 2019-06-13 13:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-09 19:45 - 2019-06-13 13:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-09 19:45 - 2019-06-13 13:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-09 19:45 - 2019-06-13 13:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-09 19:45 - 2019-06-13 13:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-09 19:45 - 2019-06-13 13:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-09 19:45 - 2019-06-13 13:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-09 19:45 - 2019-06-13 13:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-07-09 19:45 - 2019-06-13 13:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-09 19:45 - 2019-06-13 13:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-09 19:45 - 2019-06-13 12:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-07-09 19:45 - 2019-06-13 12:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-09 19:45 - 2019-06-13 12:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-09 19:45 - 2019-06-13 12:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-09 19:45 - 2019-06-13 11:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-09 19:45 - 2019-06-13 11:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-09 19:45 - 2019-06-13 11:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-09 19:45 - 2019-06-13 11:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-07-09 19:45 - 2019-06-13 11:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-09 19:45 - 2019-06-13 11:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-09 19:45 - 2019-06-13 11:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-09 19:45 - 2019-06-13 11:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-09 19:45 - 2019-06-13 09:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-07-09 19:45 - 2019-06-13 09:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-09 19:45 - 2019-06-13 09:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-09 19:45 - 2019-06-13 09:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-09 19:45 - 2019-06-13 09:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-09 19:45 - 2019-06-13 08:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-09 19:45 - 2019-06-13 08:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-09 19:45 - 2019-06-13 08:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-09 19:45 - 2019-06-13 08:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-09 19:45 - 2019-06-13 08:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-07-09 19:45 - 2019-06-13 08:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-09 19:45 - 2019-06-13 08:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-09 19:45 - 2019-06-13 08:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-09 19:45 - 2019-06-13 08:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-09 19:45 - 2019-06-13 08:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-07-09 19:45 - 2019-06-13 08:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-09 19:45 - 2019-06-13 08:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-07-09 19:45 - 2019-06-13 08:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-07-09 19:45 - 2019-06-13 08:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-07-09 19:45 - 2019-06-13 08:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-09 19:45 - 2019-06-13 08:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-07-09 19:45 - 2019-06-13 08:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-09 19:45 - 2019-06-13 08:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-09 19:45 - 2019-06-13 08:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-09 19:45 - 2019-06-13 08:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-07-09 19:45 - 2019-06-13 08:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-07-09 19:45 - 2019-06-13 08:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-07-09 19:45 - 2019-06-13 08:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-07-09 19:45 - 2019-06-13 08:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-09 19:45 - 2019-06-13 08:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-09 19:45 - 2019-06-13 08:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-09 19:45 - 2019-06-13 08:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-09 19:45 - 2019-06-13 08:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-09 19:45 - 2019-06-13 08:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-09 19:45 - 2019-06-13 08:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-09 19:45 - 2019-06-13 08:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-07-09 19:45 - 2019-06-13 08:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-09 19:45 - 2019-06-13 08:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-09 19:45 - 2019-06-13 08:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-09 19:45 - 2019-06-13 08:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-07-09 19:45 - 2019-06-13 08:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-09 19:45 - 2019-06-13 08:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-09 19:45 - 2019-06-13 08:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-09 19:45 - 2019-06-13 08:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-09 19:45 - 2019-06-13 08:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-09 19:45 - 2019-06-13 08:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-07-09 19:45 - 2019-06-13 08:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-09 19:45 - 2019-06-13 08:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-09 19:45 - 2019-06-13 08:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-07-09 19:45 - 2019-06-13 08:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-09 19:45 - 2019-06-13 08:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-07-09 19:45 - 2019-06-13 08:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-09 19:45 - 2019-06-13 08:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-09 19:45 - 2019-06-13 08:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-09 19:45 - 2019-06-13 08:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-09 19:45 - 2019-06-13 08:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-09 19:45 - 2019-06-13 07:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-09 19:45 - 2019-06-13 07:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-07-09 19:45 - 2019-06-13 07:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-07-09 19:45 - 2019-06-13 07:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-09 19:45 - 2019-06-13 07:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-09 19:45 - 2019-06-13 07:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-07-09 19:45 - 2019-06-13 07:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-07-09 19:45 - 2019-06-13 06:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-07-09 19:45 - 2019-06-13 06:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2019-07-09 19:45 - 2019-06-13 06:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-07-09 19:45 - 2019-06-13 06:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-09 19:45 - 2019-06-13 06:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-09 19:45 - 2019-06-13 06:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-09 19:45 - 2019-06-13 06:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-09 19:45 - 2019-06-13 06:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-09 19:45 - 2019-06-13 06:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-09 19:45 - 2019-06-13 06:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-09 19:45 - 2019-06-13 06:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-07-09 19:45 - 2019-06-13 06:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-07-09 19:45 - 2019-06-13 06:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-07-09 19:45 - 2019-06-13 06:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-09 19:45 - 2019-06-13 06:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-09 19:45 - 2019-06-13 06:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-09 19:45 - 2019-06-13 06:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-06-29 14:45 - 2019-06-29 14:45 - 000031744 _____ C:\Users\Katka\Downloads\planovaci-kalendar-2019-CZ.xls
2019-06-29 12:55 - 2019-06-29 12:55 - 000363400 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-06-29 12:55 - 2019-06-29 12:55 - 000225816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-06-29 12:55 - 2019-06-29 12:55 - 000169112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-22 11:19 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-07-22 11:09 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-22 11:03 - 2018-06-02 09:19 - 001881544 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-22 11:03 - 2018-04-12 17:50 - 000781248 _____ C:\WINDOWS\system32\perfh005.dat
2019-07-22 11:03 - 2018-04-12 17:50 - 000177796 _____ C:\WINDOWS\system32\perfc005.dat
2019-07-22 11:01 - 2017-10-22 23:20 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-22 11:00 - 2018-06-23 14:12 - 000000000 ____D C:\Users\Katka\AppData\Local\AVAST Software
2019-07-22 10:59 - 2018-07-09 20:41 - 000025608 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2019-07-22 10:59 - 2018-07-09 20:41 - 000000514 _____ C:\WINDOWS\Tasks\Avast Driver Updater Startup.job
2019-07-22 10:59 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-22 10:59 - 2017-10-04 17:36 - 000000000 __SHD C:\Users\Katka\IntelGraphicsProfiles
2019-07-22 10:58 - 2018-06-02 09:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-22 10:58 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-07-22 10:58 - 2018-01-11 20:55 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForKatka.job
2019-07-22 10:48 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-22 09:28 - 2017-10-07 20:09 - 000000000 ____D C:\Users\Katka\AppData\Roaming\uTorrent
2019-07-22 09:28 - 2017-10-04 18:36 - 000000000 ____D C:\Users\Katka\AppData\Roaming\hpqLog
2019-07-22 09:27 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-22 09:25 - 2018-06-02 09:25 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForKatka
2019-07-22 09:25 - 2017-10-04 18:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-22 09:22 - 2017-10-04 19:13 - 000000000 ____D C:\ProgramData\AVAST Software
2019-07-22 09:14 - 2017-11-20 18:48 - 000000000 ___RD C:\Users\Katka\3D Objects
2019-07-22 09:14 - 2016-07-29 14:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-14 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-07-14 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-14 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-14 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-14 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-14 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-14 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-14 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-14 14:45 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-14 14:44 - 2018-10-13 12:39 - 000003826 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-07-14 14:44 - 2018-10-13 12:39 - 000003530 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-07-14 14:44 - 2018-08-05 12:17 - 000003152 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-14 14:44 - 2018-08-05 12:17 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-14 14:44 - 2018-08-05 12:17 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-14 14:44 - 2018-08-05 12:17 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-14 14:44 - 2018-08-05 12:17 - 000002914 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-14 14:44 - 2018-07-07 13:10 - 000002988 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-07-14 14:44 - 2018-07-07 13:10 - 000002216 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-07-14 14:44 - 2018-06-02 09:25 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-07-14 14:44 - 2018-06-02 09:25 - 000003400 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-07-14 14:44 - 2018-06-02 09:25 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-14 14:44 - 2018-06-02 09:25 - 000003196 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-14 14:44 - 2018-06-02 09:25 - 000003176 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-07-14 14:44 - 2018-06-02 09:25 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-14 14:44 - 2018-06-02 09:25 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-14 14:44 - 2018-06-02 09:25 - 000002856 _____ C:\WINDOWS\System32\Tasks\HPJumpStartLaunch
2019-07-14 14:44 - 2018-06-02 09:25 - 000002854 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2072171445-3948342329-90923121-1001
2019-07-14 14:44 - 2018-06-02 09:25 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-14 14:44 - 2018-06-02 09:25 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-14 14:44 - 2018-06-02 09:25 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-07-14 14:44 - 2018-06-02 09:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-14 14:44 - 2017-12-01 10:24 - 000000000 ____D C:\Users\Katka\AppData\Local\Ubisoft Game Launcher
2019-07-14 12:47 - 2018-06-02 09:25 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-07-14 12:47 - 2016-11-24 04:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-07-13 20:08 - 2018-06-02 09:19 - 000002368 _____ C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-13 20:08 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-13 20:08 - 2017-10-04 17:37 - 000000000 ___RD C:\Users\Katka\OneDrive
2019-07-13 20:01 - 2017-10-07 17:06 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-13 19:58 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-07-13 19:58 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-07-09 19:38 - 2017-10-07 17:06 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-04 23:25 - 2017-10-07 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-07-04 23:25 - 2017-10-07 20:38 - 000000000 ____D C:\Program Files\7-Zip
2019-06-29 12:55 - 2019-02-13 19:06 - 000549416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2019-06-29 12:55 - 2019-01-14 18:51 - 000263224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-06-29 12:55 - 2019-01-05 21:06 - 000206056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-06-29 12:55 - 2019-01-05 21:06 - 000061688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-06-29 12:55 - 2018-11-05 07:12 - 000042504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-06-29 12:55 - 2017-11-19 18:37 - 001030992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-06-29 12:55 - 2017-11-19 18:37 - 000477288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-06-29 12:55 - 2017-11-19 18:37 - 000387392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-06-29 12:55 - 2017-11-19 18:37 - 000209256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-06-29 12:55 - 2017-11-19 18:37 - 000112520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-06-29 12:55 - 2017-11-19 18:37 - 000088160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-06-29 12:49 - 2019-06-13 21:21 - 000004294 _____ C:\WINDOWS\System32\Tasks\Avast SecureLine VPN Update
2019-06-23 18:43 - 2017-10-08 19:38 - 000000000 ____D C:\Program Files\UNP
2019-06-22 13:35 - 2017-10-08 19:38 - 000000000 ____D C:\Program Files\rempl

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Katka (22-07-2019 11:22:32)
Running from C:\Users\Katka\Downloads
Windows 10 Home Version 1803 17134.885 (X64) (2018-06-02 07:25:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2072171445-3948342329-90923121-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2072171445-3948342329-90923121-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2072171445-3948342329-90923121-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2072171445-3948342329-90923121-501 - Limited - Disabled)
Katka (S-1-5-21-2072171445-3948342329-90923121-1001 - Administrator - Enabled) => C:\Users\Katka
WDAGUtilityAccount (S-1-5-21-2072171445-3948342329-90923121-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\uTorrent) (Version: 3.5.5.45271 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
Aktualizace NVIDIA 36.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 36.0.0.0 - NVIDIA Corporation) Hidden
Anno 1404 (HKLM-x32\...\Uplay Install 89) (Version: - Ubisoft)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 19.1.7611 - AVAST Software)
Avast Driver Updater (HKLM-x32\...\{8804140C-3144-4075-9526-1C662E26CA17}) (Version: 2.5.5 - AVAST Software) Hidden
Avast Driver Updater (HKLM-x32\...\Avast Driver Updater) (Version: 2.5.5 - AVAST Software)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 5.2.429 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.72.1082 - AB Team, d.o.o.)
calibre (HKLM-x32\...\{7EA1BF8A-65C7-4780-8F2E-3612F22FE8AA}) (Version: 3.14.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3426 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 411.63 - NVIDIA Corporation) Hidden
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
ExpressVPN (HKLM-x32\...\{761844fc-6d43-4279-8f64-111c5ff0a78e}) (Version: 7.0.1.7156 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B846CD9325}) (Version: 7.0.1.7156 - ExpressVPN) Hidden
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HP 3D DriveGuard (HKLM-x32\...\{8F183B2E-D21D-4070-8132-DD39C3CBFA5C}) (Version: 6.0.41.1 - HP)
HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8361.5688 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{DFBDDDB3-D753-4454-84E9-2D3D96E89EFF}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{14D126AD-8249-45B4-B6F0-175939F8F894}) (Version: 12.11.24.11 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{ABE95EB9-5EA1-42A3-8009-BA7602127ED6}) (Version: 1.4.25 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{F5852AA8-30EA-495B-84B4-C2403C935D6F}) (Version: 1.1.19.1 - HP)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1069 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{BB0C4AC6-0E52-4956-8245-4C715E85FF09}) (Version: 19.11.1639.0649 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel(R) Corporation) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Codec Pack 13.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.5.5 - KLCP)
Malwarebytes verze 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Manager (HKLM-x32\...\{BF3644FF-E4CA-4B2F-B664-09C9869376AD}) (Version: 5.0.29.838 - 2017 pdfforge GmbH. All rights reserved) Hidden
Microsoft Office 2016 pre študentov a domácnosti - sk-sk (HKLM\...\HomeStudentRetail - sk-sk) (Version: 16.0.11727.20244 - Microsoft Corporation)
Microsoft Office 2016 pro domácnosti - cs-cz (HKLM\...\HomeStudentRetail - cs-cz) (Version: 16.0.11727.20244 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.11727.20244 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.18.0.102 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.18.0.102 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.37.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.5 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 411.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 411.63 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Ochrana koncového bodu Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1930.429 - Trusteer)
OpenOffice 4.1.4 (HKLM-x32\...\{6CA4F7F3-B909-4292-B791-AAA959155DE0}) (Version: 4.14.9788 - Apache Software Foundation)
Ovládací panel NVIDIA 411.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 411.63 - NVIDIA Corporation) Hidden
PDF Architect 5 (HKLM-x32\...\PDF Architect 5) (Version: 5.1.28.36004 - pdfforge GmbH)
PDF Architect 5 Create Module (HKLM\...\{E6BB3749-AC9F-4BDE-84D9-1E22EF689573}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 Edit Module (HKLM\...\{CC1439A7-3054-4C5F-AF60-7F770DAD7793}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 View Module (HKLM\...\{23AFD2CD-3930-451E-A27C-07A9457CE07F}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.1.0 - pdfforge GmbH)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1930.429 - Trusteer) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.13.1223.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
Sweet Home 3D version 5.6 (HKLM\...\Sweet Home 3D_is1) (Version: 5.6 - eTeks)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
The Witcher 3: Wild Hunt - Game of the Year Edition (HKLM-x32\...\1495134320_is1) (Version: 1.32 - GOG.com)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 45.0 - Ubisoft)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t [2018-06-30] (Amazon.com)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-06-02] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.8.4.0_x86__kgqvnymyfvs32 [2019-07-22] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.143.600.0_x86__kgqvnymyfvs32 [2019-07-14] (king.com)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2017-10-07] (HP Inc.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.1.0.6_x86__h6adky7gbf63m [2019-06-22] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-29] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-22] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-22] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.12.28.0_x64__8wekyb3d8bbwe [2019-07-09] (Microsoft Studios)
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-22] (Microsoft Corporation) [MS Ad]
Pošta a Kalendář -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-09] (Microsoft Corporation) [MS Ad]
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_5.5.13.0_x64__kx24dqmazqk8j [2019-05-25] (Random Salad Games LLC) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2072171445-3948342329-90923121-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PDFArchitect5_ManagerExt] -> {00B7B69F-6774-4906-9C7F-7D117A3644A9} => C:\Program Files\PDF Architect 5\context-menu.dll [2017-11-29] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2017-10-19] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki126176.inf_amd64_694219dc1ebc939c\igfxDTCM.dll [2018-01-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-09-18] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Hudba Google Play.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) ==============

2017-12-22 19:13 - 2016-09-12 15:53 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
2019-03-21 10:16 - 2019-03-21 10:16 - 000303104 _____ () [File not signed] C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.SplitTunnel.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 000545792 _____ () [File not signed] C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2019-07-22 10:35 - 2019-07-22 10:35 - 000156672 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\a8f472c0e00e1e2dbf326a59eb37a1e1\BRIDGECommon.ni.dll
2019-07-22 10:36 - 2019-07-22 10:36 - 000116736 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\c8e4a8ff4860b105456e4e6f32e846b6\BridgeExtension.ni.dll
2019-07-22 10:36 - 2019-07-22 10:36 - 000329728 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\d55b503fa46d4715e8d96d3948cc7654\CleanStartController.ni.dll
2016-11-24 04:03 - 2016-10-07 16:17 - 001309184 _____ (HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe
2019-07-22 10:36 - 2019-07-22 10:36 - 000131072 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\24bf5ebb88d95b71ce480f5873bfa8ce\CommonPortable.ni.dll
2019-07-22 10:36 - 2019-07-22 10:36 - 000157184 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\HPJumpStartBridge\e5eb4f6a673b4a70242fc3a587e33c6d\HPJumpStartBridge.ni.exe
2019-03-21 10:16 - 2019-03-21 10:16 - 000368640 _____ (Iain Patterson) [File not signed] C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
2017-12-22 18:40 - 2017-12-22 18:40 - 000117248 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll
2019-03-13 20:54 - 2018-09-05 22:32 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\SecureLine\libcrypto-1_1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2019-01-04 10:22 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DB99AE5A-2AC4-47AF-9E63-DAB25E4E5E08}] => (Allow) D:\Downloads\Hry\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{00089AE8-36AA-4FA4-9E04-58AF70C94508}] => (Allow) D:\Downloads\Hry\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{CF2D976A-5E9D-4B00-A160-4FD1EC5A0F19}] => (Allow) D:\Downloads\Hry\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{D94A4194-EF13-4BAF-8AB7-4F37385C5F58}] => (Allow) D:\Downloads\Hry\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{1A797BCD-3E89-4231-9FAF-C1FC381F14CC}] => (Allow) D:\Downloads\Hry\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{30ACCD3B-CA38-40BA-A584-EDFDD7DD289F}] => (Allow) D:\Downloads\Hry\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{1C2FAAB8-CCBD-4F73-8E3B-CDA177495738}] => (Allow) D:\Downloads\Hry\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{76F2D7F8-1E3F-453E-A2AB-89726F86B9FD}] => (Allow) D:\Downloads\Hry\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{AF812EED-3D5D-4699-8648-CEFA876A8E29}] => (Allow) C:\Users\Katka\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{2B654452-D299-4624-B668-FDAB074220C4}] => (Allow) C:\Users\Katka\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C27153ED-28EF-40CE-8762-AC7F966D03AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8FD2CD43-5FBF-4845-9646-34926FFF443E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1C55AFC8-904D-47AB-A83F-4C6850AF51F2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0E13D799-4D2F-47DA-B384-BB20F1CB1861}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{496805E9-786D-40BA-B14F-BF536712B9C5}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
FirewallRules: [{CA597FE2-0AB9-4B9B-BA22-9211B55DFCA0}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
FirewallRules: [{D98B2ED2-F81E-40DD-81F8-291294E571F6}] => (Allow) D:\Hry\Anno 2070\Anno5.exe (Related Designs Software -> Related Designs) [File not signed]
FirewallRules: [{25EDEC65-6822-4EEF-99E6-7F85C545C288}] => (Allow) D:\Hry\Anno 2070\Anno5.exe (Related Designs Software -> Related Designs) [File not signed]
FirewallRules: [{85A9EE73-5085-4DFE-B55A-C36DF9DD6FD8}] => (Allow) D:\Hry\Anno 2070\AutoPatcher.exe (Related Designs Software -> Related Designs Software) [File not signed]
FirewallRules: [{A5AA1263-EEEF-4743-AC29-B34668AE9A02}] => (Allow) D:\Hry\Anno 2070\AutoPatcher.exe (Related Designs Software -> Related Designs Software) [File not signed]
FirewallRules: [{B5371340-7B8D-4016-A81E-454DE40680C7}] => (Allow) D:\Hry\Anno 2070\InitEngine.exe (Related Designs Software -> ) [File not signed]
FirewallRules: [{73C966DC-D8C9-477C-A01B-FDD17EBB4FD1}] => (Allow) D:\Hry\Anno 2070\InitEngine.exe (Related Designs Software -> ) [File not signed]
FirewallRules: [{71973776-0C6B-44FD-9863-822E30DCF6E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{59BDD28E-7AE7-48F6-9124-53CC7F6A9515}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{84C5B358-7C1D-438E-90E5-F3776278A53B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{D8C63DB5-BCB7-457C-914E-B5FB22426499}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{775F639B-E2B6-41CA-9AC6-0E56BC851057}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\Anno4.exe (Related Designs Software -> Related Designs)
FirewallRules: [{C1B984AD-6296-47C8-A146-2F486FB58B1E}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\Anno4.exe (Related Designs Software -> Related Designs)
FirewallRules: [{AB7BB8F6-06D0-47CC-9EAB-E4493625AFCD}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\Addon.exe (Related Designs Software -> Related Designs)
FirewallRules: [{1015A88A-7416-4E91-9B13-BBE9B7F8162F}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\Addon.exe (Related Designs Software -> Related Designs)
FirewallRules: [{A3A39C26-2078-4FE9-B6C8-363707761AD5}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\tools\Anno4Web.exe () [File not signed]
FirewallRules: [{42E642E5-508E-4683-BCA3-55D3664E1BB6}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\tools\Anno4Web.exe () [File not signed]
FirewallRules: [{E124D112-DB77-4430-86F8-F50162EE06E1}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\tools\AddonWeb.exe No File
FirewallRules: [{B1D0CAA2-95FE-45B7-8EC8-9CD9F3C1D02C}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\tools\AddonWeb.exe No File
FirewallRules: [{CB0E2D8A-6A7F-4AA7-B85D-EEABF09CAB3E}] => (Allow) D:\Downloads\Hry\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{25CB711D-A8CD-44C6-B76C-4040D591C190}] => (Allow) D:\Downloads\Hry\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E9D5ED19-7D5D-43DC-A6B6-1C26081BFD56}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BE98759E-B9DD-442A-9C11-7221ECB198A8}] => (Allow) C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{1D6398D8-AC10-407F-90C4-2DAFE677F791}] => (Allow) C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{63B998F2-1F26-498C-9FA8-40A77278C1E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{99482787-BED7-424B-AEBA-840FDF838DBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{09E6136E-A12F-4DF1-AC1D-122531D389E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E3FF8AF9-FA2C-49CC-A109-7F07BCD3FAAA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1493BC3B-DB27-4E17-BC79-06CF3147DB20}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{0D71EF09-B730-4B13-8452-BAB332B82A0B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118.01 GB) (Free:23.76 GB) (20%)

==================== Faulty Device Manager Devices =============

Name: ExpressVPN Tap Adapter
Description: ExpressVPN Tap Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2019 10:59:13 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (4004,R,98) WebCacheLocal: Při otevírání souboru protokolu C:\Users\Katka\AppData\Local\Microsoft\Windows\WebCache\V0100006.log došlo k chybě -1811 (0xfffff8ed).

Error: (07/14/2019 01:05:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro D:\Hry\Ubisoft Game Launcher\games\Anno 1404\Support\Utils\GDFInstaller.exe se nezdařilo.
Závislé sestavení Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (07/14/2019 01:05:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro D:\Hry\Ubisoft Game Launcher\games\Anno 1404\Support\Utils\GDFInstaller.exe se nezdařilo.
Závislé sestavení Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (07/07/2019 02:23:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9687

Error: (07/07/2019 02:23:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9687

Error: (07/07/2019 02:23:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/05/2019 11:28:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9609

Error: (07/05/2019 11:28:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9609


System errors:
=============
Error: (07/22/2019 11:11:13 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-ILMEP1E6)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli LAPTOP-ILMEP1E6\Katka (SID: S-1-5-21-2072171445-3948342329-90923121-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/22/2019 11:08:15 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-ILMEP1E6)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli LAPTOP-ILMEP1E6\Katka (SID: S-1-5-21-2072171445-3948342329-90923121-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/22/2019 11:01:04 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-ILMEP1E6)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli LAPTOP-ILMEP1E6\Katka (SID: S-1-5-21-2072171445-3948342329-90923121-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/22/2019 10:59:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/22/2019 10:59:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/22/2019 10:58:39 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv04.dll

Error: (07/22/2019 10:58:39 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv04.dll

Error: (07/22/2019 10:58:36 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv04.dll


CodeIntegrity:
===================================

Date: 2019-07-22 10:51:22.475
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-22 10:51:22.429
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-22 10:51:22.422
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-22 10:51:22.415
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-22 10:51:22.406
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-22 10:51:22.390
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-22 10:51:22.384
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-22 10:51:22.354
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

==================== Memory info ===========================

BIOS: Insyde F.48 06/22/2018
Motherboard: HP 8217
Processor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 44%
Total physical RAM: 8077.22 MB
Available physical RAM: 4482.98 MB
Total Virtual: 12429.22 MB
Available Virtual: 7207.36 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:118.01 GB) (Free:23.76 GB) NTFS
Drive d: (DATA) (Fixed) (Total:919.78 GB) (Free:75.13 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:11.73 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:14.31 GB) (Free:1.54 GB) FAT32

\\?\Volume{eab14c7b-26ad-4664-b671-2d042d1c86eb}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.47 GB) NTFS
\\?\Volume{29b57022-759f-4931-ad47-33dbd9a71362}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 3DCEC070)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 65A4602B)

Partition: GPT.

========================================================
Disk: 2 (Protective MBR) (Size: 14.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Dvakrát ukradený účet Steam

#2 Příspěvek od Rudy »

Zdravím!
Steam je sám o sobě tzv. tolerovaný šmejd. Např do mého PC nesmí. Nejprve spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Kaatcha
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 22 črc 2019 10:30

Re: Dvakrát ukradený účet Steam

#3 Příspěvek od Kaatcha »

Jak už jsem psala, už jsem malwerbytes dneska jednou projela, takže přikládám data z obou reportů...
Já jsem Steam také dlouho nechtěla, ale hrála jsem Skyrim a když jsem ho kupovala, na jiné platformě nebyl, to samé platí pro Dishonored.

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-07-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-22-2019
# Duration: 00:00:03
# OS: Windows 10 Home
# Cleaned: 14
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\Users\Public\Documents\Downloaded Installers

***** [ Files ] *****

Deleted C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

Deleted kameggckbdelgpmiholhnkdlljfdhhoj

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2404 octets] - [22/07/2019 10:58:12]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########





# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-07-22.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-22-2019
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc

***** [ Chromium (and derivatives) ] *****

Deleted kameggckbdelgpmiholhnkdlljfdhhoj

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2404 octets] - [22/07/2019 10:58:12]
AdwCleaner[C00].txt - [2330 octets] - [22/07/2019 10:58:32]
AdwCleaner[S01].txt - [1490 octets] - [22/07/2019 17:58:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Dvakrát ukradený účet Steam

#4 Příspěvek od Rudy »

OK. Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Kaatcha
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 22 črc 2019 10:30

Re: Dvakrát ukradený účet Steam

#5 Příspěvek od Kaatcha »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by Katka (administrator) on LAPTOP-ILMEP1E6 (HP HP Pavilion Notebook) (22-07-2019 19:26:53)
Running from C:\Users\Katka\Desktop
Loaded Profiles: defaultuser0 & Katka (Available Profiles: defaultuser0 & Katka)
Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1905.28.0_x64__8wekyb3d8bbwe\Calculator.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\Vpn.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Express Vpn LLC -> ) C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVPN.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpnNotificationService.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(GOG Sp. z o.o. -> GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Iain Patterson) [File not signed] C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126176.inf_amd64_694219dc1ebc939c\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126176.inf_amd64_694219dc1ebc939c\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126176.inf_amd64_694219dc1ebc939c\IntelCpHDCPSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(pdfforge GmbH -> © pdfforge GmbH.) C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [701984 2017-07-13] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324600 2017-04-25] (HP Inc. -> HP)
HKLM-x32\...\Run: [ExpressVpnNotificationService] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpnNotificationService.exe [773248 2019-03-21] (Express Vpn LLC -> ExpressVPN)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2072171445-3948342329-90923121-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-08-14] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22695280 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [7592008 2019-03-14] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVPN.exe [799872 2019-03-21] (Express Vpn LLC -> ExpressVPN)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-22] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2017-12-22]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-06-13]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08442C7B-4ADB-449C-96F5-63E671344E23} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {09DD0D33-6133-44A6-B26E-D3513B44C17A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0CB27EDF-2273-4BAF-AE7A-31B2018A2B40} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113616 2019-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {0CF74098-61EC-486C-BE08-90B4DA636F74} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113616 2019-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {0F2B0386-F1AF-4669-9CB3-D3A17B937870} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {11AC67F5-2381-4941-8D3B-C0401367165E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-05] (HP Inc. -> HP Inc.)
Task: {12D4BFBB-330D-4BB8-9963-7FFEFD3D6D3D} - System32\Tasks\{E6FA35FB-C726-4A62-A64B-0B983B2DEC6A} => C:\windows\system32\pcalua.exe -a D:\Hry\Anno\Anno4.exe -d D:\Hry\Anno
Task: {12F6025D-B4DE-4DB5-A586-AA1B66B601E5} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {132A6084-C34E-4CE3-880B-1947C0C97E74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {164046F5-AF05-4664-98DE-7690966AEB9F} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1356008 2016-01-21] (Hewlett-Packard Company -> HP Development Company, L.P.)
Task: {193AB150-7CD3-4ED4-BD08-787B47FEADA1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1AA6A51D-5716-4E1A-96CE-8E54588D6525} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2017-09-22] () [File not signed]
Task: {1EB5F7DC-CF1D-426F-ABC7-E41956923099} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {21442B86-A133-4F66-AD77-FDAEA1083381} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-07-22] (AVAST Software s.r.o. -> AVAST Software)
Task: {2D4C6965-AB05-4EB4-89A3-5C3A83C166F4} - System32\Tasks\Avast Driver Updater Startup => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe [30497576 2018-12-13] (Avast Software s.r.o. -> AVAST Software)
Task: {34167FEA-4790-4BE2-802B-7507E9394EBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-05] (HP Inc. -> HP Inc.)
Task: {34ED2C15-5DB6-457A-B9E7-8B5E6D318561} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3B056D74-BDFE-4412-B429-319C2AC6B921} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\HP\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [29184 2016-08-29] (HP Inc.) [File not signed]
Task: {3D25901D-ACB8-4360-8ADB-4A03FE5862A5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.)
Task: {52DA02D5-E647-4D25-AF92-666987529714} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [237432 2019-04-29] (HP Inc. -> HP Inc.)
Task: {53DFAC32-7EEF-4598-81B1-9053D97DFFC0} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-08-31] (Dropbox, Inc -> )
Task: {6B066064-63C9-480A-BB48-0000D6CB9CF7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
Task: {6E86D434-90B6-4CD7-80C5-76B302889961} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [1392008 2019-07-22] (AVAST Software s.r.o. -> AVAST Software)
Task: {7474F262-A818-4333-838A-6AA9E1BAEBA5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448512 2019-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {79AF99D1-7079-47C3-BD1F-430763C4A222} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {7A1B6AEB-93E6-4B1A-BD6C-D06845770AEF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-13] (Adobe Inc. -> Adobe)
Task: {7F3D96E7-976D-40A0-9D1F-B6FF8432D018} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16667424 2019-06-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7FE8922C-ABF5-4366-AB5C-4851DCF1F4E8} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-07-28] (HP Inc. -> )
Task: {8005BECA-9F04-42F0-8029-1ACE2C3DB226} - System32\Tasks\HPCeeScheduleForKatka => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99392 2016-05-12] (Hewlett-Packard Company -> HP Development Company, L.P.)
Task: {82D0C186-27A6-4C4E-946F-251406A1B621} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-04] (Google Inc -> Google Inc.)
Task: {8332FEF1-CDF8-407A-BAF1-6BCE017BF846} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8A9C61A9-D33C-4D56-B963-B168294F1810} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8D231062-3781-4187-8A0B-22F9F70C4A8D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {904202B6-6BA7-4473-BD40-04C642ACA801} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {999E6C24-D546-45DB-85E4-A914EF8619CE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {9E83FB29-00EE-4DB3-9BC6-AF2135241508} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {A467A2BF-0BCE-4B98-89B1-5747723A5975} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {AAABE4CC-BBC3-4F93-97A0-0FB59A0F719A} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1657880 2016-10-04] (HP Inc. -> HP Inc.)
Task: {AAEEAEA7-55A6-4A3B-8FA4-902CCEE4E3D6} - System32\Tasks\{A8C42E80-3BFB-4D5A-B765-E5B1504DB54C} => C:\windows\system32\pcalua.exe -a D:\Hry\Anno4.exe -d D:\Hry
Task: {AF73A7D4-84F0-45FA-B960-CCAB90373FDB} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B2B7C191-B44A-464F-933C-86A6C7C02BDC} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C32318D8-38A9-4D1F-BA68-0BCF7AE36C7D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {C8B4931B-3A18-472B-84F3-797923EA1351} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {D8D43D6F-D767-4DF2-AECB-DE69B0DC08C5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728752 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DECE7FC7-17C9-45FF-BA69-3FDE9963DBC5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448512 2019-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {DEE5E70A-D8DC-4108-82A6-288CF4253944} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648048 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E1575D0A-B35E-4EAF-9AA4-AFC9F339B2EA} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2281944 2019-06-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {E981844E-846B-4B79-BAC1-241BF16397F6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-13] (Adobe Inc. -> Adobe)
Task: {F5B6D126-A4E6-49CD-AFD2-119F83F25DE5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F8B9DBD5-F9FC-41CD-B832-421525C1275B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-04] (Google Inc -> Google Inc.)
Task: {FE9F30EC-D9DA-4502-82F2-F121BD0D3180} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Driver Updater Startup.job => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForKatka.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{341d9250-66fa-4247-af55-71a5eb330741}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{566ebe3f-c46e-4c6b-847c-54e80ebbeed4}: [DhcpNameServer] 40.23.1.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HCTE
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HCTE
SearchScopes: HKLM -> {04B0B942-68B9-48EB-9999-E3C1BE93B2D6} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {04B0B942-68B9-48EB-9999-E3C1BE93B2D6} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-2072171445-3948342329-90923121-1001 -> {04B0B942-68B9-48EB-9999-E3C1BE93B2D6} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-2072171445-3948342329-90923121-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180527__yaie&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-29] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-10-12] (HP Inc. -> HP Inc.)
BHO-x32: PDF Architect 5 Helper -> {AEA429F3-D2D4-4BD7-A03E-5357DA017733} -> C:\Program Files (x86)\PDF Architect 5\creator\plugins\IEAddin\creator-ie-helper.dll [2017-11-29] (pdfforge GmbH -> pdfforge GmbH)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-10-12] (HP Inc. -> HP Inc.)
Toolbar: HKLM-x32 - PDF Architect 5 Toolbar - {84F23192-A475-4038-B5C0-8584777F2DF4} - C:\Program Files (x86)\PDF Architect 5\creator\plugins\IEAddin\creator-ie-plugin.dll [2017-11-29] (pdfforge GmbH -> pdfforge GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-13] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 5 -> C:\Program Files (x86)\PDF Architect 5\np-previewer.dll [2017-11-29] (pdfforge GmbH -> pdfforge GmbH)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR DefaultSearchURL: Default -> hxxp://private.searchplanet.online/search/?category=web&s=59pr&q={searchTerms}
CHR DefaultSearchKeyword: Default -> TheSafe Search
CHR DefaultSuggestURL: Default -> hxxp://sug.searchplanet.online/search/index_sg.php?q={searchTerms}
CHR Profile: C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default [2019-07-22]
CHR Extension: (Prezentace) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Dokumenty) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Disk Google) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (IBM Security Rapport) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-07-22]
CHR Extension: (YouTube) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-15]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-06-05]
CHR Extension: (Hudba Google Play) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-10-06]
CHR Extension: (Tabulky) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (Avast Online Security) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-22]
CHR Extension: (TheSafe Search) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\himbhnomjioebmhjcglcehjabdcfjknh [2019-07-22]
CHR Extension: (Gaco) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnkifijeoijjinpjckmlgedfhpeflakd [2018-07-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (MyTopMovies New Tab) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\odnihbmlbfmfjpgdbbmhdieojmdemnha [2019-07-22]
CHR Extension: (Gmail) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Katka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-07]
CHR HKU\S-1-5-21-2072171445-3948342329-90923121-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [423288 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10285680 2019-07-22] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11413600 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-04] (Dropbox, Inc -> Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-04] (Dropbox, Inc -> Dropbox, Inc.)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd -> Disc Soft Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-09-19] (Intel Corporation - pGFX -> Intel Corporation)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [368640 2019-03-21] (Iain Patterson) [File not signed]
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [791112 2019-03-14] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2019-03-14] (GOG Sp. z o.o. -> GOG.com)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [356728 2019-06-12] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 ibtsiva; C:\WINDOWS\System32\ibtsiva.exe [529912 2018-12-21] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [758552 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [719640 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S4 PDF Architect 5; C:\Program Files\PDF Architect 5\ws.exe [2832560 2017-11-29] (pdfforge GmbH -> pdfforge GmbH)
S4 PDF Architect 5 Creator; C:\Program Files\PDF Architect 5\creator\common\creator-ws.exe [874680 2017-11-29] (pdfforge GmbH -> pdfforge GmbH)
R2 PDF Architect 5 Manager; C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [1250592 2018-10-05] (pdfforge GmbH -> © pdfforge GmbH.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5274560 2019-04-15] (IBM -> IBM Corp.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink Corp. -> CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [7343496 2019-07-22] (AVAST Software s.r.o. -> AVAST Software)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [55696 2018-08-31] (HP Inc. -> HP)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [209256 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [263224 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [206056 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61688 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-05] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42504 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [169112 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [549416 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88160 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030992 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477288 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225816 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2017-10-07] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [387392 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [314016 2017-10-05] (Tages SA -> )
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-09-19] (Intel Corporation -> Intel Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-10-07] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-10-07] (Disc Soft Ltd -> Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-09-19] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [28160 2019-03-21] (ExprsVPN LLC -> )
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [42384 2018-08-31] (HP Inc. -> HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43680 2017-10-05] (Tages SA -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-07-22] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-07-22] (Malwarebytes Corporation -> Malwarebytes)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8723648 2018-10-12] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 NVHDA; C:\WINDOWS\system32\drivers\nvhda64v.sys [218968 2018-09-19] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_da7d9a362931e747\nvlddmkm.sys [20177280 2018-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-03-28] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [503000 2019-04-15] (IBM -> IBM Corp.)
R1 RapportCerberus_1930415; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1930415.sys [1659544 2019-04-03] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [727000 2019-04-15] (IBM -> IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [463408 2019-04-15] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [610648 2019-04-15] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [766616 2019-04-15] (IBM -> IBM Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [947712 2017-02-15] (Realtek Semiconductor Corp. -> Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [779232 2016-08-22] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2019-07-22] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45024 2019-02-12] (ExprsVPN LLC -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2019-05-16] (HP Inc. -> HP)
S3 H2OFFT; \SystemRoot\System32\drivers\H2OFFT64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-22 19:26 - 2019-07-22 19:28 - 000045792 _____ C:\Users\Katka\Desktop\FRST.txt
2019-07-22 17:59 - 2019-07-22 17:59 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-07-22 17:59 - 2019-07-22 17:59 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-07-22 17:59 - 2019-07-22 17:59 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-07-22 17:59 - 2019-07-22 17:59 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-07-22 11:19 - 2019-07-22 19:26 - 000000000 ____D C:\FRST
2019-07-22 11:18 - 2019-07-22 11:18 - 002095104 _____ (Farbar) C:\Users\Katka\Desktop\FRST64.exe
2019-07-22 10:58 - 2019-07-22 10:59 - 000388016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-22 10:57 - 2019-07-22 10:58 - 000000000 ____D C:\AdwCleaner
2019-07-22 10:57 - 2019-07-22 10:57 - 007025360 _____ (Malwarebytes) C:\Users\Katka\Desktop\adwcleaner_7.3.exe
2019-07-22 10:48 - 2019-07-22 10:48 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-07-22 10:48 - 2019-07-22 10:48 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-22 10:48 - 2019-07-22 10:48 - 000000000 ____D C:\Users\Katka\AppData\Local\mbamtray
2019-07-22 10:48 - 2019-07-22 10:48 - 000000000 ____D C:\Users\Katka\AppData\Local\mbam
2019-07-22 10:48 - 2019-07-22 10:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-22 10:48 - 2019-07-22 10:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-22 10:48 - 2019-07-22 10:48 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-22 10:48 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-07-22 10:48 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-07-09 19:45 - 2019-07-04 11:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-09 19:45 - 2019-07-04 11:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-09 19:45 - 2019-07-04 11:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-09 19:45 - 2019-07-04 11:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-07-09 19:45 - 2019-07-04 11:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-09 19:45 - 2019-07-04 11:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-09 19:45 - 2019-07-04 11:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-09 19:45 - 2019-07-04 11:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-09 19:45 - 2019-07-04 11:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-09 19:45 - 2019-07-04 11:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-09 19:45 - 2019-07-04 11:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-09 19:45 - 2019-07-04 11:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-09 19:45 - 2019-07-04 10:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-09 19:45 - 2019-07-04 10:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-09 19:45 - 2019-07-04 10:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-09 19:45 - 2019-07-04 10:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-09 19:45 - 2019-07-04 10:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-09 19:45 - 2019-07-04 10:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-09 19:45 - 2019-07-04 07:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-09 19:45 - 2019-07-04 06:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-09 19:45 - 2019-07-04 06:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-09 19:45 - 2019-07-04 06:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-09 19:45 - 2019-07-04 06:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-09 19:45 - 2019-07-04 06:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-09 19:45 - 2019-07-04 06:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-09 19:45 - 2019-07-04 06:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-09 19:45 - 2019-07-04 06:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-09 19:45 - 2019-07-04 06:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-09 19:45 - 2019-07-04 06:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-09 19:45 - 2019-07-04 06:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-09 19:45 - 2019-07-04 06:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-09 19:45 - 2019-07-04 06:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-09 19:45 - 2019-07-04 06:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-09 19:45 - 2019-07-04 06:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-07-09 19:45 - 2019-07-04 06:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-07-09 19:45 - 2019-07-04 06:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-09 19:45 - 2019-07-04 06:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-09 19:45 - 2019-07-04 06:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-09 19:45 - 2019-07-04 06:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-09 19:45 - 2019-07-04 06:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-09 19:45 - 2019-07-04 06:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-09 19:45 - 2019-07-04 06:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-09 19:45 - 2019-07-04 06:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-09 19:45 - 2019-07-04 06:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-09 19:45 - 2019-07-04 06:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-09 19:45 - 2019-07-04 06:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-09 19:45 - 2019-07-04 06:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-09 19:45 - 2019-07-04 06:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-09 19:45 - 2019-07-04 06:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-07-09 19:45 - 2019-07-04 06:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-09 19:45 - 2019-07-04 06:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-09 19:45 - 2019-07-04 06:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-09 19:45 - 2019-07-04 06:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-09 19:45 - 2019-07-04 06:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-09 19:45 - 2019-07-04 06:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-09 19:45 - 2019-07-04 06:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-09 19:45 - 2019-07-04 06:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-09 19:45 - 2019-07-04 06:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-09 19:45 - 2019-07-04 06:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-09 19:45 - 2019-07-04 06:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-09 19:45 - 2019-07-04 06:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-09 19:45 - 2019-07-04 06:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-09 19:45 - 2019-07-04 06:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-09 19:45 - 2019-07-04 06:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-09 19:45 - 2019-07-04 06:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-07-09 19:45 - 2019-07-04 06:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-09 19:45 - 2019-07-04 06:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-09 19:45 - 2019-07-04 06:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-09 19:45 - 2019-07-04 06:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-09 19:45 - 2019-07-04 06:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-09 19:45 - 2019-07-04 06:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-09 19:45 - 2019-07-04 06:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-09 19:45 - 2019-07-04 06:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-09 19:45 - 2019-07-04 06:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-09 19:45 - 2019-07-04 06:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-09 19:45 - 2019-07-04 06:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-09 19:45 - 2019-07-04 06:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-09 19:45 - 2019-07-04 06:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-09 19:45 - 2019-07-04 06:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-09 19:45 - 2019-07-04 06:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-09 19:45 - 2019-07-04 06:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-09 19:45 - 2019-07-04 06:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-09 19:45 - 2019-07-04 06:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-09 19:45 - 2019-07-04 06:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-09 19:45 - 2019-07-04 06:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-09 19:45 - 2019-07-04 06:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-07-09 19:45 - 2019-07-04 06:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-09 19:45 - 2019-07-04 06:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-07-09 19:45 - 2019-07-04 06:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-09 19:45 - 2019-07-04 06:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-09 19:45 - 2019-07-04 06:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-09 19:45 - 2019-07-04 06:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-09 19:45 - 2019-07-04 06:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-09 19:45 - 2019-07-04 06:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-09 19:45 - 2019-07-04 06:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-09 19:45 - 2019-07-04 06:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-09 19:45 - 2019-07-04 06:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-09 19:45 - 2019-07-04 06:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-09 19:45 - 2019-07-04 06:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-09 19:45 - 2019-07-04 06:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-09 19:45 - 2019-07-04 06:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-09 19:45 - 2019-07-04 06:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-09 19:45 - 2019-07-04 06:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-09 19:45 - 2019-07-04 06:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-09 19:45 - 2019-07-04 06:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-09 19:45 - 2019-07-04 06:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-09 19:45 - 2019-07-04 06:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-09 19:45 - 2019-07-04 05:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-07-09 19:45 - 2019-06-21 10:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-09 19:45 - 2019-06-13 14:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-09 19:45 - 2019-06-13 14:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-09 19:45 - 2019-06-13 14:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-09 19:45 - 2019-06-13 14:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-09 19:45 - 2019-06-13 14:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-09 19:45 - 2019-06-13 13:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-09 19:45 - 2019-06-13 13:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-09 19:45 - 2019-06-13 13:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-09 19:45 - 2019-06-13 13:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-09 19:45 - 2019-06-13 13:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-09 19:45 - 2019-06-13 13:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-09 19:45 - 2019-06-13 13:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-09 19:45 - 2019-06-13 13:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-09 19:45 - 2019-06-13 13:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-09 19:45 - 2019-06-13 13:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-07-09 19:45 - 2019-06-13 13:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-07-09 19:45 - 2019-06-13 13:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-07-09 19:45 - 2019-06-13 13:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-07-09 19:45 - 2019-06-13 13:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-09 19:45 - 2019-06-13 13:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-09 19:45 - 2019-06-13 13:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-09 19:45 - 2019-06-13 13:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-09 19:45 - 2019-06-13 13:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-09 19:45 - 2019-06-13 13:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-09 19:45 - 2019-06-13 13:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-09 19:45 - 2019-06-13 13:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-09 19:45 - 2019-06-13 13:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-09 19:45 - 2019-06-13 13:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-09 19:45 - 2019-06-13 13:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-09 19:45 - 2019-06-13 13:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-09 19:45 - 2019-06-13 13:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-09 19:45 - 2019-06-13 13:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-09 19:45 - 2019-06-13 13:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-09 19:45 - 2019-06-13 13:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-09 19:45 - 2019-06-13 13:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-09 19:45 - 2019-06-13 13:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-09 19:45 - 2019-06-13 13:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-09 19:45 - 2019-06-13 13:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-07-09 19:45 - 2019-06-13 13:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-09 19:45 - 2019-06-13 13:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-09 19:45 - 2019-06-13 12:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-07-09 19:45 - 2019-06-13 12:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-09 19:45 - 2019-06-13 12:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-09 19:45 - 2019-06-13 12:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-09 19:45 - 2019-06-13 11:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-09 19:45 - 2019-06-13 11:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-09 19:45 - 2019-06-13 11:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-09 19:45 - 2019-06-13 11:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-07-09 19:45 - 2019-06-13 11:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-09 19:45 - 2019-06-13 11:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-09 19:45 - 2019-06-13 11:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-09 19:45 - 2019-06-13 11:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-09 19:45 - 2019-06-13 09:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-07-09 19:45 - 2019-06-13 09:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-09 19:45 - 2019-06-13 09:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-09 19:45 - 2019-06-13 09:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-09 19:45 - 2019-06-13 09:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-09 19:45 - 2019-06-13 08:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-09 19:45 - 2019-06-13 08:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-09 19:45 - 2019-06-13 08:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-09 19:45 - 2019-06-13 08:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-09 19:45 - 2019-06-13 08:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-07-09 19:45 - 2019-06-13 08:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-09 19:45 - 2019-06-13 08:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-09 19:45 - 2019-06-13 08:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-09 19:45 - 2019-06-13 08:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-09 19:45 - 2019-06-13 08:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-07-09 19:45 - 2019-06-13 08:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-09 19:45 - 2019-06-13 08:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-07-09 19:45 - 2019-06-13 08:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-07-09 19:45 - 2019-06-13 08:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-07-09 19:45 - 2019-06-13 08:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-09 19:45 - 2019-06-13 08:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-07-09 19:45 - 2019-06-13 08:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-09 19:45 - 2019-06-13 08:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-09 19:45 - 2019-06-13 08:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-09 19:45 - 2019-06-13 08:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-07-09 19:45 - 2019-06-13 08:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-07-09 19:45 - 2019-06-13 08:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-07-09 19:45 - 2019-06-13 08:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-07-09 19:45 - 2019-06-13 08:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-09 19:45 - 2019-06-13 08:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-09 19:45 - 2019-06-13 08:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-09 19:45 - 2019-06-13 08:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-09 19:45 - 2019-06-13 08:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-09 19:45 - 2019-06-13 08:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-09 19:45 - 2019-06-13 08:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-09 19:45 - 2019-06-13 08:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-07-09 19:45 - 2019-06-13 08:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-09 19:45 - 2019-06-13 08:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-09 19:45 - 2019-06-13 08:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-09 19:45 - 2019-06-13 08:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-07-09 19:45 - 2019-06-13 08:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-09 19:45 - 2019-06-13 08:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-09 19:45 - 2019-06-13 08:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-09 19:45 - 2019-06-13 08:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-09 19:45 - 2019-06-13 08:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-09 19:45 - 2019-06-13 08:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-07-09 19:45 - 2019-06-13 08:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-09 19:45 - 2019-06-13 08:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-09 19:45 - 2019-06-13 08:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-07-09 19:45 - 2019-06-13 08:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-09 19:45 - 2019-06-13 08:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-07-09 19:45 - 2019-06-13 08:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-09 19:45 - 2019-06-13 08:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-09 19:45 - 2019-06-13 08:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-09 19:45 - 2019-06-13 08:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-09 19:45 - 2019-06-13 08:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-09 19:45 - 2019-06-13 07:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-09 19:45 - 2019-06-13 07:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-07-09 19:45 - 2019-06-13 07:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-07-09 19:45 - 2019-06-13 07:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-09 19:45 - 2019-06-13 07:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-09 19:45 - 2019-06-13 07:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-07-09 19:45 - 2019-06-13 07:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-07-09 19:45 - 2019-06-13 06:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-07-09 19:45 - 2019-06-13 06:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2019-07-09 19:45 - 2019-06-13 06:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-07-09 19:45 - 2019-06-13 06:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-09 19:45 - 2019-06-13 06:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-09 19:45 - 2019-06-13 06:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-09 19:45 - 2019-06-13 06:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-09 19:45 - 2019-06-13 06:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-09 19:45 - 2019-06-13 06:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-09 19:45 - 2019-06-13 06:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-09 19:45 - 2019-06-13 06:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-07-09 19:45 - 2019-06-13 06:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-07-09 19:45 - 2019-06-13 06:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-07-09 19:45 - 2019-06-13 06:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-09 19:45 - 2019-06-13 06:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-09 19:45 - 2019-06-13 06:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-09 19:45 - 2019-06-13 06:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-06-29 14:45 - 2019-06-29 14:45 - 000031744 _____ C:\Users\Katka\Downloads\planovaci-kalendar-2019-CZ.xls
2019-06-29 12:55 - 2019-06-29 12:55 - 000363400 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-06-29 12:55 - 2019-06-29 12:55 - 000225816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-06-29 12:55 - 2019-06-29 12:55 - 000169112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-22 19:26 - 2018-06-02 09:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-22 19:01 - 2017-10-09 19:48 - 000000000 ____D C:\Users\Katka\Documents\The Witcher 3
2019-07-22 18:57 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-22 18:50 - 2018-10-13 12:39 - 000003826 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-07-22 18:50 - 2018-10-13 12:39 - 000003530 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-07-22 18:50 - 2018-08-05 12:17 - 000003152 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-22 18:50 - 2018-08-05 12:17 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-22 18:50 - 2018-08-05 12:17 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-22 18:50 - 2018-08-05 12:17 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-22 18:50 - 2018-08-05 12:17 - 000002914 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-22 18:50 - 2018-07-07 13:10 - 000002988 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-07-22 18:50 - 2018-07-07 13:10 - 000002216 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-07-22 18:50 - 2018-06-02 09:25 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-07-22 18:50 - 2018-06-02 09:25 - 000003400 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-07-22 18:50 - 2018-06-02 09:25 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-22 18:50 - 2018-06-02 09:25 - 000003196 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-22 18:50 - 2018-06-02 09:25 - 000003176 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-07-22 18:50 - 2018-06-02 09:25 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-22 18:50 - 2018-06-02 09:25 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-22 18:50 - 2018-06-02 09:25 - 000002856 _____ C:\WINDOWS\System32\Tasks\HPJumpStartLaunch
2019-07-22 18:50 - 2018-06-02 09:25 - 000002854 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2072171445-3948342329-90923121-1001
2019-07-22 18:50 - 2018-06-02 09:25 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-22 18:50 - 2018-06-02 09:25 - 000002798 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForKatka
2019-07-22 18:50 - 2018-06-02 09:25 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-22 18:50 - 2018-06-02 09:25 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-07-22 18:50 - 2018-01-11 20:55 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForKatka.job
2019-07-22 18:38 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-07-22 18:05 - 2018-06-02 09:19 - 001881544 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-22 18:05 - 2018-04-12 17:50 - 000781248 _____ C:\WINDOWS\system32\perfh005.dat
2019-07-22 18:05 - 2018-04-12 17:50 - 000177796 _____ C:\WINDOWS\system32\perfc005.dat
2019-07-22 18:01 - 2017-10-22 23:20 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-22 18:00 - 2018-07-09 20:41 - 000000514 _____ C:\WINDOWS\Tasks\Avast Driver Updater Startup.job
2019-07-22 18:00 - 2018-06-23 14:12 - 000000000 ____D C:\Users\Katka\AppData\Local\AVAST Software
2019-07-22 17:59 - 2018-07-09 20:41 - 000025608 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2019-07-22 17:59 - 2018-06-02 09:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-22 17:59 - 2018-04-11 23:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-07-22 17:59 - 2017-10-04 17:36 - 000000000 __SHD C:\Users\Katka\IntelGraphicsProfiles
2019-07-22 11:48 - 2018-10-07 07:58 - 000000000 ____D C:\Users\Katka\AppData\Local\D3DSCache
2019-07-22 11:42 - 2018-07-07 13:10 - 000000000 ____D C:\Program Files\CCleaner
2019-07-22 10:59 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-22 10:48 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-22 09:28 - 2017-10-07 20:09 - 000000000 ____D C:\Users\Katka\AppData\Roaming\uTorrent
2019-07-22 09:28 - 2017-10-04 18:36 - 000000000 ____D C:\Users\Katka\AppData\Roaming\hpqLog
2019-07-22 09:27 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-22 09:25 - 2017-10-04 18:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-22 09:22 - 2017-10-04 19:13 - 000000000 ____D C:\ProgramData\AVAST Software
2019-07-22 09:14 - 2017-11-20 18:48 - 000000000 ___RD C:\Users\Katka\3D Objects
2019-07-22 09:14 - 2016-07-29 14:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-14 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-07-14 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-14 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-14 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-14 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-14 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-14 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-14 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-14 14:45 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-14 14:44 - 2017-12-01 10:24 - 000000000 ____D C:\Users\Katka\AppData\Local\Ubisoft Game Launcher
2019-07-14 12:47 - 2018-06-02 09:25 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-07-14 12:47 - 2016-11-24 04:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-07-13 20:08 - 2018-06-02 09:19 - 000002368 _____ C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-13 20:08 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-13 20:08 - 2017-10-04 17:37 - 000000000 ___RD C:\Users\Katka\OneDrive
2019-07-13 20:01 - 2017-10-07 17:06 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-13 19:58 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-07-13 19:58 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-07-09 19:38 - 2017-10-07 17:06 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-04 23:25 - 2017-10-07 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-07-04 23:25 - 2017-10-07 20:38 - 000000000 ____D C:\Program Files\7-Zip
2019-06-29 12:55 - 2019-02-13 19:06 - 000549416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2019-06-29 12:55 - 2019-01-14 18:51 - 000263224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-06-29 12:55 - 2019-01-05 21:06 - 000206056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-06-29 12:55 - 2019-01-05 21:06 - 000061688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-06-29 12:55 - 2018-11-05 07:12 - 000042504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-06-29 12:55 - 2017-11-19 18:37 - 001030992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-06-29 12:55 - 2017-11-19 18:37 - 000477288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-06-29 12:55 - 2017-11-19 18:37 - 000387392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-06-29 12:55 - 2017-11-19 18:37 - 000209256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-06-29 12:55 - 2017-11-19 18:37 - 000112520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-06-29 12:55 - 2017-11-19 18:37 - 000088160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-06-29 12:49 - 2019-06-13 21:21 - 000004294 _____ C:\WINDOWS\System32\Tasks\Avast SecureLine VPN Update
2019-06-23 18:43 - 2017-10-08 19:38 - 000000000 ____D C:\Program Files\UNP
2019-06-22 13:35 - 2017-10-08 19:38 - 000000000 ____D C:\Program Files\rempl

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Katka (22-07-2019 19:28:40)
Running from C:\Users\Katka\Desktop
Windows 10 Home Version 1803 17134.885 (X64) (2018-06-02 07:25:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2072171445-3948342329-90923121-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2072171445-3948342329-90923121-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2072171445-3948342329-90923121-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2072171445-3948342329-90923121-501 - Limited - Disabled)
Katka (S-1-5-21-2072171445-3948342329-90923121-1001 - Administrator - Enabled) => C:\Users\Katka
WDAGUtilityAccount (S-1-5-21-2072171445-3948342329-90923121-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\uTorrent) (Version: 3.5.5.45271 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
Aktualizace NVIDIA 36.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 36.0.0.0 - NVIDIA Corporation) Hidden
Anno 1404 (HKLM-x32\...\Uplay Install 89) (Version: - Ubisoft)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 19.1.7611 - AVAST Software)
Avast Driver Updater (HKLM-x32\...\{8804140C-3144-4075-9526-1C662E26CA17}) (Version: 2.5.5 - AVAST Software) Hidden
Avast Driver Updater (HKLM-x32\...\Avast Driver Updater) (Version: 2.5.5 - AVAST Software)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 5.2.429 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.72.1082 - AB Team, d.o.o.)
calibre (HKLM-x32\...\{7EA1BF8A-65C7-4780-8F2E-3612F22FE8AA}) (Version: 3.14.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3426 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 411.63 - NVIDIA Corporation) Hidden
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
ExpressVPN (HKLM-x32\...\{761844fc-6d43-4279-8f64-111c5ff0a78e}) (Version: 7.0.1.7156 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B846CD9325}) (Version: 7.0.1.7156 - ExpressVPN) Hidden
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HP 3D DriveGuard (HKLM-x32\...\{8F183B2E-D21D-4070-8132-DD39C3CBFA5C}) (Version: 6.0.41.1 - HP)
HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8361.5688 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{DFBDDDB3-D753-4454-84E9-2D3D96E89EFF}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{14D126AD-8249-45B4-B6F0-175939F8F894}) (Version: 12.11.24.11 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{ABE95EB9-5EA1-42A3-8009-BA7602127ED6}) (Version: 1.4.25 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{F5852AA8-30EA-495B-84B4-C2403C935D6F}) (Version: 1.1.19.1 - HP)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1069 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{BB0C4AC6-0E52-4956-8245-4C715E85FF09}) (Version: 19.11.1639.0649 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel(R) Corporation) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Codec Pack 13.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.5.5 - KLCP)
Malwarebytes verze 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Manager (HKLM-x32\...\{BF3644FF-E4CA-4B2F-B664-09C9869376AD}) (Version: 5.0.29.838 - 2017 pdfforge GmbH. All rights reserved) Hidden
Microsoft Office 2016 pre študentov a domácnosti - sk-sk (HKLM\...\HomeStudentRetail - sk-sk) (Version: 16.0.11727.20244 - Microsoft Corporation)
Microsoft Office 2016 pro domácnosti - cs-cz (HKLM\...\HomeStudentRetail - cs-cz) (Version: 16.0.11727.20244 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.11727.20244 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.65.2 - Black Tree Gaming)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.18.0.102 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.18.0.102 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.37.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.5 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 411.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 411.63 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Ochrana koncového bodu Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1930.429 - Trusteer)
OpenOffice 4.1.4 (HKLM-x32\...\{6CA4F7F3-B909-4292-B791-AAA959155DE0}) (Version: 4.14.9788 - Apache Software Foundation)
Ovládací panel NVIDIA 411.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 411.63 - NVIDIA Corporation) Hidden
PDF Architect 5 (HKLM-x32\...\PDF Architect 5) (Version: 5.1.28.36004 - pdfforge GmbH)
PDF Architect 5 Create Module (HKLM\...\{E6BB3749-AC9F-4BDE-84D9-1E22EF689573}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 Edit Module (HKLM\...\{CC1439A7-3054-4C5F-AF60-7F770DAD7793}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDF Architect 5 View Module (HKLM\...\{23AFD2CD-3930-451E-A27C-07A9457CE07F}) (Version: 5.1.28.35989 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.1.0 - pdfforge GmbH)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1930.429 - Trusteer) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.13.1223.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
Sweet Home 3D version 5.6 (HKLM\...\Sweet Home 3D_is1) (Version: 5.6 - eTeks)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
The Witcher 3: Wild Hunt - Game of the Year Edition (HKLM-x32\...\1495134320_is1) (Version: 1.32 - GOG.com)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 45.0 - Ubisoft)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)

Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t [2018-06-30] (Amazon.com)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-06-02] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.8.4.0_x86__kgqvnymyfvs32 [2019-07-22] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.143.600.0_x86__kgqvnymyfvs32 [2019-07-14] (king.com)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2017-10-07] (HP Inc.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.1.0.6_x86__h6adky7gbf63m [2019-06-22] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-29] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-22] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-22] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.12.28.0_x64__8wekyb3d8bbwe [2019-07-09] (Microsoft Studios)
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-22] (Microsoft Corporation) [MS Ad]
Pošta a Kalendář -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-09] (Microsoft Corporation) [MS Ad]
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_5.5.13.0_x64__kx24dqmazqk8j [2019-05-25] (Random Salad Games LLC) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2072171445-3948342329-90923121-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PDFArchitect5_ManagerExt] -> {00B7B69F-6774-4906-9C7F-7D117A3644A9} => C:\Program Files\PDF Architect 5\context-menu.dll [2017-11-29] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2017-10-19] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki126176.inf_amd64_694219dc1ebc939c\igfxDTCM.dll [2018-01-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-09-18] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Hudba Google Play.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) ==============

2017-12-22 19:13 - 2016-09-12 15:53 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
2019-03-21 10:16 - 2019-03-21 10:16 - 000303104 _____ () [File not signed] C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.SplitTunnel.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 000545792 _____ () [File not signed] C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2019-07-22 10:35 - 2019-07-22 10:35 - 000156672 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\a8f472c0e00e1e2dbf326a59eb37a1e1\BRIDGECommon.ni.dll
2019-07-22 10:36 - 2019-07-22 10:36 - 000116736 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\c8e4a8ff4860b105456e4e6f32e846b6\BridgeExtension.ni.dll
2019-07-22 10:36 - 2019-07-22 10:36 - 000329728 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\d55b503fa46d4715e8d96d3948cc7654\CleanStartController.ni.dll
2016-11-24 04:03 - 2016-10-07 16:17 - 001309184 _____ (HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe
2019-07-22 10:36 - 2019-07-22 10:36 - 000131072 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\24bf5ebb88d95b71ce480f5873bfa8ce\CommonPortable.ni.dll
2019-07-22 10:36 - 2019-07-22 10:36 - 000157184 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\HPJumpStartBridge\e5eb4f6a673b4a70242fc3a587e33c6d\HPJumpStartBridge.ni.exe
2019-03-21 10:16 - 2019-03-21 10:16 - 000368640 _____ (Iain Patterson) [File not signed] C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
2019-02-21 21:00 - 2019-02-21 21:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2017-12-22 18:40 - 2017-12-22 18:40 - 000117248 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll
2019-03-13 20:54 - 2018-09-05 22:32 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\SecureLine\libcrypto-1_1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2019-01-04 10:22 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Calibre2\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-2072171445-3948342329-90923121-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DB99AE5A-2AC4-47AF-9E63-DAB25E4E5E08}] => (Allow) D:\Downloads\Hry\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{00089AE8-36AA-4FA4-9E04-58AF70C94508}] => (Allow) D:\Downloads\Hry\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (Bethesda Softworks -> ZeniMax Media Inc.)
FirewallRules: [{CF2D976A-5E9D-4B00-A160-4FD1EC5A0F19}] => (Allow) D:\Downloads\Hry\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{D94A4194-EF13-4BAF-8AB7-4F37385C5F58}] => (Allow) D:\Downloads\Hry\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{1A797BCD-3E89-4231-9FAF-C1FC381F14CC}] => (Allow) D:\Downloads\Hry\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{30ACCD3B-CA38-40BA-A584-EDFDD7DD289F}] => (Allow) D:\Downloads\Hry\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{1C2FAAB8-CCBD-4F73-8E3B-CDA177495738}] => (Allow) D:\Downloads\Hry\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{76F2D7F8-1E3F-453E-A2AB-89726F86B9FD}] => (Allow) D:\Downloads\Hry\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{AF812EED-3D5D-4699-8648-CEFA876A8E29}] => (Allow) C:\Users\Katka\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{2B654452-D299-4624-B668-FDAB074220C4}] => (Allow) C:\Users\Katka\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C27153ED-28EF-40CE-8762-AC7F966D03AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8FD2CD43-5FBF-4845-9646-34926FFF443E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1C55AFC8-904D-47AB-A83F-4C6850AF51F2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0E13D799-4D2F-47DA-B384-BB20F1CB1861}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{496805E9-786D-40BA-B14F-BF536712B9C5}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
FirewallRules: [{CA597FE2-0AB9-4B9B-BA22-9211B55DFCA0}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
FirewallRules: [{D98B2ED2-F81E-40DD-81F8-291294E571F6}] => (Allow) D:\Hry\Anno 2070\Anno5.exe (Related Designs Software -> Related Designs) [File not signed]
FirewallRules: [{25EDEC65-6822-4EEF-99E6-7F85C545C288}] => (Allow) D:\Hry\Anno 2070\Anno5.exe (Related Designs Software -> Related Designs) [File not signed]
FirewallRules: [{85A9EE73-5085-4DFE-B55A-C36DF9DD6FD8}] => (Allow) D:\Hry\Anno 2070\AutoPatcher.exe (Related Designs Software -> Related Designs Software) [File not signed]
FirewallRules: [{A5AA1263-EEEF-4743-AC29-B34668AE9A02}] => (Allow) D:\Hry\Anno 2070\AutoPatcher.exe (Related Designs Software -> Related Designs Software) [File not signed]
FirewallRules: [{B5371340-7B8D-4016-A81E-454DE40680C7}] => (Allow) D:\Hry\Anno 2070\InitEngine.exe (Related Designs Software -> ) [File not signed]
FirewallRules: [{73C966DC-D8C9-477C-A01B-FDD17EBB4FD1}] => (Allow) D:\Hry\Anno 2070\InitEngine.exe (Related Designs Software -> ) [File not signed]
FirewallRules: [{71973776-0C6B-44FD-9863-822E30DCF6E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{59BDD28E-7AE7-48F6-9124-53CC7F6A9515}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{84C5B358-7C1D-438E-90E5-F3776278A53B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{D8C63DB5-BCB7-457C-914E-B5FB22426499}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{775F639B-E2B6-41CA-9AC6-0E56BC851057}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\Anno4.exe (Related Designs Software -> Related Designs)
FirewallRules: [{C1B984AD-6296-47C8-A146-2F486FB58B1E}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\Anno4.exe (Related Designs Software -> Related Designs)
FirewallRules: [{AB7BB8F6-06D0-47CC-9EAB-E4493625AFCD}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\Addon.exe (Related Designs Software -> Related Designs)
FirewallRules: [{1015A88A-7416-4E91-9B13-BBE9B7F8162F}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\Addon.exe (Related Designs Software -> Related Designs)
FirewallRules: [{A3A39C26-2078-4FE9-B6C8-363707761AD5}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\tools\Anno4Web.exe () [File not signed]
FirewallRules: [{42E642E5-508E-4683-BCA3-55D3664E1BB6}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\tools\Anno4Web.exe () [File not signed]
FirewallRules: [{E124D112-DB77-4430-86F8-F50162EE06E1}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\tools\AddonWeb.exe No File
FirewallRules: [{B1D0CAA2-95FE-45B7-8EC8-9CD9F3C1D02C}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\tools\AddonWeb.exe No File
FirewallRules: [{CB0E2D8A-6A7F-4AA7-B85D-EEABF09CAB3E}] => (Allow) D:\Downloads\Hry\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{25CB711D-A8CD-44C6-B76C-4040D591C190}] => (Allow) D:\Downloads\Hry\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E9D5ED19-7D5D-43DC-A6B6-1C26081BFD56}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BE98759E-B9DD-442A-9C11-7221ECB198A8}] => (Allow) C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{1D6398D8-AC10-407F-90C4-2DAFE677F791}] => (Allow) C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{63B998F2-1F26-498C-9FA8-40A77278C1E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{99482787-BED7-424B-AEBA-840FDF838DBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{09E6136E-A12F-4DF1-AC1D-122531D389E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E3FF8AF9-FA2C-49CC-A109-7F07BCD3FAAA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1493BC3B-DB27-4E17-BC79-06CF3147DB20}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{0D71EF09-B730-4B13-8452-BAB332B82A0B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118.01 GB) (Free:24.14 GB) (20%)

==================== Faulty Device Manager Devices =============

Name: ExpressVPN Tap Adapter
Description: ExpressVPN Tap Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2019 04:55:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1938

Error: (07/22/2019 04:55:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1938

Error: (07/22/2019 04:55:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/22/2019 10:59:13 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (4004,R,98) WebCacheLocal: Při otevírání souboru protokolu C:\Users\Katka\AppData\Local\Microsoft\Windows\WebCache\V0100006.log došlo k chybě -1811 (0xfffff8ed).

Error: (07/14/2019 01:05:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro D:\Hry\Ubisoft Game Launcher\games\Anno 1404\Support\Utils\GDFInstaller.exe se nezdařilo.
Závislé sestavení Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (07/14/2019 01:05:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro D:\Hry\Ubisoft Game Launcher\games\Anno 1404\Support\Utils\GDFInstaller.exe se nezdařilo.
Závislé sestavení Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (07/07/2019 02:23:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9687

Error: (07/07/2019 02:23:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9687


System errors:
=============
Error: (07/22/2019 07:29:36 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-ILMEP1E6)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli LAPTOP-ILMEP1E6\Katka (SID: S-1-5-21-2072171445-3948342329-90923121-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/22/2019 06:51:10 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-ILMEP1E6)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli LAPTOP-ILMEP1E6\Katka (SID: S-1-5-21-2072171445-3948342329-90923121-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/22/2019 06:39:20 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-ILMEP1E6)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli LAPTOP-ILMEP1E6\Katka (SID: S-1-5-21-2072171445-3948342329-90923121-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/22/2019 06:01:13 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-ILMEP1E6)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli LAPTOP-ILMEP1E6\Katka (SID: S-1-5-21-2072171445-3948342329-90923121-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/22/2019 05:59:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/22/2019 05:59:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/22/2019 05:58:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv04.dll

Error: (07/22/2019 05:58:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv04.dll


CodeIntegrity:
===================================

Date: 2019-07-22 10:51:22.475
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-22 10:51:22.429
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-22 10:51:22.422
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-22 10:51:22.415
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-22 10:51:22.406
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-22 10:51:22.390
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-22 10:51:22.384
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-07-22 10:51:22.354
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.

==================== Memory info ===========================

BIOS: Insyde F.48 06/22/2018
Motherboard: HP 8217
Processor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 51%
Total physical RAM: 8077.22 MB
Available physical RAM: 3888.95 MB
Total Virtual: 12429.22 MB
Available Virtual: 6253.18 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:118.01 GB) (Free:24.14 GB) NTFS
Drive d: (DATA) (Fixed) (Total:919.78 GB) (Free:75.13 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:11.73 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:14.31 GB) (Free:1.54 GB) FAT32

\\?\Volume{eab14c7b-26ad-4664-b671-2d042d1c86eb}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.47 GB) NTFS
\\?\Volume{29b57022-759f-4931-ad47-33dbd9a71362}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 3DCEC070)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 65A4602B)

Partition: GPT.

========================================================
Disk: 2 (Protective MBR) (Size: 14.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Uživatelský avatar
igi
Site Admin
Site Admin
Příspěvky: 59
Registrován: 18 led 2003 02:08

Re: Dvakrát ukradený účet Steam

#6 Příspěvek od igi »

Ahoj,

logy prohlídne někdo jinej, nicméně co se týká Steamu, doporučuji tam zprovoznit tohle:

https://support.steampowered.com/kb_art ... -RTUI-9218

A ideálně dvoufaktorovou autentizaci používat i jinde, Facebook, Twitter, Instagram, Gmail, ...
Obrázek

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Dvakrát ukradený účet Steam

#7 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {12D4BFBB-330D-4BB8-9963-7FFEFD3D6D3D} - System32\Tasks\{E6FA35FB-C726-4A62-A64B-0B983B2DEC6A} => C:\windows\system32\pcalua.exe -a D:\Hry\Anno\Anno4.exe -d D:\Hry\Anno
Task: {82D0C186-27A6-4C4E-946F-251406A1B621} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-04] (Google Inc -> Google Inc.)
Task: {AAEEAEA7-55A6-4A3B-8FA4-902CCEE4E3D6} - System32\Tasks\{A8C42E80-3BFB-4D5A-B765-E5B1504DB54C} => C:\windows\system32\pcalua.exe -a D:\Hry\Anno4.exe -d D:\Hry
Task: {FE9F30EC-D9DA-4502-82F2-F121BD0D3180} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F8B9DBD5-F9FC-41CD-B832-421525C1275B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-04] (Google Inc -> Google Inc.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HCTE
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HCTE
CHR DefaultSearchURL: Default -> hxxp://private.searchplanet.online/sear ... &s=59pr&q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://sug.searchplanet.online/search/index_sg.php?q={searchTerms}
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{1A797BCD-3E89-4231-9FAF-C1FC381F14CC}] => (Allow) D:\Downloads\Hry\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{30ACCD3B-CA38-40BA-A584-EDFDD7DD289F}] => (Allow) D:\Downloads\Hry\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{C27153ED-28EF-40CE-8762-AC7F966D03AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8FD2CD43-5FBF-4845-9646-34926FFF443E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1C55AFC8-904D-47AB-A83F-4C6850AF51F2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0E13D799-4D2F-47DA-B384-BB20F1CB1861}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E124D112-DB77-4430-86F8-F50162EE06E1}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\tools\AddonWeb.exe No File
FirewallRules: [{B1D0CAA2-95FE-45B7-8EC8-9CD9F3C1D02C}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\tools\AddonWeb.exe No File

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Kaatcha
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 22 črc 2019 10:30

Re: Dvakrát ukradený účet Steam

#8 Příspěvek od Kaatcha »

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by Katka (22-07-2019 20:16:43) Run:1
Running from C:\Users\Katka\Desktop
Loaded Profiles: defaultuser0 & Katka (Available Profiles: defaultuser0 & Katka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {12D4BFBB-330D-4BB8-9963-7FFEFD3D6D3D} - System32\Tasks\{E6FA35FB-C726-4A62-A64B-0B983B2DEC6A} => C:\windows\system32\pcalua.exe -a D:\Hry\Anno\Anno4.exe -d D:\Hry\Anno
Task: {82D0C186-27A6-4C4E-946F-251406A1B621} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-04] (Google Inc -> Google Inc.)
Task: {AAEEAEA7-55A6-4A3B-8FA4-902CCEE4E3D6} - System32\Tasks\{A8C42E80-3BFB-4D5A-B765-E5B1504DB54C} => C:\windows\system32\pcalua.exe -a D:\Hry\Anno4.exe -d D:\Hry
Task: {FE9F30EC-D9DA-4502-82F2-F121BD0D3180} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F8B9DBD5-F9FC-41CD-B832-421525C1275B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-04] (Google Inc -> Google Inc.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HCTE
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HCTE
CHR DefaultSearchURL: Default -> hxxp://private.searchplanet.online/sear ... &s=59pr&q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://sug.searchplanet.online/search/index_sg.php?q={searchTerms}
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{1A797BCD-3E89-4231-9FAF-C1FC381F14CC}] => (Allow) D:\Downloads\Hry\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{30ACCD3B-CA38-40BA-A584-EDFDD7DD289F}] => (Allow) D:\Downloads\Hry\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{C27153ED-28EF-40CE-8762-AC7F966D03AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8FD2CD43-5FBF-4845-9646-34926FFF443E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1C55AFC8-904D-47AB-A83F-4C6850AF51F2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0E13D799-4D2F-47DA-B384-BB20F1CB1861}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E124D112-DB77-4430-86F8-F50162EE06E1}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\tools\AddonWeb.exe No File
FirewallRules: [{B1D0CAA2-95FE-45B7-8EC8-9CD9F3C1D02C}] => (Allow) D:\Hry\Ubisoft Game Launcher\games\Anno 1404\tools\AddonWeb.exe No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12D4BFBB-330D-4BB8-9963-7FFEFD3D6D3D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12D4BFBB-330D-4BB8-9963-7FFEFD3D6D3D}" => removed successfully
C:\WINDOWS\System32\Tasks\{E6FA35FB-C726-4A62-A64B-0B983B2DEC6A} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E6FA35FB-C726-4A62-A64B-0B983B2DEC6A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82D0C186-27A6-4C4E-946F-251406A1B621}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82D0C186-27A6-4C4E-946F-251406A1B621}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAEEAEA7-55A6-4A3B-8FA4-902CCEE4E3D6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAEEAEA7-55A6-4A3B-8FA4-902CCEE4E3D6}" => removed successfully
C:\WINDOWS\System32\Tasks\{A8C42E80-3BFB-4D5A-B765-E5B1504DB54C} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A8C42E80-3BFB-4D5A-B765-E5B1504DB54C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE9F30EC-D9DA-4502-82F2-F121BD0D3180}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE9F30EC-D9DA-4502-82F2-F121BD0D3180}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8B9DBD5-F9FC-41CD-B832-421525C1275B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8B9DBD5-F9FC-41CD-B832-421525C1275B}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL" => removed successfully
HKU\S-1-5-21-2072171445-3948342329-90923121-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A797BCD-3E89-4231-9FAF-C1FC381F14CC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{30ACCD3B-CA38-40BA-A584-EDFDD7DD289F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C27153ED-28EF-40CE-8762-AC7F966D03AF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8FD2CD43-5FBF-4845-9646-34926FFF443E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C55AFC8-904D-47AB-A83F-4C6850AF51F2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0E13D799-4D2F-47DA-B384-BB20F1CB1861}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E124D112-DB77-4430-86F8-F50162EE06E1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B1D0CAA2-95FE-45B7-8EC8-9CD9F3C1D02C}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5468482 B
Java, Flash, Steam htmlcache => 214453998 B
Windows/system/drivers => 5062783 B
Edge => 28590 B
Chrome => 17267139 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 6656 B
LocalService => 0 B
NetworkService => 6656 B
NetworkService => 0 B
defaultuser0 => 6656 B
Katka => 41065863 B

RecycleBin => 128390 B
EmptyTemp: => 280.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:17:07 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Dvakrát ukradený účet Steam

#9 Příspěvek od Rudy »

Smazáno, log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět