Nesmazatelný soubor a divné cvrlikání

[Doobee]

Zdravím. S mým notebookem mám asi měsíc trochu problém. Je to přesně jako v názvu téma. Z ničeho nic občas vydává zvuk cvrlikání. První sem myslel, že to může být nějaký chladič, nebo snad mechanika, ale zdá se to úplně náhodné, tak mi to trochu nedává smysl.
Navíc mi BitDefender hlásí nález Ransom viru. Soubor se rád přejmenovává a taky umí zmizet. Když sem notebook spustil v nouzovém režimu, soubor ani složku s ním jsem nenašel. Ve windows zase nejde smazat. Nález mi to zahlásí, ale souboru se to nezbaví. Výkon není nějak vyloženě postižený, ale chování je občas nesmyslné. Stalo se mi, že se místo vypnutí restartoval a vrátil na přihlašovací obrazovku několikrát po sobě, nešel restartovat vůbec apod.
Přikládám v obrázku název a cestu k napadenému souboru.
Na dotaz přiložím logy, které si vyžádáte.

[Rudy]

Zdravím!
Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

[Doobee]

Log z FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by Doobeeczech (administrator) on LAPTOP-BQDB2DA8 (02-12-2018 11:44:19)
Running from C:\Users\Doobeeczech\Desktop
Loaded Profiles: Doobeeczech (Available Profiles: defaultuser0 & Doobeeczech)
Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxEM.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\IntelCpHDCPSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
(TeamViewer GmbH) D:\New folder\TeamViewer_Service.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\IntelCpHeciSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
() C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-01] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324488 2016-08-02] (HP)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [147016 2018-09-28] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [ZaAntiRansomware] => C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe [4230216 2018-11-21] (Check Point Software Technologies Ltd.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\Run: [] => [X]
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-26] (Valve Corporation)
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\MountPoints2: {c5bdcacd-ca86-11e8-946b-c8d3ffece6da} - "G:\HiSuiteDownLoader.exe"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0484135c-e71e-49f2-8cc4-f3733826f9cb}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2e32ed6a-eab9-47f7-98d1-efc306ba3cf1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-10-12] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-10-12] (HP Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Doobeeczech\AppData\Roaming\Mozilla\Firefox\Profiles\7wkh3Zye.default [2018-09-14]
FF Extension: (Avira Browser Safety) - C:\Users\Doobeeczech\AppData\Roaming\Mozilla\Firefox\Profiles\7wkh3Zye.default\Extensions\abs@avira.com [2018-09-14]
FF Extension: (Avira Password Manager) - C:\Users\Doobeeczech\AppData\Roaming\Mozilla\Firefox\Profiles\7wkh3Zye.default\Extensions\passwordmanager@avira.com [2018-09-14]
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-09-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-09-13] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.cz/
CHR StartupUrls: Default -> "hxxp://websearch.search-guide.info/?pid=518&r=2013/11/12&hid=9512509551006325946&lg=EN&cc=CZ&unqvl=40"
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default [2018-12-02]
CHR Extension: (Prezentace) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-13]
CHR Extension: (Dokumenty) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-13]
CHR Extension: (Disk Google) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (YouTube) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-13]
CHR Extension: (Tabulky) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-13]
CHR Extension: (Avira Browser Safety) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-10-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-13]
CHR Extension: (AdBlock) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-10-14]
CHR Extension: (wide awake theme) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghojamolcelbkfdejjhaliddkkhhpeb [2018-09-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-13]
CHR Extension: (Unfriend Finder) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\olljnkilmblncgcghhaodkpdcnokhpah [2018-09-13]
CHR Extension: (Gmail) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-13]
CHR Extension: (Chrome Media Router) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-19]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2195280 2018-03-22] (Bitdefender)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-09-25] ()
R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [2571512 2018-08-27] (Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33016 2018-10-25] ()
R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33016 2018-10-25] ()
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-09-19] (Intel Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2017-12-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-05] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265864 2018-03-19] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2268992 2018-10-27] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3129160 2018-10-27] (Electronic Arts)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1284032 2018-07-31] (Bitdefender)
R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [18168 2018-08-29] (Check Point Software Technologies Ltd.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2016-12-01] (Realtek Semiconductor)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R2 TeamViewer; D:\New folder\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH)
R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [262904 2018-11-13] (Check Point Software Technologies Ltd.)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [246688 2018-11-13] (Bitdefender)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4210584 2018-09-28] (Check Point Software Technologies Ltd.)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [341136 2018-11-13] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [246688 2018-11-13] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation)
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [56688 2018-04-16] (Check Point Software Technologies Ltd.)
R2 ZAARUpdateService; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe [47688 2018-11-21] (Check Point Software Technologies Ltd.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2018-09-28] (Check Point Software Technologies, Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848328 2018-03-19] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [55696 2018-08-31] (HP)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1292296 2018-06-05] (BitDefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [357768 2018-08-22] (Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-04-19] (Bitdefender)
R2 cpbak; C:\WINDOWS\System32\DRIVERS\cpbak.sys [64664 2018-07-10] (Check Point Software Technologies)
R1 CPEPMon; C:\WINDOWS\System32\DRIVERS\CPEPMon.sys [104992 2018-08-23] (Check Point Software Technologies)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-09-19] (Intel Corporation)
R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [294000 2018-10-09] (BitDefender S.R.L. Bucharest, ROMANIA)
R1 epnetflt; C:\WINDOWS\system32\drivers\epnetflt.sys [121496 2018-08-09] (Check Point Software Technologies)
R1 epregflt; C:\WINDOWS\system32\drivers\epregflt.sys [110232 2018-06-12] (Check Point Software Technologies)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-09-19] (Intel Corporation)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\Gemma.sys [359584 2018-10-04] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [193184 2018-05-29] (BitDefender LLC)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [42384 2018-08-31] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel Corporation)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\Bin\ISWKL.sys [65264 2018-03-11] (Check Point Software Technologies Ltd.)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8623128 2018-04-04] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_0f797a4a7ce8ae0e\nvlddmkm.sys [17213832 2018-09-06] (NVIDIA Corporation)
S3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2018-08-14] (The OpenVPN Project)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-05] (Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [779232 2016-08-22] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [60008 2016-08-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [610128 2018-11-06] (Bitdefender)
R1 Vsdatant; C:\WINDOWS\System32\drivers\vsdatant.sys [461240 2018-09-28] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [35568 2018-08-31] (HP)
U3 aswbdisk; no ImagePath
U3 iswSvc; no ImagePath
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-02 11:44 - 2018-12-02 11:44 - 000022590 _____ C:\Users\Doobeeczech\Desktop\FRST.txt
2018-12-02 11:43 - 2018-12-02 11:44 - 000000000 ____D C:\FRST
2018-12-02 11:42 - 2018-12-02 11:42 - 002417152 _____ (Farbar) C:\Users\Doobeeczech\Desktop\FRST64.exe
2018-12-02 10:16 - 2018-12-02 10:17 - 000290168 _____ C:\WINDOWS\ntbtlog.txt
2018-12-02 10:16 - 2018-12-02 10:16 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-12-02 10:11 - 2018-12-02 10:11 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\CEF
2018-12-02 03:25 - 2018-12-02 03:25 - 002001544 _____ C:\Users\Doobeeczech\Desktop\pc-decrapifier-3.0.1.exe
2018-12-02 03:25 - 2018-12-02 03:25 - 000001086 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-12-02 03:25 - 2018-12-02 03:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-12-02 03:25 - 2018-12-02 03:25 - 000000000 ____D C:\Program Files\VS Revo Group
2018-12-02 03:24 - 2018-12-02 03:24 - 007197480 _____ (VS Revo Group ) C:\Users\Doobeeczech\Desktop\revosetup.exe
2018-11-29 10:15 - 2018-12-01 12:33 - 000000496 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2018-11-29 10:15 - 2018-08-23 15:35 - 000104992 _____ (Check Point Software Technologies) C:\WINDOWS\system32\Drivers\CPEPMon.sys
2018-11-29 10:15 - 2018-07-10 15:47 - 000064664 _____ (Check Point Software Technologies) C:\WINDOWS\system32\Drivers\cpbak.sys
2018-11-29 10:03 - 2018-11-29 10:03 - 000000000 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts
2018-11-29 10:02 - 2018-11-29 10:14 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2018-11-29 10:02 - 2018-11-29 10:02 - 000440752 _____ C:\WINDOWS\system32\Drivers\vsconfig.xml
2018-11-29 10:02 - 2018-11-29 10:02 - 000000778 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2018-11-29 10:02 - 2018-11-29 10:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2018-11-29 10:01 - 2018-11-29 10:15 - 000000000 ____D C:\ProgramData\CheckPoint
2018-11-29 10:01 - 2018-11-29 10:01 - 005299768 _____ (Check Point Software Technologies Ltd.) C:\Users\Doobeeczech\Downloads\zafwSetupWeb_154_062_17802.exe
2018-11-27 11:01 - 2018-11-27 11:01 - 000016743 _____ C:\Users\Doobeeczech\Downloads\[CzT]Tiche_misto_A_Quiet_Place_2018_WebRip_1080p_.torrent
2018-11-27 10:09 - 2018-11-27 10:09 - 000034650 _____ C:\ProgramData\agent.update.1543309788.bdinstall.bin
2018-11-27 10:08 - 2018-11-27 10:08 - 000001195 _____ C:\Users\Doobeeczech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2018-11-27 10:07 - 2018-11-27 10:07 - 000001210 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk
2018-11-27 10:07 - 2018-11-27 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free
2018-11-27 10:07 - 2018-11-27 10:07 - 000000000 ____D C:\ProgramData\Bitdefender
2018-11-27 10:07 - 2018-10-09 14:07 - 000294000 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
2018-11-27 10:07 - 2018-10-04 22:40 - 000359584 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\Gemma.sys
2018-11-27 10:07 - 2018-08-22 11:43 - 000357768 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2018-11-27 10:07 - 2018-06-05 03:32 - 001292296 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2018-11-27 10:07 - 2018-05-29 04:04 - 000193184 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2018-11-27 10:07 - 2018-04-19 21:37 - 000023032 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2018-11-27 10:06 - 2018-12-02 11:43 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2018-11-27 10:06 - 2018-11-27 10:06 - 000003802 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2018-11-27 10:06 - 2018-11-06 01:56 - 000610128 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2018-11-27 10:03 - 2018-11-27 10:09 - 000000000 ____D C:\Program Files\Bitdefender Agent
2018-11-27 10:03 - 2018-11-27 10:03 - 000104152 _____ C:\ProgramData\agent.1543309439.bdinstall.v2.bin
2018-11-27 10:03 - 2018-11-27 10:03 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2018-11-27 10:00 - 2018-11-27 10:00 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-11-27 09:56 - 2018-12-02 09:57 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-11-27 09:56 - 2018-11-27 09:56 - 000002900 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-11-27 09:56 - 2018-11-27 09:56 - 000000000 ____D C:\Program Files\CCleaner
2018-11-27 09:55 - 2018-11-27 09:55 - 018071560 _____ (Piriform Software Ltd) C:\Users\Doobeeczech\Desktop\ccsetup549.exe
2018-11-27 09:42 - 2018-11-27 09:42 - 010964152 _____ C:\Users\Doobeeczech\Desktop\bitdefender_online.exe
2018-11-21 02:53 - 2018-11-21 02:53 - 000267751 _____ C:\WINDOWS\system32\Drivers\cposfw.xml
2018-11-18 10:22 - 2018-11-18 10:23 - 000000000 ____D C:\ProgramData\Battle.net
2018-11-18 10:22 - 2018-11-18 10:22 - 002907704 _____ (Blizzard Entertainment) C:\Users\Doobeeczech\Desktop\World-of-Warcraft-Setup-enGB.exe
2018-11-15 22:15 - 2018-11-15 22:15 - 000000000 ____D C:\Users\Doobeeczech\Documents\CyberLink
2018-11-15 22:15 - 2018-11-15 22:15 - 000000000 ____D C:\Users\Doobeeczech\AppData\Roaming\CyberLink
2018-11-15 22:15 - 2018-11-15 22:15 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\CyberLink
2018-11-14 14:53 - 2018-11-01 12:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-14 14:53 - 2018-11-01 12:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-14 14:53 - 2018-11-01 12:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-14 14:53 - 2018-11-01 12:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-14 14:53 - 2018-11-01 12:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-14 14:53 - 2018-11-01 12:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-11-14 14:53 - 2018-11-01 12:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-14 14:53 - 2018-11-01 12:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-14 14:53 - 2018-11-01 12:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-14 14:53 - 2018-11-01 12:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-14 14:53 - 2018-11-01 12:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-14 14:53 - 2018-11-01 12:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-14 14:53 - 2018-11-01 12:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-14 14:53 - 2018-11-01 12:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-14 14:53 - 2018-11-01 12:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-14 14:53 - 2018-11-01 12:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-14 14:53 - 2018-11-01 12:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-14 14:53 - 2018-11-01 12:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-14 14:53 - 2018-11-01 12:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-14 14:53 - 2018-11-01 11:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-14 14:53 - 2018-11-01 10:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-14 14:53 - 2018-11-01 10:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-14 14:53 - 2018-11-01 10:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-14 14:53 - 2018-11-01 10:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-14 14:53 - 2018-11-01 10:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-11-14 14:53 - 2018-11-01 10:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-14 14:53 - 2018-11-01 10:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-14 14:53 - 2018-11-01 10:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-14 14:53 - 2018-11-01 10:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-14 14:53 - 2018-11-01 08:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-14 14:53 - 2018-11-01 08:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-14 14:53 - 2018-11-01 08:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-14 14:53 - 2018-11-01 08:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-14 14:53 - 2018-11-01 08:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-14 14:53 - 2018-11-01 08:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-14 14:53 - 2018-11-01 08:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-14 14:53 - 2018-11-01 08:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-14 14:53 - 2018-11-01 08:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-11-14 14:53 - 2018-11-01 08:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-14 14:53 - 2018-11-01 08:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-14 14:53 - 2018-11-01 08:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-14 14:53 - 2018-11-01 08:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-14 14:53 - 2018-11-01 08:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-14 14:53 - 2018-11-01 08:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-14 14:53 - 2018-11-01 08:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-14 14:53 - 2018-11-01 08:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-14 14:53 - 2018-11-01 08:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-14 14:53 - 2018-11-01 08:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-14 14:53 - 2018-11-01 08:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-14 14:53 - 2018-11-01 08:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-14 14:53 - 2018-11-01 08:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-14 14:53 - 2018-11-01 08:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-14 14:53 - 2018-11-01 08:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-14 14:53 - 2018-11-01 08:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-14 14:53 - 2018-11-01 08:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-14 14:53 - 2018-11-01 08:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-14 14:53 - 2018-11-01 08:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-14 14:53 - 2018-11-01 08:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-14 14:53 - 2018-11-01 08:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-14 14:53 - 2018-11-01 08:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-14 14:53 - 2018-11-01 08:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-14 14:53 - 2018-11-01 08:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-14 14:53 - 2018-11-01 08:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-14 14:53 - 2018-11-01 08:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-14 14:53 - 2018-11-01 08:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-14 14:53 - 2018-11-01 08:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-14 14:53 - 2018-11-01 08:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-11-14 14:53 - 2018-11-01 07:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-14 14:53 - 2018-11-01 07:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-14 14:53 - 2018-11-01 07:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-14 14:53 - 2018-11-01 07:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-14 14:53 - 2018-11-01 07:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-14 14:53 - 2018-11-01 07:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-14 14:53 - 2018-11-01 07:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-14 14:53 - 2018-11-01 07:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-14 14:53 - 2018-11-01 07:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-14 14:53 - 2018-11-01 07:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-14 14:53 - 2018-11-01 07:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-11-14 14:53 - 2018-11-01 07:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-14 14:53 - 2018-11-01 07:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-14 14:53 - 2018-11-01 07:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-14 14:53 - 2018-11-01 07:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-14 14:53 - 2018-11-01 07:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-14 14:53 - 2018-11-01 07:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-14 14:53 - 2018-11-01 07:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-14 14:53 - 2018-11-01 07:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-14 14:53 - 2018-11-01 07:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-14 14:53 - 2018-11-01 07:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-14 14:53 - 2018-11-01 07:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-14 14:53 - 2018-11-01 07:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-14 14:53 - 2018-11-01 07:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-14 14:53 - 2018-11-01 07:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-14 14:53 - 2018-11-01 07:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-14 14:53 - 2018-11-01 06:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-11-14 14:53 - 2018-11-01 06:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-11-14 14:53 - 2018-11-01 05:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-14 14:53 - 2018-11-01 05:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-14 14:53 - 2018-11-01 05:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-14 14:53 - 2018-11-01 05:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-14 14:53 - 2018-11-01 05:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-14 14:53 - 2018-11-01 05:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-14 14:53 - 2018-11-01 05:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-14 14:53 - 2018-11-01 05:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-14 14:53 - 2018-11-01 05:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-14 14:53 - 2018-11-01 05:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-14 14:53 - 2018-11-01 05:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-14 14:53 - 2018-11-01 05:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-14 14:53 - 2018-11-01 05:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-14 14:53 - 2018-11-01 05:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-14 14:53 - 2018-11-01 05:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-14 14:53 - 2018-11-01 05:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-14 14:53 - 2018-11-01 05:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-11-14 14:53 - 2018-11-01 05:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-14 14:53 - 2018-11-01 05:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-14 14:53 - 2018-11-01 05:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-14 14:53 - 2018-11-01 05:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-14 14:53 - 2018-11-01 05:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-14 14:53 - 2018-11-01 05:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-11-14 14:53 - 2018-11-01 05:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-11-14 14:53 - 2018-11-01 05:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-14 14:53 - 2018-11-01 05:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-11-14 14:53 - 2018-11-01 05:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-14 14:53 - 2018-11-01 05:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-11-14 14:53 - 2018-11-01 05:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-11-14 14:53 - 2018-11-01 05:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-11-14 14:53 - 2018-11-01 05:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-11-14 14:53 - 2018-11-01 05:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-14 14:53 - 2018-11-01 05:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-14 14:53 - 2018-11-01 05:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-11-14 14:53 - 2018-11-01 05:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-14 14:53 - 2018-11-01 05:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-14 14:53 - 2018-11-01 05:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-14 14:53 - 2018-11-01 05:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-14 14:53 - 2018-11-01 05:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-14 14:53 - 2018-11-01 05:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-11-14 14:53 - 2018-11-01 05:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-14 14:53 - 2018-11-01 05:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-11-14 14:53 - 2018-11-01 05:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-14 14:53 - 2018-11-01 05:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-14 14:53 - 2018-11-01 05:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-11-14 14:53 - 2018-11-01 05:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-14 14:53 - 2018-11-01 05:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-14 14:53 - 2018-11-01 05:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-14 14:53 - 2018-11-01 05:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-14 14:53 - 2018-11-01 05:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-14 14:53 - 2018-10-21 14:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-14 14:53 - 2018-10-21 14:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-14 14:53 - 2018-10-21 14:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-14 14:53 - 2018-10-21 14:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-14 14:53 - 2018-10-21 14:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-11-14 14:53 - 2018-10-21 13:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-14 14:53 - 2018-10-21 13:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-14 14:53 - 2018-10-21 13:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-14 14:53 - 2018-10-21 13:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-14 14:53 - 2018-10-21 13:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-11-14 14:53 - 2018-10-21 13:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-14 14:53 - 2018-10-21 13:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-14 14:53 - 2018-10-21 13:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-14 14:53 - 2018-10-21 13:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-14 14:53 - 2018-10-21 13:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-14 14:53 - 2018-10-21 13:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-14 14:53 - 2018-10-21 13:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-14 14:53 - 2018-10-21 13:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-14 14:53 - 2018-10-21 13:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-11-14 14:53 - 2018-10-21 13:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-14 14:53 - 2018-10-21 12:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-11-14 14:53 - 2018-10-21 12:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-11-14 14:53 - 2018-10-21 12:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-11-14 14:53 - 2018-10-21 12:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-11-14 14:53 - 2018-10-21 12:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-11-14 14:53 - 2018-10-21 12:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-11-14 14:53 - 2018-10-21 12:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-11-14 14:53 - 2018-10-21 12:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-11-14 14:53 - 2018-10-21 12:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-11-14 14:53 - 2018-10-21 12:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-11-14 14:53 - 2018-10-21 12:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-11-14 14:53 - 2018-10-21 12:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2018-11-14 14:53 - 2018-10-21 10:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-11-14 14:53 - 2018-10-21 09:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-11-14 14:53 - 2018-10-21 08:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-14 14:53 - 2018-10-21 08:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-14 14:53 - 2018-10-21 08:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-14 14:53 - 2018-10-21 08:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-14 14:53 - 2018-10-21 08:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-14 14:53 - 2018-10-21 08:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-14 14:53 - 2018-10-21 08:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-14 14:53 - 2018-10-21 08:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-14 14:53 - 2018-10-21 08:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-14 14:53 - 2018-10-21 08:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-14 14:53 - 2018-10-21 08:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-14 14:53 - 2018-10-21 08:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-14 14:53 - 2018-10-21 08:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-14 14:53 - 2018-10-21 08:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-14 14:53 - 2018-10-21 08:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-14 14:53 - 2018-10-21 08:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-14 14:53 - 2018-10-21 08:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-14 14:53 - 2018-10-21 08:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-14 14:53 - 2018-10-21 08:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-14 14:53 - 2018-10-21 08:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-14 14:53 - 2018-10-21 08:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-11-14 14:53 - 2018-10-21 08:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2018-11-14 14:53 - 2018-10-21 08:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-11-14 14:53 - 2018-10-21 08:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-14 14:53 - 2018-10-21 08:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-11-14 14:53 - 2018-10-21 08:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-14 14:53 - 2018-10-21 08:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-14 14:53 - 2018-10-21 08:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-14 14:53 - 2018-10-21 08:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-14 14:53 - 2018-10-21 08:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-14 14:53 - 2018-10-21 08:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-14 14:53 - 2018-10-21 08:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-14 14:53 - 2018-10-21 08:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-14 14:53 - 2018-10-21 08:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-14 14:53 - 2018-10-21 08:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-14 14:53 - 2018-10-21 08:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-14 14:53 - 2018-10-21 08:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-14 14:53 - 2018-10-21 08:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-14 14:53 - 2018-10-21 08:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-14 14:53 - 2018-10-21 08:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-14 14:53 - 2018-10-21 08:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-14 14:53 - 2018-10-21 08:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-14 14:53 - 2018-10-21 08:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-14 14:53 - 2018-10-21 08:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-14 14:53 - 2018-10-21 08:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-14 14:53 - 2018-10-21 08:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-14 14:53 - 2018-10-21 08:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-14 14:53 - 2018-10-21 08:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-14 14:53 - 2018-10-21 08:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-14 14:53 - 2018-10-21 08:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-14 14:53 - 2018-10-21 08:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-14 14:53 - 2018-10-21 08:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-14 14:53 - 2018-10-21 08:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-14 14:53 - 2018-10-21 08:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-14 14:53 - 2018-10-21 08:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-14 14:53 - 2018-10-21 08:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-14 14:53 - 2018-10-21 08:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-14 14:53 - 2018-10-21 08:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-14 14:53 - 2018-10-21 08:14 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-11-14 14:53 - 2018-10-21 08:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-14 14:53 - 2018-10-21 08:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-14 14:53 - 2018-10-21 08:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-14 14:53 - 2018-10-21 08:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-14 14:53 - 2018-10-21 08:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-14 14:53 - 2018-10-21 08:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-11-14 14:53 - 2018-10-21 08:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-11-14 14:53 - 2018-10-21 08:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2018-11-14 14:53 - 2018-10-21 08:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-14 14:53 - 2018-10-21 08:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-11-14 14:53 - 2018-10-21 08:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2018-11-14 14:53 - 2018-10-21 07:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-11-14 14:53 - 2018-10-21 07:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-11-14 14:53 - 2018-10-21 07:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-14 14:53 - 2018-10-21 07:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-11-14 14:53 - 2018-10-21 07:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-11-14 14:53 - 2018-10-21 06:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-14 14:53 - 2018-10-21 06:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-14 14:53 - 2018-04-28 05:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-11-13 14:17 - 2018-11-13 14:17 - 000173720 _____ (Check Point Software Technologies) C:\WINDOWS\system32\Drivers\epklib.sys
2018-11-10 11:09 - 2018-11-10 11:09 - 032659933 _____ C:\Users\Doobeeczech\Desktop\beoplayproductupdater106exe.zip
2018-11-10 11:09 - 2018-11-10 11:09 - 000002114 _____ C:\Users\Doobeeczech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Beoplay Software Update.lnk
2018-11-10 11:09 - 2018-11-10 11:09 - 000000000 ____D C:\Program Files (x86)\Beoplay Software Update
2018-11-09 11:12 - 2018-11-09 11:12 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\ElevatedDiagnostics
2018-11-07 23:40 - 2018-11-07 23:42 - 111577423 _____ C:\Users\Doobeeczech\Desktop\Panda_Dub_The_Lost_Ship.zip
2018-11-07 12:53 - 2018-11-07 12:53 - 000000000 ____D C:\ProgramData\Steam
2018-11-04 15:17 - 2018-11-04 15:17 - 000000044 _____ C:\WINDOWS\wawx_dumpreg64.dll
2018-11-04 15:17 - 2018-11-04 15:17 - 000000044 _____ C:\Users\Doobeeczech\AppData\Roaming\twow_sysprepdt.dat
2018-11-04 15:13 - 2018-11-04 21:03 - 000000000 ____D C:\Users\Doobeeczech\AppData\Roaming\Eurobattle.net
2018-11-04 15:13 - 2018-11-04 15:13 - 000000746 _____ C:\Users\Doobeeczech\Desktop\Eurobattle.net Client.lnk
2018-11-04 14:29 - 2018-11-04 14:32 - 000044603 _____ C:\WINDOWS\War3Unin.dat
2018-11-04 14:29 - 2018-11-04 14:31 - 000139264 _____ (Blizzard Entertainment) C:\WINDOWS\War3Unin.exe
2018-11-04 14:29 - 2018-11-04 14:31 - 000002829 _____ C:\WINDOWS\War3Unin.pif
2018-11-04 14:29 - 2018-11-04 14:31 - 000000000 ____D C:\Users\Doobeeczech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
2018-11-04 13:35 - 2018-11-18 10:24 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\Blizzard
2018-11-04 13:35 - 2018-11-04 13:35 - 000000000 ____D C:\Users\Public\Documents\Warcraft III
2018-11-04 13:35 - 2018-11-04 13:35 - 000000000 ____D C:\Users\Doobeeczech\Documents\Warcraft III
2018-11-04 13:35 - 2018-11-04 13:35 - 000000000 ____D C:\Users\Doobeeczech\AppData\Roaming\Battle.net

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-02 11:38 - 2018-09-15 12:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-12-02 10:42 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-02 10:23 - 2018-09-15 12:49 - 000933328 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-02 10:23 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-02 10:20 - 2018-09-13 00:45 - 000000000 ____D C:\Program Files (x86)\Steam
2018-12-02 10:19 - 2018-09-15 12:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-02 10:19 - 2018-09-12 13:38 - 000000000 __SHD C:\Users\Doobeeczech\IntelGraphicsProfiles
2018-12-02 10:19 - 2018-09-12 12:55 - 000000000 ____D C:\ProgramData\NVIDIA
2018-12-02 10:18 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-12-02 10:10 - 2018-09-21 23:17 - 000000688 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2018-12-02 10:09 - 2018-09-14 01:41 - 000000000 ____D C:\Users\Doobeeczech\AppData\Roaming\vlc
2018-12-02 10:09 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-12-02 03:48 - 2018-09-13 03:03 - 000000000 ____D C:\Program Files (x86)\Webteh
2018-12-02 03:29 - 2018-09-14 02:05 - 000000000 ___DC C:\WINDOWS\Panther
2018-12-01 12:32 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-01 06:03 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-01 05:59 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-30 20:52 - 2018-09-22 11:54 - 000000000 ____D C:\Users\Doobeeczech\AppData\Roaming\uTorrent
2018-11-30 20:52 - 2018-09-13 03:16 - 000000388 _____ C:\WINDOWS\Tasks\HPCeeScheduleForDoobeeczech.job
2018-11-30 20:20 - 2018-09-15 12:53 - 000003304 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForDoobeeczech
2018-11-30 09:11 - 2018-09-15 17:58 - 000000000 ____D C:\Users\Doobeeczech\AppData\Roaming\Psiphon3
2018-11-28 17:50 - 2018-09-12 13:38 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\Packages
2018-11-27 10:08 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-27 10:02 - 2018-09-12 13:39 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\NVIDIA Corporation
2018-11-27 10:02 - 2018-09-12 12:55 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-11-27 10:02 - 2018-09-12 12:55 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-11-27 10:02 - 2018-09-12 12:54 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-11-27 09:58 - 2018-09-13 02:53 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\CrashDumps
2018-11-27 09:55 - 2018-09-14 11:53 - 000592416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-11-27 09:54 - 2016-11-18 12:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-11-27 09:48 - 2018-09-14 11:58 - 000000000 ____D C:\ProgramData\Avira
2018-11-27 09:48 - 2018-09-14 11:58 - 000000000 ____D C:\Program Files (x86)\Avira
2018-11-27 09:48 - 2016-11-18 12:18 - 000002134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Audio Switch.lnk
2018-11-27 09:48 - 2016-11-18 12:17 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-27 09:45 - 2018-09-12 12:54 - 000000000 ____D C:\Intel
2018-11-26 20:30 - 2018-09-13 00:45 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-26 20:30 - 2018-09-13 00:45 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-23 12:38 - 2018-09-15 17:58 - 006102128 _____ C:\Users\Doobeeczech\Desktop\psiphon3.exe
2018-11-21 10:22 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-17 00:01 - 2018-09-13 12:07 - 000000000 ____D C:\Program Files\rempl
2018-11-17 00:00 - 2018-04-12 00:41 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-17 00:00 - 2018-04-12 00:41 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-15 22:15 - 2018-09-12 13:02 - 000000000 ____D C:\ProgramData\CyberLink
2018-11-15 20:28 - 2018-09-13 12:03 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2018-11-14 19:22 - 2018-09-14 12:00 - 000000000 ____D C:\Users\Public\PrivacyPal Sessions
2018-11-14 19:19 - 2018-09-15 12:54 - 000000000 ___RD C:\Users\Doobeeczech\3D Objects
2018-11-14 19:19 - 2018-09-15 12:47 - 000272736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-14 19:19 - 2016-07-29 13:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-14 18:41 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-14 18:41 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-14 18:41 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-14 18:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-14 18:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-14 18:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 18:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-14 14:54 - 2018-04-12 00:34 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-11-14 14:54 - 2018-04-12 00:34 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-11-14 14:52 - 2018-09-13 12:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-14 14:51 - 2018-09-13 12:10 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-13 15:45 - 2018-09-15 12:49 - 000000000 ____D C:\Users\Doobeeczech
2018-11-10 10:56 - 2018-09-12 12:54 - 000258766 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-11-10 10:55 - 2018-09-15 12:49 - 000002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B&O Play Audio Control.lnk
2018-11-10 10:55 - 2018-09-12 12:54 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-11-09 11:17 - 2018-09-16 10:26 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\PlaceholderTileLogoFolder
2018-11-06 23:52 - 2018-09-12 13:40 - 000000000 ___RD C:\Users\Doobeeczech\OneDrive
2018-11-06 23:52 - 2016-11-18 12:16 - 000000000 ____D C:\Program Files\HP
2018-11-06 23:51 - 2016-11-18 12:17 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2018-11-06 23:47 - 2016-11-19 01:02 - 000000000 ___HD C:\hp
2018-11-05 00:31 - 2018-10-03 02:31 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\TeamViewer

==================== Files in the root of some directories =======

2018-11-04 15:17 - 2018-11-04 15:17 - 000000044 _____ () C:\Users\Doobeeczech\AppData\Roaming\twow_sysprepdt.dat

Some files in TEMP:
====================
2013-10-05 09:38 - 2013-10-05 09:38 - 000455328 _____ (Microsoft Corporation) C:\Users\Doobeeczech\AppData\Local\Temp\msvcp120.dll
2013-10-05 09:38 - 2013-10-05 09:38 - 000970912 _____ (Microsoft Corporation) C:\Users\Doobeeczech\AppData\Local\Temp\msvcr120.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-15 12:47

==================== End of FRST.txt ============================

Log z Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by Doobeeczech (02-12-2018 11:45:17)
Running from C:\Users\Doobeeczech\Desktop
Windows 10 Home Version 1803 17134.407 (X64) (2018-09-15 11:53:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3637455016-2696831471-6342456-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3637455016-2696831471-6342456-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3637455016-2696831471-6342456-1000 - Limited - Disabled) => C:\Users\defaultuser0
Doobeeczech (S-1-5-21-3637455016-2696831471-6342456-1001 - Administrator - Enabled) => C:\Users\Doobeeczech
Guest (S-1-5-21-3637455016-2696831471-6342456-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3637455016-2696831471-6342456-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {8D637332-9C08-995E-98D7-8237936B0E9F}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\uTorrent) (Version: 3.5.4.44846 - BitTorrent Inc.)
Age of Empires II HD (c) Microsoft Studios version 1 (HKLM-x32\...\QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1) (Version: 1 - )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Beoplay Software Update (HKLM-x32\...\Beoplay Software Update) (Version: - )
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.14.74 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.6909 - CyberLink Corp.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 399.24 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM-x32\...\{8F183B2E-D21D-4070-8132-DD39C3CBFA5C}) (Version: 6.0.41.1 - HP)
HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{7FF9E31F-FAC5-4C7B-970B-FE464B8C6A62}) (Version: 1.5.2.0 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8361.5688 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{11B7269C-6904-485C-9875-F23AAE32E671}) (Version: 12.9.24.3 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP)
Check Point SBA (HKLM\...\{B212ABB9-E151-444B-975C-8A3EA9DC8EFB}) (Version: 86.4.9056 - Check Point Software Technologies Ltd.) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4749 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{8790ED90-756F-45DD-B38F-7436093963C6}) (Version: 19.11.1639.0649 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel(R) Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{8c595286-0f9e-42de-a0d4-969aba282637}) (Version: 20.50.0 - Intel Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.29.14153 - Electronic Arts, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\TeamSpeak 3 Client) (Version: 3.2.2 - TeamSpeak Systems GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.26558 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\Warcraft III) (Version: - )
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
ZoneAlarm Anti-Ransomware (HKLM-x32\...\{0B8C3231-9818-4CB9-8213-4AB839836791}) (Version: 1.001.0704 - Check Point Software) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{6F277433-5A52-4DC5-AA23-ECE8FD045EBD}) (Version: 15.4.062.17802 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.4.062.17802 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{37F2A556-851C-46BA-BDD4-48745E7A106B}) (Version: 15.4.062.17802 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxDTCM.dll [2017-09-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-09-06] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D113B85-C2E6-4A8A-9454-E87ED6D09E9F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {30729A77-FEE6-454A-9CED-3130F441AB59} - System32\Tasks\HPCeeScheduleForDoobeeczech => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {338ED027-E5B9-43CF-BFA8-F7F7741B6E0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {35199E55-7F81-4876-83E8-8D98473726C8} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-07-31] (Bitdefender)
Task: {3F170A71-071A-4708-A69C-01538F67650E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)
Task: {5B9C05D6-1E8C-4D7C-9AF8-0FE73C218E18} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)
Task: {612BEE81-1DF7-4E2D-88FC-EC15B49674A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6E1B3B53-FD10-4E41-8C00-0D7A1ADCEEDF} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {6FF318C9-6113-4098-9244-01930CF38548} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2016-01-21] (HP Development Company, L.P.)
Task: {9283B477-E63B-493A-BB96-5EA545BF2018} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2016-10-04] (HP Inc.)
Task: {9C50A651-2691-4F42-833D-86B7D74A2718} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel(R) Corporation)
Task: {A34A21D3-4B78-4024-BAE6-38DA38B07452} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-13] (Google Inc.)
Task: {C5750C58-D933-4302-A2FD-9F7279000807} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [2017-07-28] ()
Task: {DB8C33B5-92AC-413F-B201-EE60FCCD528A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {DC74D08B-4AC0-4FB5-89E5-3A4F3CB38B79} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-10-29] (AVAST Software)
Task: {DD4AF246-F451-448B-B274-910AF2CDFEAE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {E1F72903-C119-4A08-AF1C-A53AD8626ED7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.)
Task: {E9F3B73A-7FCE-4877-860A-F66656F261C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-13] (Google Inc.)
Task: {FBF29012-B559-42E4-8AF2-E066F19DC79C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForDoobeeczech.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=booking&refclickid=square

==================== Loaded Modules (Whitelisted) ==============

2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-07-28 09:52 - 2017-07-28 09:52 - 000459680 _____ () C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-27 10:07 - 2017-11-21 12:29 - 000278280 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2018-11-27 10:07 - 2018-11-14 21:28 - 000994752 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl
2018-11-27 10:07 - 2018-11-14 21:28 - 000544880 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl
2018-11-27 10:07 - 2018-11-14 21:28 - 003240080 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl
2018-11-27 10:07 - 2018-11-14 21:28 - 001530368 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl
2018-11-14 14:53 - 2018-11-01 07:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-06 17:14 - 2018-11-06 17:14 - 000090576 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2018-10-25 02:39 - 2018-10-25 02:39 - 000033016 _____ () c:\program files (x86)\checkpoint\endpoint security\tpcommon\cipolla\sbacipollasrvhost.exe
2018-11-07 23:38 - 2018-11-07 23:38 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-07 23:38 - 2018-11-07 23:38 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-07 23:38 - 2018-11-07 23:38 - 001754112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-10-25 01:44 - 2018-10-25 01:44 - 000163576 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\TPCommonCLI.dll
2018-08-29 15:21 - 2018-08-29 15:21 - 000095992 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationProxyWrapperLib.dll
2018-11-14 20:13 - 2018-11-14 20:13 - 000156672 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\3ec2db86530416424ce78d35a4f59019\BRIDGECommon.ni.dll
2018-11-14 20:14 - 2018-11-14 20:14 - 000329728 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\67e2afd1f0d80ae6e2ae80d0e7c70ce0\CleanStartController.ni.dll
2018-11-14 20:14 - 2018-11-14 20:14 - 000116736 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\bb189cf554a6eb5e3d47f1f8dff084f2\BridgeExtension.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3637455016-2696831471-6342456-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Doobeeczech\Desktop\hp_logo_abstract_66787_1920x1080 (1).jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A5A9B1FC-D290-4693-8742-C87804E8FDE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DE7CAD48-C8E4-4CCE-A9A4-4D0318A6AECC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6F655849-C0CB-4A2B-B183-7059206C6968}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E6510D16-DDBD-414D-81B7-089B9CBEA1DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8E751B9D-9F72-471A-8057-C91168CF30DD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{73370AA3-9FD3-4294-A3A1-B9F431BA5EF4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{572D0953-CB3F-4E62-9285-539A73607EF1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{4A561BA0-B847-4C2A-AF4A-6AD00E611C0C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{095F6A97-0609-4CC0-BA21-CDB49361045C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{5BED68AB-9A8C-4590-9095-9144363A62BD}] => (Allow) D:\steamgames\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{F851F0CC-BD05-4148-83E9-44CE7EA0855D}] => (Allow) D:\steamgames\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [TCP Query User{BAC52156-9751-4BCB-868F-12F184BEF43B}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{D8D72962-EEC8-48CD-AD13-E086F79C033D}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{66E88065-1754-426E-B0CB-7AA40E01EB3F}] => (Allow) D:\steamgames\steamapps\common\H1Z1\H1Z1_BE.exe
FirewallRules: [{D3AF2242-75C6-4CD3-844B-CD30DB76C8C2}] => (Allow) D:\steamgames\steamapps\common\H1Z1\H1Z1_BE.exe
FirewallRules: [{2D608C3F-B2DF-40D8-8036-80F7375DECC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{B5F3B190-2DDF-46F9-8F93-BEF330B264B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{B068A600-416D-4F04-BAD0-786A1391938F}] => (Allow) C:\Users\Doobeeczech\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DB3A0A14-68F2-407A-AAA4-3FCEE7EABA54}] => (Allow) C:\Users\Doobeeczech\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{58DA31E5-27B0-4469-9E2E-A5DB718B48C6}D:\steamgames\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\steamgames\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{4E57B124-E8E1-4E0E-9730-65888D84E404}D:\steamgames\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\steamgames\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{16A8000E-2260-4B75-A34D-BFDD8A212B62}] => (Block) D:\steamgames\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{C9E8A1BB-6002-4BB0-BB11-5A24B10CF701}] => (Block) D:\steamgames\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{2C358319-E23E-4D27-A60E-01D589D75C8E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{D9D20CBE-D8CF-4758-B7D4-C6CE1FF7D545}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{A6164986-BD44-454A-9B18-48542D8F70B0}] => (Allow) D:\New folder\TeamViewer.exe
FirewallRules: [{D5CDF12A-A221-45E2-937A-F0D60A973385}] => (Allow) D:\New folder\TeamViewer.exe
FirewallRules: [{9CF92C3E-D663-4488-AD91-B33BFD03E41B}] => (Allow) D:\New folder\TeamViewer_Service.exe
FirewallRules: [{190EF7C0-B01D-46BA-828B-B35189EA84DB}] => (Allow) D:\New folder\TeamViewer_Service.exe
FirewallRules: [TCP Query User{1A5E3261-6270-4D97-BA45-A16F903F82EA}D:\steamgames\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) D:\steamgames\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{FF464AB7-D476-4AFD-911C-1DBA1107E999}D:\steamgames\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) D:\steamgames\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{B008EA5B-9078-40DE-AE4C-E9A8867687EE}] => (Allow) D:\origingames\Battlefield 3\bf3.exe
FirewallRules: [{EE67F9BA-9459-4CF4-98E0-33ECEAE1AE89}] => (Allow) D:\origingames\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{29296E57-9152-48E2-9993-459928CBAFF9}D:\warcraft iii\warcraft iii.exe] => (Block) D:\warcraft iii\warcraft iii.exe
FirewallRules: [UDP Query User{4BF9A88B-E518-4A08-8515-2316EE72255A}D:\warcraft iii\warcraft iii.exe] => (Block) D:\warcraft iii\warcraft iii.exe
FirewallRules: [{04C29B3F-1732-407A-B57A-88AE5B9AFB0D}] => (Allow) D:\steamgames\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{DABA2437-43FD-41F3-9DF0-F5EDF3030375}] => (Allow) D:\steamgames\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{7E9E0CB8-3A54-4015-BA5B-E2554E321E3A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C4007F78-CD6A-47A7-B973-68FA03FDC890}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{A9F15564-DB4B-4F5E-8211-E468A65E97F9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{28E43A9A-4518-4651-9416-5E3E84F03ED4}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{A39AF34B-5069-4C29-A8E5-B23F6EB6625A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F13A46F7-A79B-48B6-AA06-EE154170D0FB}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{EC77D24C-3341-4DC4-AE40-9B0C59C45CC7}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{DF53EF51-C2BD-4432-9955-E477E8476F49}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{2A527FF7-1D2B-424A-866F-7B7C069CBB54}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{47C7F736-30CC-4DA0-85B3-BE8BF2411B01}] => (Allow) %systemroot%\system32\alg.exe

==================== Restore Points =========================

27-11-2018 09:42:59 Removed Avira Software Updater

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2018 03:48:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (12/02/2018 03:48:23 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9af9a8c4-8985-46b3-8f4c-a58b8859d455}

Error: (11/27/2018 10:08:17 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_SNOOZED.

Error: (11/27/2018 10:08:17 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_SNOOZED.

Error: (11/27/2018 09:43:33 AM) (Source: AviraOptimizerHost) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/26/2018 02:26:48 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (11/26/2018 02:26:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/25/2018 02:26:24 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.


System errors:
=============
Error: (12/02/2018 10:27:08 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-BQDB2DA8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-BQDB2DA8\Doobeeczech SID (S-1-5-21-3637455016-2696831471-6342456-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2018 10:19:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2018 10:19:35 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-BQDB2DA8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-BQDB2DA8\Doobeeczech SID (S-1-5-21-3637455016-2696831471-6342456-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2018 10:19:14 AM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'. The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it. The data field contains the error number.

Error: (12/02/2018 10:18:52 AM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-BQDB2DA8)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/02/2018 10:18:47 AM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-BQDB2DA8)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/02/2018 10:18:43 AM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-BQDB2DA8)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/02/2018 10:18:42 AM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-BQDB2DA8)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}


Windows Defender:
===================================
Date: 2018-11-27 09:45:20.540
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.275.1209.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-27 09:45:20.540
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.275.1209.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-27 09:45:20.540
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.275.1209.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-27 09:45:20.464
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.275.1209.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15200.1
Error code: 0x800704cf
Error description: The network location cannot be reached. For information about network troubleshooting, see Windows Help.

Date: 2018-11-27 09:44:04.461
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.275.1209.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 37%
Total physical RAM: 8077.22 MB
Available physical RAM: 5086.41 MB
Total Virtual: 9357.22 MB
Available Virtual: 5332.05 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:118.01 GB) (Free:40.12 GB) NTFS
Drive d: (DATA) (Fixed) (Total:919.13 GB) (Free:349.47 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:12.38 GB) (Free:1.24 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{bf87eba1-cd1e-47e7-bc7b-b2380f2b8266}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.46 GB) NTFS
\\?\Volume{a376c221-1233-44ad-9af9-79c1110d03da}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 3FB81CC6)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: CE71F91C)

Partition: GPT.

==================== End of Addition.txt ============================

[Rudy]

Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[Doobee]

Log z adwcleaneru

# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build: 11-26-2018
# Database: 2018-11-30.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-02-2018
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 5
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit

***** [ Chromium (and derivatives) ] *****

Deleted Avira SafeSearch Plus

***** [ Chromium URLs ] *****

Deleted http://websearch.search-guide.info/?pid ... Z&unqvl=40

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1526 octets] - [02/12/2018 13:42:47]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Rudy]

OK. Teď dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

[Doobee]

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by Doobeeczech (administrator) on LAPTOP-BQDB2DA8 (02-12-2018 14:46:12)
Running from C:\Users\Doobeeczech\Desktop
Loaded Profiles: Doobeeczech (Available Profiles: defaultuser0 & Doobeeczech)
Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\IntelCpHDCPSvc.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TeamViewer GmbH) D:\New folder\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
() C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-01] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324488 2016-08-02] (HP)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [147016 2018-09-28] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [ZaAntiRansomware] => C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe [4230216 2018-11-21] (Check Point Software Technologies Ltd.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\Run: [] => [X]
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3131680 2018-11-26] (Valve Corporation)
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\MountPoints2: {c5bdcacd-ca86-11e8-946b-c8d3ffece6da} - "G:\HiSuiteDownLoader.exe"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0484135c-e71e-49f2-8cc4-f3733826f9cb}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2e32ed6a-eab9-47f7-98d1-efc306ba3cf1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-10-12] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-10-12] (HP Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Doobeeczech\AppData\Roaming\Mozilla\Firefox\Profiles\7wkh3Zye.default [2018-09-14]
FF Extension: (Avira Browser Safety) - C:\Users\Doobeeczech\AppData\Roaming\Mozilla\Firefox\Profiles\7wkh3Zye.default\Extensions\abs@avira.com [2018-09-14]
FF Extension: (Avira Password Manager) - C:\Users\Doobeeczech\AppData\Roaming\Mozilla\Firefox\Profiles\7wkh3Zye.default\Extensions\passwordmanager@avira.com [2018-09-14]
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-09-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-09-13] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.cz/
CHR StartupUrls: Default -> "hxxp://websearch.search-guide.info/?pid=518&r=2013/11/12&hid=9512509551006325946&lg=EN&cc=CZ&unqvl=40","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default [2018-12-02]
CHR Extension: (Prezentace) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-13]
CHR Extension: (Dokumenty) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-13]
CHR Extension: (Disk Google) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (YouTube) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-13]
CHR Extension: (Tabulky) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-13]
CHR Extension: (Avira Browser Safety) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-10-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-13]
CHR Extension: (AdBlock) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-10-14]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2018-12-02]
CHR Extension: (wide awake theme) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghojamolcelbkfdejjhaliddkkhhpeb [2018-09-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-13]
CHR Extension: (Unfriend Finder) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\olljnkilmblncgcghhaodkpdcnokhpah [2018-09-13]
CHR Extension: (Gmail) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-13]
CHR Extension: (Chrome Media Router) - C:\Users\Doobeeczech\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-19]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2195280 2018-03-22] (Bitdefender)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-09-25] ()
R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [2571512 2018-08-27] (Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33016 2018-10-25] ()
R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33016 2018-10-25] ()
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-09-19] (Intel Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2017-12-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-05] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265864 2018-03-19] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2268992 2018-10-27] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3129160 2018-10-27] (Electronic Arts)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1284032 2018-07-31] (Bitdefender)
R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [18168 2018-08-29] (Check Point Software Technologies Ltd.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2016-12-01] (Realtek Semiconductor)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R2 TeamViewer; D:\New folder\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH)
R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [262904 2018-11-13] (Check Point Software Technologies Ltd.)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [246688 2018-11-13] (Bitdefender)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4210584 2018-09-28] (Check Point Software Technologies Ltd.)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [341136 2018-11-13] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [246688 2018-11-13] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation)
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [56688 2018-04-16] (Check Point Software Technologies Ltd.)
R2 ZAARUpdateService; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe [47688 2018-11-21] (Check Point Software Technologies Ltd.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2018-09-28] (Check Point Software Technologies, Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848328 2018-03-19] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [55696 2018-08-31] (HP)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1292296 2018-06-05] (BitDefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [357768 2018-08-22] (Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23032 2018-04-19] (Bitdefender)
R2 cpbak; C:\WINDOWS\System32\DRIVERS\cpbak.sys [64664 2018-07-10] (Check Point Software Technologies)
R1 CPEPMon; C:\WINDOWS\System32\DRIVERS\CPEPMon.sys [104992 2018-08-23] (Check Point Software Technologies)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-09-19] (Intel Corporation)
R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [294000 2018-10-09] (BitDefender S.R.L. Bucharest, ROMANIA)
R1 epnetflt; C:\WINDOWS\system32\drivers\epnetflt.sys [121496 2018-08-09] (Check Point Software Technologies)
R1 epregflt; C:\WINDOWS\system32\drivers\epregflt.sys [110232 2018-06-12] (Check Point Software Technologies)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-09-19] (Intel Corporation)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\Gemma.sys [359584 2018-10-04] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [193184 2018-05-29] (BitDefender LLC)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [42384 2018-08-31] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel Corporation)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\Bin\ISWKL.sys [65264 2018-03-11] (Check Point Software Technologies Ltd.)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8623128 2018-04-04] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_0f797a4a7ce8ae0e\nvlddmkm.sys [17213832 2018-09-06] (NVIDIA Corporation)
S3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2018-08-14] (The OpenVPN Project)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-05] (Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [779232 2016-08-22] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [60008 2016-08-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [610128 2018-11-06] (Bitdefender)
R1 Vsdatant; C:\WINDOWS\System32\drivers\vsdatant.sys [461240 2018-09-28] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [35568 2018-08-31] (HP)
U3 aswbdisk; no ImagePath
U3 iswSvc; no ImagePath
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-02 14:46 - 2018-12-02 14:46 - 000023263 _____ C:\Users\Doobeeczech\Desktop\FRST.txt
2018-12-02 14:45 - 2018-12-02 14:46 - 002417152 _____ (Farbar) C:\Users\Doobeeczech\Desktop\FRST64.exe
2018-12-02 13:41 - 2018-12-02 13:43 - 000000000 ____D C:\AdwCleaner
2018-12-02 13:41 - 2018-12-02 13:41 - 007321808 _____ (Malwarebytes) C:\Users\Doobeeczech\Desktop\adwcleaner_7.2.5.0.exe
2018-12-02 11:43 - 2018-12-02 14:46 - 000000000 ____D C:\FRST
2018-12-02 10:16 - 2018-12-02 10:17 - 000290168 _____ C:\WINDOWS\ntbtlog.txt
2018-12-02 10:16 - 2018-12-02 10:16 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-12-02 10:11 - 2018-12-02 10:11 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\CEF
2018-12-02 03:25 - 2018-12-02 03:25 - 000001086 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-12-02 03:25 - 2018-12-02 03:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-12-02 03:25 - 2018-12-02 03:25 - 000000000 ____D C:\Program Files\VS Revo Group
2018-12-02 03:24 - 2018-12-02 03:24 - 007197480 _____ (VS Revo Group ) C:\Users\Doobeeczech\Desktop\revosetup.exe
2018-11-29 10:15 - 2018-12-01 12:33 - 000000496 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2018-11-29 10:15 - 2018-08-23 15:35 - 000104992 _____ (Check Point Software Technologies) C:\WINDOWS\system32\Drivers\CPEPMon.sys
2018-11-29 10:15 - 2018-07-10 15:47 - 000064664 _____ (Check Point Software Technologies) C:\WINDOWS\system32\Drivers\cpbak.sys
2018-11-29 10:03 - 2018-11-29 10:03 - 000000000 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts
2018-11-29 10:02 - 2018-11-29 10:14 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2018-11-29 10:02 - 2018-11-29 10:02 - 000440752 _____ C:\WINDOWS\system32\Drivers\vsconfig.xml
2018-11-29 10:02 - 2018-11-29 10:02 - 000000778 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2018-11-29 10:02 - 2018-11-29 10:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2018-11-29 10:01 - 2018-11-29 10:15 - 000000000 ____D C:\ProgramData\CheckPoint
2018-11-29 10:01 - 2018-11-29 10:01 - 005299768 _____ (Check Point Software Technologies Ltd.) C:\Users\Doobeeczech\Downloads\zafwSetupWeb_154_062_17802.exe
2018-11-27 11:01 - 2018-11-27 11:01 - 000016743 _____ C:\Users\Doobeeczech\Downloads\[CzT]Tiche_misto_A_Quiet_Place_2018_WebRip_1080p_.torrent
2018-11-27 10:09 - 2018-11-27 10:09 - 000034650 _____ C:\ProgramData\agent.update.1543309788.bdinstall.bin
2018-11-27 10:08 - 2018-11-27 10:08 - 000001195 _____ C:\Users\Doobeeczech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2018-11-27 10:07 - 2018-11-27 10:07 - 000001210 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk
2018-11-27 10:07 - 2018-11-27 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free
2018-11-27 10:07 - 2018-11-27 10:07 - 000000000 ____D C:\ProgramData\Bitdefender
2018-11-27 10:07 - 2018-10-09 14:07 - 000294000 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
2018-11-27 10:07 - 2018-10-04 22:40 - 000359584 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\Gemma.sys
2018-11-27 10:07 - 2018-08-22 11:43 - 000357768 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2018-11-27 10:07 - 2018-06-05 03:32 - 001292296 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2018-11-27 10:07 - 2018-05-29 04:04 - 000193184 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2018-11-27 10:07 - 2018-04-19 21:37 - 000023032 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2018-11-27 10:06 - 2018-12-02 14:44 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2018-11-27 10:06 - 2018-11-27 10:06 - 000003802 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2018-11-27 10:06 - 2018-11-06 01:56 - 000610128 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2018-11-27 10:03 - 2018-11-27 10:09 - 000000000 ____D C:\Program Files\Bitdefender Agent
2018-11-27 10:03 - 2018-11-27 10:03 - 000104152 _____ C:\ProgramData\agent.1543309439.bdinstall.v2.bin
2018-11-27 10:03 - 2018-11-27 10:03 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2018-11-27 10:00 - 2018-11-27 10:00 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-11-27 09:56 - 2018-12-02 13:53 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-11-27 09:56 - 2018-11-27 09:56 - 000002900 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-11-27 09:56 - 2018-11-27 09:56 - 000000000 ____D C:\Program Files\CCleaner
2018-11-27 09:55 - 2018-11-27 09:55 - 018071560 _____ (Piriform Software Ltd) C:\Users\Doobeeczech\Desktop\ccsetup549.exe
2018-11-27 09:42 - 2018-11-27 09:42 - 010964152 _____ C:\Users\Doobeeczech\Desktop\bitdefender_online.exe
2018-11-21 02:53 - 2018-11-21 02:53 - 000267751 _____ C:\WINDOWS\system32\Drivers\cposfw.xml
2018-11-18 10:22 - 2018-11-18 10:23 - 000000000 ____D C:\ProgramData\Battle.net
2018-11-18 10:22 - 2018-11-18 10:22 - 002907704 _____ (Blizzard Entertainment) C:\Users\Doobeeczech\Desktop\World-of-Warcraft-Setup-enGB.exe
2018-11-15 22:15 - 2018-11-15 22:15 - 000000000 ____D C:\Users\Doobeeczech\Documents\CyberLink
2018-11-15 22:15 - 2018-11-15 22:15 - 000000000 ____D C:\Users\Doobeeczech\AppData\Roaming\CyberLink
2018-11-15 22:15 - 2018-11-15 22:15 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\CyberLink
2018-11-14 14:53 - 2018-11-01 12:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-14 14:53 - 2018-11-01 12:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-14 14:53 - 2018-11-01 12:45 - 004527776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-14 14:53 - 2018-11-01 12:45 - 001617320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-14 14:53 - 2018-11-01 12:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-14 14:53 - 2018-11-01 12:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-11-14 14:53 - 2018-11-01 12:31 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-14 14:53 - 2018-11-01 12:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-14 14:53 - 2018-11-01 12:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-14 14:53 - 2018-11-01 12:29 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-14 14:53 - 2018-11-01 12:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-14 14:53 - 2018-11-01 12:28 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-14 14:53 - 2018-11-01 12:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-14 14:53 - 2018-11-01 12:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-14 14:53 - 2018-11-01 12:27 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-14 14:53 - 2018-11-01 12:26 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-14 14:53 - 2018-11-01 12:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-14 14:53 - 2018-11-01 12:26 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-14 14:53 - 2018-11-01 12:25 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-14 14:53 - 2018-11-01 11:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-14 14:53 - 2018-11-01 10:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-14 14:53 - 2018-11-01 10:56 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-14 14:53 - 2018-11-01 10:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-14 14:53 - 2018-11-01 10:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-14 14:53 - 2018-11-01 10:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-11-14 14:53 - 2018-11-01 10:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-14 14:53 - 2018-11-01 10:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-14 14:53 - 2018-11-01 10:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-14 14:53 - 2018-11-01 10:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-14 14:53 - 2018-11-01 08:39 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-14 14:53 - 2018-11-01 08:38 - 000269336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-14 14:53 - 2018-11-01 08:37 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-14 14:53 - 2018-11-01 08:28 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-14 14:53 - 2018-11-01 08:28 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-14 14:53 - 2018-11-01 08:28 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-14 14:53 - 2018-11-01 08:28 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-14 14:53 - 2018-11-01 08:28 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-14 14:53 - 2018-11-01 08:28 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-11-14 14:53 - 2018-11-01 08:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-14 14:53 - 2018-11-01 08:27 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-14 14:53 - 2018-11-01 08:26 - 007432120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-14 14:53 - 2018-11-01 08:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-14 14:53 - 2018-11-01 08:26 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-14 14:53 - 2018-11-01 08:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-14 14:53 - 2018-11-01 08:25 - 007520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 004404912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-14 14:53 - 2018-11-01 08:25 - 002571320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 001456728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-14 14:53 - 2018-11-01 08:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-14 14:53 - 2018-11-01 08:25 - 001209888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-14 14:53 - 2018-11-01 08:25 - 000982592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-14 14:53 - 2018-11-01 08:25 - 000885968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 000793080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-14 14:53 - 2018-11-01 08:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 000594224 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-14 14:53 - 2018-11-01 08:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-14 14:53 - 2018-11-01 08:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-14 14:53 - 2018-11-01 08:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-14 14:53 - 2018-11-01 08:25 - 000261000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-14 14:53 - 2018-11-01 08:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-14 14:53 - 2018-11-01 08:03 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-14 14:53 - 2018-11-01 08:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-14 14:53 - 2018-11-01 08:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-14 14:53 - 2018-11-01 08:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-14 14:53 - 2018-11-01 08:01 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-14 14:53 - 2018-11-01 08:01 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-14 14:53 - 2018-11-01 08:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-14 14:53 - 2018-11-01 08:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-14 14:53 - 2018-11-01 08:00 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-14 14:53 - 2018-11-01 08:00 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-14 14:53 - 2018-11-01 08:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-14 14:53 - 2018-11-01 08:00 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-11-14 14:53 - 2018-11-01 07:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-14 14:53 - 2018-11-01 07:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-14 14:53 - 2018-11-01 07:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-14 14:53 - 2018-11-01 07:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-14 14:53 - 2018-11-01 07:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-14 14:53 - 2018-11-01 07:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-14 14:53 - 2018-11-01 07:58 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-14 14:53 - 2018-11-01 07:58 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-14 14:53 - 2018-11-01 07:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-14 14:53 - 2018-11-01 07:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-14 14:53 - 2018-11-01 07:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-11-14 14:53 - 2018-11-01 07:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-14 14:53 - 2018-11-01 07:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-14 14:53 - 2018-11-01 07:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-14 14:53 - 2018-11-01 07:56 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-14 14:53 - 2018-11-01 07:56 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-14 14:53 - 2018-11-01 07:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-14 14:53 - 2018-11-01 07:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-14 14:53 - 2018-11-01 07:55 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-14 14:53 - 2018-11-01 07:55 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-14 14:53 - 2018-11-01 07:55 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-14 14:53 - 2018-11-01 07:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-14 14:53 - 2018-11-01 07:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-14 14:53 - 2018-11-01 07:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-14 14:53 - 2018-11-01 07:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-14 14:53 - 2018-11-01 07:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-14 14:53 - 2018-11-01 07:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-14 14:53 - 2018-11-01 07:53 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-14 14:53 - 2018-11-01 06:39 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-11-14 14:53 - 2018-11-01 06:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-11-14 14:53 - 2018-11-01 05:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-14 14:53 - 2018-11-01 05:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-14 14:53 - 2018-11-01 05:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-14 14:53 - 2018-11-01 05:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-14 14:53 - 2018-11-01 05:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-14 14:53 - 2018-11-01 05:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-14 14:53 - 2018-11-01 05:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-14 14:53 - 2018-11-01 05:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-14 14:53 - 2018-11-01 05:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-14 14:53 - 2018-11-01 05:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-14 14:53 - 2018-11-01 05:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-14 14:53 - 2018-11-01 05:47 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-14 14:53 - 2018-11-01 05:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-14 14:53 - 2018-11-01 05:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-14 14:53 - 2018-11-01 05:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-14 14:53 - 2018-11-01 05:47 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-14 14:53 - 2018-11-01 05:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-11-14 14:53 - 2018-11-01 05:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-14 14:53 - 2018-11-01 05:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-14 14:53 - 2018-11-01 05:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-14 14:53 - 2018-11-01 05:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-14 14:53 - 2018-11-01 05:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-14 14:53 - 2018-11-01 05:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-11-14 14:53 - 2018-11-01 05:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-11-14 14:53 - 2018-11-01 05:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-14 14:53 - 2018-11-01 05:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-11-14 14:53 - 2018-11-01 05:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-14 14:53 - 2018-11-01 05:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-11-14 14:53 - 2018-11-01 05:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-11-14 14:53 - 2018-11-01 05:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-11-14 14:53 - 2018-11-01 05:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-11-14 14:53 - 2018-11-01 05:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-14 14:53 - 2018-11-01 05:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-14 14:53 - 2018-11-01 05:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-11-14 14:53 - 2018-11-01 05:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-14 14:53 - 2018-11-01 05:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-14 14:53 - 2018-11-01 05:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-14 14:53 - 2018-11-01 05:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-14 14:53 - 2018-11-01 05:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-14 14:53 - 2018-11-01 05:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-11-14 14:53 - 2018-11-01 05:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-14 14:53 - 2018-11-01 05:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-11-14 14:53 - 2018-11-01 05:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-14 14:53 - 2018-11-01 05:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-14 14:53 - 2018-11-01 05:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-11-14 14:53 - 2018-11-01 05:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-14 14:53 - 2018-11-01 05:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-14 14:53 - 2018-11-01 05:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-14 14:53 - 2018-11-01 05:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-14 14:53 - 2018-11-01 05:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-14 14:53 - 2018-10-21 14:00 - 021386368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-14 14:53 - 2018-10-21 14:00 - 001639560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-14 14:53 - 2018-10-21 14:00 - 001516120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-14 14:53 - 2018-10-21 14:00 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-14 14:53 - 2018-10-21 14:00 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-11-14 14:53 - 2018-10-21 13:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-14 14:53 - 2018-10-21 13:59 - 000236728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-14 14:53 - 2018-10-21 13:46 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-14 14:53 - 2018-10-21 13:46 - 004393472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-14 14:53 - 2018-10-21 13:45 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-11-14 14:53 - 2018-10-21 13:44 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-14 14:53 - 2018-10-21 13:44 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-14 14:53 - 2018-10-21 13:43 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-14 14:53 - 2018-10-21 13:43 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-14 14:53 - 2018-10-21 13:43 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-14 14:53 - 2018-10-21 13:42 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-14 14:53 - 2018-10-21 13:42 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-14 14:53 - 2018-10-21 13:42 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-14 14:53 - 2018-10-21 13:42 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-11-14 14:53 - 2018-10-21 13:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-14 14:53 - 2018-10-21 12:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-11-14 14:53 - 2018-10-21 12:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-11-14 14:53 - 2018-10-21 12:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-11-14 14:53 - 2018-10-21 12:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-11-14 14:53 - 2018-10-21 12:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-11-14 14:53 - 2018-10-21 12:37 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-11-14 14:53 - 2018-10-21 12:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-11-14 14:53 - 2018-10-21 12:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-11-14 14:53 - 2018-10-21 12:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-11-14 14:53 - 2018-10-21 12:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-11-14 14:53 - 2018-10-21 12:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-11-14 14:53 - 2018-10-21 12:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2018-11-14 14:53 - 2018-10-21 10:29 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-11-14 14:53 - 2018-10-21 09:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-11-14 14:53 - 2018-10-21 08:48 - 005602456 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-14 14:53 - 2018-10-21 08:47 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-14 14:53 - 2018-10-21 08:46 - 000717112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-14 14:53 - 2018-10-21 08:46 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-14 14:53 - 2018-10-21 08:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-14 14:53 - 2018-10-21 08:46 - 000560136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-14 14:53 - 2018-10-21 08:46 - 000497864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-14 14:53 - 2018-10-21 08:46 - 000171024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-14 14:53 - 2018-10-21 08:45 - 003283512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-14 14:53 - 2018-10-21 08:45 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-14 14:53 - 2018-10-21 08:45 - 001946208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-14 14:53 - 2018-10-21 08:45 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-14 14:53 - 2018-10-21 08:45 - 000607136 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-14 14:53 - 2018-10-21 08:45 - 000185120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-14 14:53 - 2018-10-21 08:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-14 14:53 - 2018-10-21 08:45 - 000139792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-14 14:53 - 2018-10-21 08:45 - 000058088 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-14 14:53 - 2018-10-21 08:28 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-14 14:53 - 2018-10-21 08:22 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-14 14:53 - 2018-10-21 08:21 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-14 14:53 - 2018-10-21 08:21 - 000123424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-11-14 14:53 - 2018-10-21 08:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2018-11-14 14:53 - 2018-10-21 08:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-11-14 14:53 - 2018-10-21 08:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-14 14:53 - 2018-10-21 08:20 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-11-14 14:53 - 2018-10-21 08:20 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 001620776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-14 14:53 - 2018-10-21 08:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-14 14:53 - 2018-10-21 08:19 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-14 14:53 - 2018-10-21 08:19 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-14 14:53 - 2018-10-21 08:19 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
2018-11-14 14:53 - 2018-10-21 08:19 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-14 14:53 - 2018-10-21 08:19 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-14 14:53 - 2018-10-21 08:18 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-14 14:53 - 2018-10-21 08:18 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-14 14:53 - 2018-10-21 08:18 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-14 14:53 - 2018-10-21 08:18 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-14 14:53 - 2018-10-21 08:18 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-14 14:53 - 2018-10-21 08:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-14 14:53 - 2018-10-21 08:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-14 14:53 - 2018-10-21 08:17 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-14 14:53 - 2018-10-21 08:17 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-14 14:53 - 2018-10-21 08:17 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-14 14:53 - 2018-10-21 08:17 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-14 14:53 - 2018-10-21 08:17 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-14 14:53 - 2018-10-21 08:17 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-14 14:53 - 2018-10-21 08:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-14 14:53 - 2018-10-21 08:16 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-14 14:53 - 2018-10-21 08:16 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-14 14:53 - 2018-10-21 08:16 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-14 14:53 - 2018-10-21 08:16 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-14 14:53 - 2018-10-21 08:16 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-14 14:53 - 2018-10-21 08:16 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-14 14:53 - 2018-10-21 08:15 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-14 14:53 - 2018-10-21 08:15 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-14 14:53 - 2018-10-21 08:15 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-14 14:53 - 2018-10-21 08:15 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-14 14:53 - 2018-10-21 08:14 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-14 14:53 - 2018-10-21 08:14 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-14 14:53 - 2018-10-21 08:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-14 14:53 - 2018-10-21 08:14 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-11-14 14:53 - 2018-10-21 08:14 - 001034752 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-14 14:53 - 2018-10-21 08:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-14 14:53 - 2018-10-21 08:14 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-14 14:53 - 2018-10-21 08:14 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-14 14:53 - 2018-10-21 08:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-14 14:53 - 2018-10-21 08:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-11-14 14:53 - 2018-10-21 08:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-11-14 14:53 - 2018-10-21 08:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2018-11-14 14:53 - 2018-10-21 08:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-14 14:53 - 2018-10-21 08:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-11-14 14:53 - 2018-10-21 08:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2018-11-14 14:53 - 2018-10-21 07:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-11-14 14:53 - 2018-10-21 07:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-11-14 14:53 - 2018-10-21 07:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-14 14:53 - 2018-10-21 07:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-11-14 14:53 - 2018-10-21 07:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-11-14 14:53 - 2018-10-21 06:59 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-11-14 14:53 - 2018-10-21 06:59 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-14 14:53 - 2018-04-28 05:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-11-13 14:17 - 2018-11-13 14:17 - 000173720 _____ (Check Point Software Technologies) C:\WINDOWS\system32\Drivers\epklib.sys
2018-11-10 11:09 - 2018-11-10 11:09 - 032659933 _____ C:\Users\Doobeeczech\Desktop\beoplayproductupdater106exe.zip
2018-11-10 11:09 - 2018-11-10 11:09 - 000002114 _____ C:\Users\Doobeeczech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Beoplay Software Update.lnk
2018-11-10 11:09 - 2018-11-10 11:09 - 000000000 ____D C:\Program Files (x86)\Beoplay Software Update
2018-11-09 11:12 - 2018-11-09 11:12 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\ElevatedDiagnostics
2018-11-07 23:40 - 2018-11-07 23:42 - 111577423 _____ C:\Users\Doobeeczech\Desktop\Panda_Dub_The_Lost_Ship.zip
2018-11-07 12:53 - 2018-11-07 12:53 - 000000000 ____D C:\ProgramData\Steam
2018-11-04 15:17 - 2018-11-04 15:17 - 000000044 _____ C:\WINDOWS\wawx_dumpreg64.dll
2018-11-04 15:17 - 2018-11-04 15:17 - 000000044 _____ C:\Users\Doobeeczech\AppData\Roaming\twow_sysprepdt.dat
2018-11-04 15:13 - 2018-11-04 21:03 - 000000000 ____D C:\Users\Doobeeczech\AppData\Roaming\Eurobattle.net
2018-11-04 15:13 - 2018-11-04 15:13 - 000000746 _____ C:\Users\Doobeeczech\Desktop\Eurobattle.net Client.lnk
2018-11-04 14:29 - 2018-11-04 14:32 - 000044603 _____ C:\WINDOWS\War3Unin.dat
2018-11-04 14:29 - 2018-11-04 14:31 - 000139264 _____ (Blizzard Entertainment) C:\WINDOWS\War3Unin.exe
2018-11-04 14:29 - 2018-11-04 14:31 - 000002829 _____ C:\WINDOWS\War3Unin.pif
2018-11-04 14:29 - 2018-11-04 14:31 - 000000000 ____D C:\Users\Doobeeczech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
2018-11-04 13:35 - 2018-11-18 10:24 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\Blizzard
2018-11-04 13:35 - 2018-11-04 13:35 - 000000000 ____D C:\Users\Public\Documents\Warcraft III
2018-11-04 13:35 - 2018-11-04 13:35 - 000000000 ____D C:\Users\Doobeeczech\Documents\Warcraft III
2018-11-04 13:35 - 2018-11-04 13:35 - 000000000 ____D C:\Users\Doobeeczech\AppData\Roaming\Battle.net

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-02 14:43 - 2018-09-14 01:41 - 000000000 ____D C:\Users\Doobeeczech\AppData\Roaming\vlc
2018-12-02 14:06 - 2018-09-15 12:49 - 000933328 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-02 14:06 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-02 14:03 - 2018-09-21 23:17 - 000000688 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2018-12-02 13:54 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-02 13:44 - 2018-09-15 12:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-02 13:44 - 2018-09-13 00:45 - 000000000 ____D C:\Program Files (x86)\Steam
2018-12-02 13:44 - 2018-09-12 13:38 - 000000000 __SHD C:\Users\Doobeeczech\IntelGraphicsProfiles
2018-12-02 13:44 - 2018-09-12 12:55 - 000000000 ____D C:\ProgramData\NVIDIA
2018-12-02 13:43 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-12-02 13:40 - 2018-09-15 12:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-12-02 10:09 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-12-02 03:48 - 2018-09-13 03:03 - 000000000 ____D C:\Program Files (x86)\Webteh
2018-12-02 03:29 - 2018-09-14 02:05 - 000000000 ___DC C:\WINDOWS\Panther
2018-12-01 12:32 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-01 06:03 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-01 05:59 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-30 20:52 - 2018-09-22 11:54 - 000000000 ____D C:\Users\Doobeeczech\AppData\Roaming\uTorrent
2018-11-30 20:52 - 2018-09-13 03:16 - 000000388 _____ C:\WINDOWS\Tasks\HPCeeScheduleForDoobeeczech.job
2018-11-30 20:20 - 2018-09-15 12:53 - 000003304 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForDoobeeczech
2018-11-30 09:11 - 2018-09-15 17:58 - 000000000 ____D C:\Users\Doobeeczech\AppData\Roaming\Psiphon3
2018-11-28 17:50 - 2018-09-12 13:38 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\Packages
2018-11-27 10:08 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-27 10:02 - 2018-09-12 13:39 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\NVIDIA Corporation
2018-11-27 10:02 - 2018-09-12 12:55 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-11-27 10:02 - 2018-09-12 12:55 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-11-27 10:02 - 2018-09-12 12:54 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-11-27 09:58 - 2018-09-13 02:53 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\CrashDumps
2018-11-27 09:55 - 2018-09-14 11:53 - 000592416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-11-27 09:54 - 2016-11-18 12:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-11-27 09:48 - 2018-09-14 11:58 - 000000000 ____D C:\ProgramData\Avira
2018-11-27 09:48 - 2018-09-14 11:58 - 000000000 ____D C:\Program Files (x86)\Avira
2018-11-27 09:48 - 2016-11-18 12:18 - 000002134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Audio Switch.lnk
2018-11-27 09:48 - 2016-11-18 12:17 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-27 09:45 - 2018-09-12 12:54 - 000000000 ____D C:\Intel
2018-11-26 20:30 - 2018-09-13 00:45 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-26 20:30 - 2018-09-13 00:45 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-11-23 12:38 - 2018-09-15 17:58 - 006102128 _____ C:\Users\Doobeeczech\Desktop\psiphon3.exe
2018-11-21 10:22 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-17 00:01 - 2018-09-13 12:07 - 000000000 ____D C:\Program Files\rempl
2018-11-17 00:00 - 2018-04-12 00:41 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-17 00:00 - 2018-04-12 00:41 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-15 22:15 - 2018-09-12 13:02 - 000000000 ____D C:\ProgramData\CyberLink
2018-11-15 20:28 - 2018-09-13 12:03 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2018-11-14 19:22 - 2018-09-14 12:00 - 000000000 ____D C:\Users\Public\PrivacyPal Sessions
2018-11-14 19:19 - 2018-09-15 12:54 - 000000000 ___RD C:\Users\Doobeeczech\3D Objects
2018-11-14 19:19 - 2018-09-15 12:47 - 000272736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-14 19:19 - 2016-07-29 13:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-14 18:41 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-14 18:41 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-14 18:41 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-14 18:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-14 18:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-14 18:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 18:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-14 14:54 - 2018-04-12 00:34 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-11-14 14:54 - 2018-04-12 00:34 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-11-14 14:52 - 2018-09-13 12:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-14 14:51 - 2018-09-13 12:10 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-13 15:45 - 2018-09-15 12:49 - 000000000 ____D C:\Users\Doobeeczech
2018-11-10 10:56 - 2018-09-12 12:54 - 000258766 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-11-10 10:55 - 2018-09-15 12:49 - 000002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B&O Play Audio Control.lnk
2018-11-10 10:55 - 2018-09-12 12:54 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-11-09 11:17 - 2018-09-16 10:26 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\PlaceholderTileLogoFolder
2018-11-06 23:52 - 2018-09-12 13:40 - 000000000 ___RD C:\Users\Doobeeczech\OneDrive
2018-11-06 23:52 - 2016-11-18 12:16 - 000000000 ____D C:\Program Files\HP
2018-11-06 23:51 - 2016-11-18 12:17 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2018-11-06 23:47 - 2016-11-19 01:02 - 000000000 ___HD C:\hp
2018-11-05 00:31 - 2018-10-03 02:31 - 000000000 ____D C:\Users\Doobeeczech\AppData\Local\TeamViewer

==================== Files in the root of some directories =======

2018-11-04 15:17 - 2018-11-04 15:17 - 000000044 _____ () C:\Users\Doobeeczech\AppData\Roaming\twow_sysprepdt.dat

Some files in TEMP:
====================
2013-10-05 09:38 - 2013-10-05 09:38 - 000455328 _____ (Microsoft Corporation) C:\Users\Doobeeczech\AppData\Local\Temp\msvcp120.dll
2013-10-05 09:38 - 2013-10-05 09:38 - 000970912 _____ (Microsoft Corporation) C:\Users\Doobeeczech\AppData\Local\Temp\msvcr120.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-15 12:47

==================== End of FRST.txt ============================


Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by Doobeeczech (02-12-2018 14:47:11)
Running from C:\Users\Doobeeczech\Desktop
Windows 10 Home Version 1803 17134.407 (X64) (2018-09-15 11:53:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3637455016-2696831471-6342456-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3637455016-2696831471-6342456-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3637455016-2696831471-6342456-1000 - Limited - Disabled) => C:\Users\defaultuser0
Doobeeczech (S-1-5-21-3637455016-2696831471-6342456-1001 - Administrator - Enabled) => C:\Users\Doobeeczech
Guest (S-1-5-21-3637455016-2696831471-6342456-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3637455016-2696831471-6342456-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {8D637332-9C08-995E-98D7-8237936B0E9F}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\uTorrent) (Version: 3.5.4.44846 - BitTorrent Inc.)
Age of Empires II HD (c) Microsoft Studios version 1 (HKLM-x32\...\QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1) (Version: 1 - )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Beoplay Software Update (HKLM-x32\...\Beoplay Software Update) (Version: - )
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.14.74 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.6909 - CyberLink Corp.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 399.24 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM-x32\...\{8F183B2E-D21D-4070-8132-DD39C3CBFA5C}) (Version: 6.0.41.1 - HP)
HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{7FF9E31F-FAC5-4C7B-970B-FE464B8C6A62}) (Version: 1.5.2.0 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8361.5688 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{11B7269C-6904-485C-9875-F23AAE32E671}) (Version: 12.9.24.3 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP)
Check Point SBA (HKLM\...\{B212ABB9-E151-444B-975C-8A3EA9DC8EFB}) (Version: 86.4.9056 - Check Point Software Technologies Ltd.) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4749 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{8790ED90-756F-45DD-B38F-7436093963C6}) (Version: 19.11.1639.0649 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel(R) Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{8c595286-0f9e-42de-a0d4-969aba282637}) (Version: 20.50.0 - Intel Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.29.14153 - Electronic Arts, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\TeamSpeak 3 Client) (Version: 3.2.2 - TeamSpeak Systems GmbH)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.26558 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\Warcraft III) (Version: - )
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
ZoneAlarm Anti-Ransomware (HKLM-x32\...\{0B8C3231-9818-4CB9-8213-4AB839836791}) (Version: 1.001.0704 - Check Point Software) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{6F277433-5A52-4DC5-AA23-ECE8FD045EBD}) (Version: 15.4.062.17802 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.4.062.17802 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{37F2A556-851C-46BA-BDD4-48745E7A106B}) (Version: 15.4.062.17802 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxDTCM.dll [2017-09-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-09-06] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D113B85-C2E6-4A8A-9454-E87ED6D09E9F} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {30729A77-FEE6-454A-9CED-3130F441AB59} - System32\Tasks\HPCeeScheduleForDoobeeczech => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {338ED027-E5B9-43CF-BFA8-F7F7741B6E0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {35199E55-7F81-4876-83E8-8D98473726C8} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2018-07-31] (Bitdefender)
Task: {3F170A71-071A-4708-A69C-01538F67650E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)
Task: {5B9C05D6-1E8C-4D7C-9AF8-0FE73C218E18} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)
Task: {612BEE81-1DF7-4E2D-88FC-EC15B49674A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6E1B3B53-FD10-4E41-8C00-0D7A1ADCEEDF} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {6FF318C9-6113-4098-9244-01930CF38548} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2016-01-21] (HP Development Company, L.P.)
Task: {9283B477-E63B-493A-BB96-5EA545BF2018} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2016-10-04] (HP Inc.)
Task: {9C50A651-2691-4F42-833D-86B7D74A2718} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-10-11] (Intel(R) Corporation)
Task: {A34A21D3-4B78-4024-BAE6-38DA38B07452} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-13] (Google Inc.)
Task: {C5750C58-D933-4302-A2FD-9F7279000807} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [2017-07-28] ()
Task: {DB8C33B5-92AC-413F-B201-EE60FCCD528A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {DC74D08B-4AC0-4FB5-89E5-3A4F3CB38B79} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-10-29] (AVAST Software)
Task: {DD4AF246-F451-448B-B274-910AF2CDFEAE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {E1F72903-C119-4A08-AF1C-A53AD8626ED7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.)
Task: {E9F3B73A-7FCE-4877-860A-F66656F261C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-13] (Google Inc.)
Task: {FBF29012-B559-42E4-8AF2-E066F19DC79C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForDoobeeczech.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-11-27 10:07 - 2017-11-21 12:29 - 000278280 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2018-11-27 10:07 - 2018-11-14 21:28 - 000994752 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl
2018-11-27 10:07 - 2018-11-14 21:28 - 000544880 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl
2018-11-27 10:07 - 2018-11-14 21:28 - 003240080 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl
2018-11-27 10:07 - 2018-11-14 21:28 - 001530368 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl
2017-07-28 09:52 - 2017-07-28 09:52 - 000459680 _____ () C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-14 14:53 - 2018-11-01 07:55 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-11 23:31 - 2018-10-30 19:06 - 001057056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll
2018-10-11 23:31 - 2018-09-23 01:00 - 102804768 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2018-10-11 23:31 - 2018-09-23 01:00 - 004866336 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2018-10-11 23:31 - 2018-09-23 01:00 - 000116000 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2018-11-06 17:14 - 2018-11-06 17:14 - 000090576 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2018-10-25 02:39 - 2018-10-25 02:39 - 000033016 _____ () c:\program files (x86)\checkpoint\endpoint security\tpcommon\cipolla\sbacipollasrvhost.exe
2018-11-07 23:38 - 2018-11-07 23:38 - 000194048 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-07 23:38 - 2018-11-07 23:38 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-07 23:38 - 2018-11-07 23:38 - 001754112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-11-14 14:53 - 2018-11-01 07:53 - 002068480 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 001465856 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
2018-09-15 19:32 - 2018-06-08 09:55 - 003037184 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000580608 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.Relevance.QueryClient.dll
2018-10-25 01:44 - 2018-10-25 01:44 - 000163576 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\TPCommonCLI.dll
2018-08-29 15:21 - 2018-08-29 15:21 - 000095992 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationProxyWrapperLib.dll
2018-09-05 11:11 - 2018-09-05 11:11 - 000104184 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Security\Reputation\ReputationProviderCLI.dll
2018-09-13 00:46 - 2018-10-30 19:06 - 000879904 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-09-13 00:46 - 2016-09-01 02:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-09-13 00:46 - 2018-11-26 21:29 - 002649376 _____ () C:\Program Files (x86)\Steam\video.dll
2018-09-13 00:46 - 2016-09-01 02:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-09-13 00:46 - 2016-09-01 02:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-09-13 00:46 - 2017-12-20 02:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-09-13 00:46 - 2017-12-20 02:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-09-13 00:46 - 2017-12-20 02:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-09-13 00:46 - 2017-12-20 02:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-09-13 00:46 - 2017-12-20 02:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-09-13 00:46 - 2018-11-26 21:29 - 001028384 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-09-13 00:46 - 2016-07-04 23:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-11-14 20:13 - 2018-11-14 20:13 - 000156672 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\3ec2db86530416424ce78d35a4f59019\BRIDGECommon.ni.dll
2018-11-14 20:14 - 2018-11-14 20:14 - 000329728 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\67e2afd1f0d80ae6e2ae80d0e7c70ce0\CleanStartController.ni.dll
2018-11-14 20:14 - 2018-11-14 20:14 - 000116736 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\bb189cf554a6eb5e3d47f1f8dff084f2\BridgeExtension.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3637455016-2696831471-6342456-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Doobeeczech\Desktop\hp_logo_abstract_66787_1920x1080 (1).jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A5A9B1FC-D290-4693-8742-C87804E8FDE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DE7CAD48-C8E4-4CCE-A9A4-4D0318A6AECC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6F655849-C0CB-4A2B-B183-7059206C6968}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E6510D16-DDBD-414D-81B7-089B9CBEA1DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8E751B9D-9F72-471A-8057-C91168CF30DD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{73370AA3-9FD3-4294-A3A1-B9F431BA5EF4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{572D0953-CB3F-4E62-9285-539A73607EF1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{4A561BA0-B847-4C2A-AF4A-6AD00E611C0C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{095F6A97-0609-4CC0-BA21-CDB49361045C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{5BED68AB-9A8C-4590-9095-9144363A62BD}] => (Allow) D:\steamgames\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{F851F0CC-BD05-4148-83E9-44CE7EA0855D}] => (Allow) D:\steamgames\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [TCP Query User{BAC52156-9751-4BCB-868F-12F184BEF43B}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{D8D72962-EEC8-48CD-AD13-E086F79C033D}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{66E88065-1754-426E-B0CB-7AA40E01EB3F}] => (Allow) D:\steamgames\steamapps\common\H1Z1\H1Z1_BE.exe
FirewallRules: [{D3AF2242-75C6-4CD3-844B-CD30DB76C8C2}] => (Allow) D:\steamgames\steamapps\common\H1Z1\H1Z1_BE.exe
FirewallRules: [{2D608C3F-B2DF-40D8-8036-80F7375DECC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{B5F3B190-2DDF-46F9-8F93-BEF330B264B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{B068A600-416D-4F04-BAD0-786A1391938F}] => (Allow) C:\Users\Doobeeczech\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DB3A0A14-68F2-407A-AAA4-3FCEE7EABA54}] => (Allow) C:\Users\Doobeeczech\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{58DA31E5-27B0-4469-9E2E-A5DB718B48C6}D:\steamgames\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\steamgames\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{4E57B124-E8E1-4E0E-9730-65888D84E404}D:\steamgames\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\steamgames\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{16A8000E-2260-4B75-A34D-BFDD8A212B62}] => (Block) D:\steamgames\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{C9E8A1BB-6002-4BB0-BB11-5A24B10CF701}] => (Block) D:\steamgames\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{2C358319-E23E-4D27-A60E-01D589D75C8E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{D9D20CBE-D8CF-4758-B7D4-C6CE1FF7D545}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{A6164986-BD44-454A-9B18-48542D8F70B0}] => (Allow) D:\New folder\TeamViewer.exe
FirewallRules: [{D5CDF12A-A221-45E2-937A-F0D60A973385}] => (Allow) D:\New folder\TeamViewer.exe
FirewallRules: [{9CF92C3E-D663-4488-AD91-B33BFD03E41B}] => (Allow) D:\New folder\TeamViewer_Service.exe
FirewallRules: [{190EF7C0-B01D-46BA-828B-B35189EA84DB}] => (Allow) D:\New folder\TeamViewer_Service.exe
FirewallRules: [TCP Query User{1A5E3261-6270-4D97-BA45-A16F903F82EA}D:\steamgames\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) D:\steamgames\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{FF464AB7-D476-4AFD-911C-1DBA1107E999}D:\steamgames\steamapps\common\left 4 dead 2\left4dead2.exe] => (Allow) D:\steamgames\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{B008EA5B-9078-40DE-AE4C-E9A8867687EE}] => (Allow) D:\origingames\Battlefield 3\bf3.exe
FirewallRules: [{EE67F9BA-9459-4CF4-98E0-33ECEAE1AE89}] => (Allow) D:\origingames\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{29296E57-9152-48E2-9993-459928CBAFF9}D:\warcraft iii\warcraft iii.exe] => (Block) D:\warcraft iii\warcraft iii.exe
FirewallRules: [UDP Query User{4BF9A88B-E518-4A08-8515-2316EE72255A}D:\warcraft iii\warcraft iii.exe] => (Block) D:\warcraft iii\warcraft iii.exe
FirewallRules: [{04C29B3F-1732-407A-B57A-88AE5B9AFB0D}] => (Allow) D:\steamgames\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{DABA2437-43FD-41F3-9DF0-F5EDF3030375}] => (Allow) D:\steamgames\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{7E9E0CB8-3A54-4015-BA5B-E2554E321E3A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C4007F78-CD6A-47A7-B973-68FA03FDC890}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{A9F15564-DB4B-4F5E-8211-E468A65E97F9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{28E43A9A-4518-4651-9416-5E3E84F03ED4}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{A39AF34B-5069-4C29-A8E5-B23F6EB6625A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F13A46F7-A79B-48B6-AA06-EE154170D0FB}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{EC77D24C-3341-4DC4-AE40-9B0C59C45CC7}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{AC37788F-94E4-4F29-9112-A8A34FA5367D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{8AFC4217-7E5B-4104-8F68-CA39D2813D7A}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{6C4ACE9B-C563-4BF3-B2CC-2050DE93A855}] => (Allow) %systemroot%\system32\alg.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2018 03:48:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (12/02/2018 03:48:23 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9af9a8c4-8985-46b3-8f4c-a58b8859d455}

Error: (11/27/2018 10:08:17 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_SNOOZED.

Error: (11/27/2018 10:08:17 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_SNOOZED.

Error: (11/27/2018 09:43:33 AM) (Source: AviraOptimizerHost) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/26/2018 02:26:48 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (11/26/2018 02:26:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/25/2018 02:26:24 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.


System errors:
=============
Error: (12/02/2018 02:44:21 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-BQDB2DA8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-BQDB2DA8\Doobeeczech SID (S-1-5-21-3637455016-2696831471-6342456-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2018 02:42:13 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-BQDB2DA8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-BQDB2DA8\Doobeeczech SID (S-1-5-21-3637455016-2696831471-6342456-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2018 02:14:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2018 02:04:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2018 01:58:03 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-BQDB2DA8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-BQDB2DA8\Doobeeczech SID (S-1-5-21-3637455016-2696831471-6342456-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2018 01:44:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2018 01:44:40 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-BQDB2DA8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-BQDB2DA8\Doobeeczech SID (S-1-5-21-3637455016-2696831471-6342456-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2018 01:44:36 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-BQDB2DA8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-BQDB2DA8\Doobeeczech SID (S-1-5-21-3637455016-2696831471-6342456-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-11-27 09:45:20.540
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.275.1209.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-27 09:45:20.540
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.275.1209.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-27 09:45:20.540
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.275.1209.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-27 09:45:20.464
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.275.1209.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15200.1
Error code: 0x800704cf
Error description: The network location cannot be reached. For information about network troubleshooting, see Windows Help.

Date: 2018-11-27 09:44:04.461
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.275.1209.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15200.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 37%
Total physical RAM: 8077.22 MB
Available physical RAM: 5010.42 MB
Total Virtual: 9357.22 MB
Available Virtual: 5125.32 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:118.01 GB) (Free:44.6 GB) NTFS
Drive d: (DATA) (Fixed) (Total:919.13 GB) (Free:349.47 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:12.38 GB) (Free:1.24 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{bf87eba1-cd1e-47e7-bc7b-b2380f2b8266}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.46 GB) NTFS
\\?\Volume{a376c221-1233-44ad-9af9-79c1110d03da}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 3FB81CC6)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: CE71F91C)

Partition: GPT.

==================== End of Addition.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
C.\windows\temp
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\Run: [] => [X]
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\MountPoints2: {c5bdcacd-ca86-11e8-946b-c8d3ffece6da} - "G:\HiSuiteDownLoader.exe"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
CHR StartupUrls: Default -> "hxxp://websearch.search-guide.info/?pid=518&r=2013/11/12&hid=9512509551006325946&lg=EN&cc=CZ&unqvl=40","hxxps://www.google.com/"
U3 aswbdisk; no ImagePath
U3 iswSvc; no ImagePath
C:\WINDOWS\LastGood.Tmp
C:\Users\Doobeeczech\AppData\Local\Temp
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {E9F3B73A-7FCE-4877-860A-F66656F261C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-13] (Google Inc.)
Task: {A34A21D3-4B78-4024-BAE6-38DA38B07452} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-13] (Google Inc.)

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Doobee]

Fixlog.txt


Fix result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by Doobeeczech (02-12-2018 18:08:05) Run:1
Running from C:\Users\Doobeeczech\Desktop
Loaded Profiles: Doobeeczech (Available Profiles: defaultuser0 & Doobeeczech)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
C.\windows\temp
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\Run: [] => [X]
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\...\MountPoints2: {c5bdcacd-ca86-11e8-946b-c8d3ffece6da} - "G:\HiSuiteDownLoader.exe"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
CHR StartupUrls: Default -> "hxxp://websearch.search-guide.info/?pid=518&r=2013/11/12&hid=9512509551006325946&lg=EN&cc=CZ&unqvl=40","hxxps://www.google.com/"
U3 aswbdisk; no ImagePath
U3 iswSvc; no ImagePath
C:\WINDOWS\LastGood.Tmp
C:\Users\Doobeeczech\AppData\Local\Temp
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {E9F3B73A-7FCE-4877-860A-F66656F261C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-13] (Google Inc.)
Task: {A34A21D3-4B78-4024-BAE6-38DA38B07452} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-09-13] (Google Inc.)

EmptyTemp:
End
*****************

Processes closed successfully.
C.\windows\temp => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-3637455016-2696831471-6342456-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKU\S-1-5-21-3637455016-2696831471-6342456-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5bdcacd-ca86-11e8-946b-c8d3ffece6da} => removed successfully
HKLM\Software\Classes\CLSID\{c5bdcacd-ca86-11e8-946b-c8d3ffece6da} => not found
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"Chrome StartupUrls" => removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\iswSvc => removed successfully
iswSvc => service removed successfully
C:\WINDOWS\LastGood.Tmp => moved successfully

"C:\Users\Doobeeczech\AppData\Local\Temp" folder move:

Could not move "C:\Users\Doobeeczech\AppData\Local\Temp" => Scheduled to move on reboot.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E9F3B73A-7FCE-4877-860A-F66656F261C2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9F3B73A-7FCE-4877-860A-F66656F261C2}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A34A21D3-4B78-4024-BAE6-38DA38B07452}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A34A21D3-4B78-4024-BAE6-38DA38B07452}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9494528 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20020091 B
Java, Flash, Steam htmlcache => 41961510 B
Windows/system/drivers => 1208274 B
Edge => 409 B
Chrome => 446410968 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4508 B
LocalService => 0 B
NetworkService => 912 B
NetworkService => 0 B
defaultuser0 => 0 B
Doobeeczech => 99224447 B

RecycleBin => 0 B
EmptyTemp: => 589.7 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-12-2018 18:09:45)

C:\Users\Doobeeczech\AppData\Local\Temp => moved successfully

==== End of Fixlog 18:09:45 ====

[Rudy]

Nastala nějaká změna?

[Doobee]

Opakované hlášení na ransom. PC se ale v tuto chvíli nechová nijak neobvykle.

[Rudy]

OK. Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Stáhněte, spusťte a nechte pracovat. Po skončení akce smažte vše, co utilita našla a restartujte.

[Doobee]

Žádný nález, nic nesmazalo. Nenašlo nic i když jsem dal kontrolovat přesně tu složku s virem. Složky náhodně přibívají s malými změnami v názvu a pak stejně náhodně mizí. Soubory tak stejně.

Přikládám screen

[Rudy]

Zkuste ručně smazat ten adresř v nouz. režimu. Pokud to nepůjde, použijte tento návod: http://www.servispckupka.cz/jak_smazat_ ... tranit.php .

[Doobee]

Moc sem se nedozvěděl. IObit Unlocker soubory smazal a po restartu se zase oběvily. Zkusím ještě process explorer a pokusím se zjistit, co ty soubory vytváří. Každopádně narazil sem na ten samý problém u někoho jiného viz. TADY a zmiňuje to přesně ty složky, které se mi vytváří (DPTF, DiagTrack_XXX, tmp000000xx) a je tam řečeno, že tyto soubory mohou být neškodné. I přesto mě štve, že nevím, co se děje, ale dokud mám antivir a firewall, jsou pravděpodobně opravdu neškodné. I když v systému nebo registrech je asi něco zakořeněné. Taky jsem zjistil, že DPTF je pravděpodobně soubor Biosu. Je možné, že jsou i ty ostatní?