bohužel se členu mé rodiny v brzkých ranních hodinách podařilo poklepat na archiv v příloze emailu, který se tvářil jako faktura (klasika pdf.rar). Předpokládám nějaký ransomware, pravidelně vyskakuje windows defender, že byla odstraněna hrozba a není třeba žádné akce. Důležité soubory s posledními změnami se mi myslím podařilo zabalit do archivu a vytáhnout na prázdný flashdisk, zatím jsem je ale nekontroloval. Při prvotním pokusu o zkopírování pouze holých souborů (dokumenty - např. word, excel apod.) na flashdisk byl výstupem .jsc soubor a jejich obsah po otevření vypadal zdánlivě jako šifrovaný. Případnou zálohu souborů z PC mám relativně nedávnou.
Přišlo mi, že soubory na disku jsou zatím čitelné a jde s nimi normálně pracovat. PC je nyní v režimu spánku a zakázal jsem všem s ním cokoliv dělat.
Prosím o pomoc a zajímalo by mne, o jaké svinstvo se jedná?
Předem děkuji za jakoukoliv pomoc.
Screenshot emailu: https://prnt.sc/lsx5dz
RSIT
Kód: Vybrat vše
Logfile of random's system information tool 1.10 (written by random/random)
Run by Semerak at 2018-12-10 07:28:27
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 147 GB (48%) free of 307 GB
Total RAM: 8103 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:28:43, on 10.12.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19178)
Boot mode: Normal
Running processes:
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Users\Semerak\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Semerak.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: cvvi.jse
O4 - Startup: speedfan – zástupce.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7360 bytes
======Scheduled tasks folder======
=========Mozilla firefox=========
ProfilePath - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.novinky.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, FasterFox_Lite@BigRedBrent:3.9Lite, {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.131 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\searchplugins\
bazocz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-28 461888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-28 173120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"=C:\Program Files\TrueCrypt\TrueCrypt.exe [2011-10-24 1517520]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25 31682144]
C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
cvvi.jse
speedfan – zástupce.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
"EnableLinkedConnections"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FFDS"=C:\PROGRA~2\COMBIN~1\Filters\FFDShow\ff_vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2018-12-10 07:28:29 ----D---- C:\Program Files (x86)\trend micro
2018-12-10 07:28:27 ----D---- C:\rsit
2018-11-15 03:01:41 ----SHD---- C:\Config.Msi
2018-11-14 07:56:57 ----A---- C:\Windows\SysWOW64\mshtml.dll
2018-11-14 07:56:55 ----A---- C:\Windows\SysWOW64\ieframe.dll
2018-11-14 07:56:53 ----A---- C:\Windows\SysWOW64\wininet.dll
2018-11-14 07:56:52 ----A---- C:\Windows\SysWOW64\tquery.dll
2018-11-14 07:56:52 ----A---- C:\Windows\SysWOW64\ole32.dll
2018-11-14 07:56:52 ----A---- C:\Windows\SysWOW64\mssrch.dll
2018-11-14 07:56:51 ----A---- C:\Windows\SysWOW64\vbscript.dll
2018-11-14 07:56:51 ----A---- C:\Windows\SysWOW64\SearchIndexer.exe
2018-11-14 07:56:51 ----A---- C:\Windows\SysWOW64\rpcrt4.dll
2018-11-14 07:56:51 ----A---- C:\Windows\SysWOW64\iertutil.dll
2018-11-14 07:56:50 ----A---- C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-11-14 07:56:50 ----A---- C:\Windows\SysWOW64\mssph.dll
2018-11-14 07:56:49 ----A---- C:\Windows\SysWOW64\SearchFilterHost.exe
2018-11-14 07:56:49 ----A---- C:\Windows\SysWOW64\scrobj.dll
2018-11-14 07:56:49 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2018-11-14 07:56:49 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2018-11-14 07:56:49 ----A---- C:\Windows\SysWOW64\ntdll.dll
2018-11-14 07:56:49 ----A---- C:\Windows\SysWOW64\mshtmlmedia.dll
2018-11-14 07:56:49 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SysWOW64\wshcon.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SysWOW64\wscript.exe
2018-11-14 07:56:48 ----A---- C:\Windows\SysWOW64\urlmon.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SysWOW64\scrrun.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SysWOW64\dispex.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SysWOW64\d3d10warp.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SysWOW64\cscript.exe
2018-11-14 07:56:48 ----A---- C:\Windows\SysWOW64\certcli.dll
2018-11-14 07:56:47 ----A---- C:\Windows\SysWOW64\kerberos.dll
2018-11-14 07:56:47 ----A---- C:\Windows\SysWOW64\advapi32.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\webcheck.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\wdigest.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\TSpkg.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\sspicli.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\srclient.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\schannel.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\setup16.exe
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\secur32.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\rpchttp.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\ncrypt.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\msv1_0.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\kernel32.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\jscript9.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\jscript.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\cryptbase.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\credssp.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\comcat.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\bcrypt.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\auditpol.exe
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\appidapi.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\apisetschema.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-11-14 07:56:45 ----A---- C:\Windows\SysWOW64\wow32.dll
2018-11-14 07:56:45 ----A---- C:\Windows\SysWOW64\mssvp.dll
2018-11-14 07:56:45 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\occache.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\msrating.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\jscript9diag.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\instnm.exe
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\ieui.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\dxtrans.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\dxtmsft.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\mssprxy.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\mssphtb.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\mssitlb.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\MshtmlDac.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\inseng.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\iesetup.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\ieetwproxystub.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\adtschema.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SysWOW64\user.exe
2018-11-14 07:56:42 ----A---- C:\Windows\SysWOW64\oleres.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SysWOW64\msshooks.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SysWOW64\msscntrs.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SysWOW64\msobjs.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SysWOW64\msaudite.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SysWOW64\iernonce.dll
======List of files/folders modified in the last 1 month======
2018-12-10 07:28:43 ----D---- C:\Windows\Prefetch
2018-12-10 07:28:41 ----D---- C:\Windows\Temp
2018-12-10 07:28:29 ----RD---- C:\Program Files (x86)
2018-12-10 06:47:14 ----D---- C:\Windows\System32
2018-12-10 06:47:14 ----D---- C:\Windows\inf
2018-12-10 04:39:12 ----D---- C:\Windows\Tasks
2018-12-09 09:52:38 ----SHD---- C:\System Volume Information
2018-11-21 06:05:25 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-11-21 06:05:21 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-15 05:26:44 ----D---- C:\Windows\rescache
2018-11-15 04:47:12 ----D---- C:\Users\Semerak\AppData\Roaming\Skype
2018-11-15 04:39:00 ----D---- C:\Windows\winsxs
2018-11-15 03:23:42 ----D---- C:\Windows\SysWOW64\migration
2018-11-15 03:23:42 ----D---- C:\Windows\SysWOW64\en-US
2018-11-15 03:23:42 ----D---- C:\Windows\SysWOW64\cs-CZ
2018-11-15 03:23:42 ----D---- C:\Windows\SysWOW64
2018-11-15 03:23:42 ----D---- C:\Program Files (x86)\Internet Explorer
2018-11-15 03:23:38 ----D---- C:\Windows\AppPatch
2018-11-15 03:05:22 ----SHD---- C:\Windows\Installer
2018-11-15 03:05:21 ----D---- C:\ProgramData\Microsoft Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 IfsMount;IfsMount; C:\Windows\system32\DRIVERS\ifsmount.sys []
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R0 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R1 Ext2fs;Ext2fs; C:\Windows\system32\DRIVERS\ext2fs.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys []
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys []
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys []
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys []
S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys []
S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys []
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys []
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys []
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-08-13 83984]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-26 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-26 125064]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V []
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-06-14 161472]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-01 272384]
S4 APC Data Service;APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
S4 APC UPS Service;APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-26 51320]
S4 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-01-29 279000]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-08-16 73728]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-11-21 216528]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 OKI OPHD DCS Loader;OKI OPHD DCS Loader; C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE [2011-10-23 20480]
S4 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-12-03 743688]
-----------------EOF-----------------
Kód: Vybrat vše
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by Semerak (administrator) on PRACOVNA2 (10-12-2018 07:40:43)
Running from C:\Users\Semerak\Downloads
Loaded Profiles: Semerak (Available Profiles: Semerak)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2011-10-24] (TrueCrypt Foundation)
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\MountPoints2: {6e3d0097-0dd5-11e1-ab27-f46d047b04f6} - K:\unlock.exe autoplay=true
Startup: C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvvi.jse [2018-12-10] ()
Startup: C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan – zástupce.lnk [2011-11-13]
ShortcutTarget: speedfan – zástupce.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{366927BE-BAB2-494B-86DD-2754BB1D4DDA}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-28] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-28] (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxp://195.28.70.134/kapor2/lib/mgaxctrl.cab
FireFox:
========
FF ProfilePath: C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default [2018-12-10]
FF Homepage: Mozilla\Firefox\Profiles\r1pxg21r.default -> hxxp://www.novinky.cz/
FF NetworkProxy: Mozilla\Firefox\Profiles\r1pxg21r.default -> no_proxies_on", "localhost,127.0.0.1"
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-05-12] [Legacy]
FF Extension: (Classic Theme Restorer) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2017-11-15] [Legacy]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\elemhidehelper@adblockplus.org.xpi [2017-04-12] [Legacy]
FF Extension: (Expire History By Days) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\expire-history-by-days@bonardo.net.xpi [2017-06-21]
FF Extension: (Tab Utilities) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\tabutils@ithinc.cn.xpi [2016-04-27] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-02]
FF Extension: (Vývojové sestavení Adblock Plus) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-03]
FF Extension: (Greasemonkey) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-08-29]
FF SearchPlugin: C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\searchplugins\bazocz.xml [2015-10-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-07-01] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-07-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
S4 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 OKI OPHD DCS Loader; C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE [20480 2011-10-23] (Oki Data Corporation) [File not signed]
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-11-12] (DT Soft Ltd)
R1 Ext2fs; C:\Windows\System32\DRIVERS\ext2fs.sys [364080 2015-12-26] (Stephan Schreiber)
R0 IfsMount; C:\Windows\System32\DRIVERS\ifsmount.sys [77360 2015-12-23] (Stephan Schreiber)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-10 07:37 - 2018-12-10 07:37 - 001362634 _____ C:\Users\Semerak\Downloads\FRST.zip
2018-12-10 07:35 - 2018-12-10 07:40 - 000041007 _____ C:\Users\Semerak\Downloads\Addition.txt
2018-12-10 07:31 - 2018-12-10 07:40 - 000011676 _____ C:\Users\Semerak\Downloads\FRST.txt
2018-12-10 07:30 - 2018-12-10 07:40 - 000000000 ____D C:\FRST
2018-12-10 07:30 - 2018-12-10 07:30 - 002417152 _____ (Farbar) C:\Users\Semerak\Downloads\FRST64.exe
2018-12-10 07:29 - 2018-12-10 07:29 - 001776640 _____ (Farbar) C:\Users\Semerak\Downloads\FRST.exe
2018-12-10 07:28 - 2018-12-10 07:35 - 000000000 ____D C:\rsit
2018-12-10 07:28 - 2018-12-10 07:28 - 000000000 ____D C:\Program Files (x86)\trend micro
2018-12-10 07:27 - 2018-12-10 07:27 - 001107968 _____ C:\Users\Semerak\Downloads\RSIT.exe
2018-12-10 07:24 - 2018-12-10 07:24 - 000000111 _____ C:\Users\Semerak\Desktop\ff_sync.rar
2018-12-10 07:16 - 2018-12-10 07:16 - 000000016 _____ C:\Users\Semerak\Desktop\ff_sync
2018-12-10 07:13 - 2018-12-10 07:39 - 813895779 _____ C:\Users\Semerak\Documents\Documents.rar
2018-12-10 07:11 - 2018-12-10 07:11 - 006939092 _____ C:\Users\Semerak\Documents\Faktury sro 2018.rar
2018-12-10 06:44 - 2018-12-10 05:56 - 002544880 _____ C:\Users\Semerak\Desktop\Účty 2000+.xlsx
2018-12-08 08:45 - 2018-12-08 08:45 - 000000000 ____D C:\Users\Semerak\Desktop\fotky prodej stromků
2018-11-28 19:01 - 2018-11-28 19:01 - 000249310 _____ C:\Users\Semerak\Desktop\ukončení mfdnes_.pdf
2018-11-14 07:56 - 2018-11-11 02:29 - 005551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-14 07:56 - 2018-11-11 02:28 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-11-14 07:56 - 2018-11-11 02:28 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-11-14 07:56 - 2018-11-11 02:28 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-11-14 07:56 - 2018-11-11 02:28 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-11-14 07:56 - 2018-11-11 02:27 - 001664352 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-11-14 07:56 - 2018-11-11 02:27 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-11-14 07:56 - 2018-11-11 02:26 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:14 - 004054248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-11-14 07:56 - 2018-11-11 02:14 - 003960040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-11-14 07:56 - 2018-11-11 02:12 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 01:53 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-11-14 07:56 - 2018-11-11 01:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-11-14 07:56 - 2018-11-11 01:53 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-11-14 07:56 - 2018-11-11 01:52 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-11-14 07:56 - 2018-11-11 01:48 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-11-14 07:56 - 2018-11-11 01:48 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-11-14 07:56 - 2018-11-11 01:47 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-11-14 07:56 - 2018-11-11 01:47 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-11-14 07:56 - 2018-11-11 01:45 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-11-14 07:56 - 2018-11-11 01:44 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-11-14 07:56 - 2018-11-11 01:44 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-11-14 07:56 - 2018-11-11 01:44 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-11-14 07:56 - 2018-11-11 01:43 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-11-14 07:56 - 2018-11-11 01:43 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-11-14 07:56 - 2018-11-11 01:43 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-11-14 07:56 - 2018-11-11 01:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-11-14 07:56 - 2018-11-11 01:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-11-14 07:56 - 2018-11-11 01:43 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-11-14 07:56 - 2018-11-11 01:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-11-14 07:56 - 2018-11-11 01:41 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-11-14 07:56 - 2018-11-11 01:41 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-11-14 07:56 - 2018-11-11 01:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-11-14 07:56 - 2018-11-11 01:40 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-11-14 07:56 - 2018-11-11 01:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 01:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 01:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 01:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-11-14 07:56 - 2018-10-27 04:42 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-11-14 07:56 - 2018-10-27 04:42 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-14 07:56 - 2018-10-27 04:42 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-11-14 07:56 - 2018-10-27 04:42 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2018-11-14 07:56 - 2018-10-27 04:41 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-11-14 07:56 - 2018-10-27 04:27 - 000173568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2018-11-14 07:56 - 2018-10-27 04:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-11-14 07:56 - 2018-10-27 04:27 - 000121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2018-11-14 07:56 - 2018-10-27 04:11 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-11-14 07:56 - 2018-10-27 04:11 - 000156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-11-14 07:56 - 2018-10-27 04:05 - 003227648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-14 07:56 - 2018-10-27 04:04 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2018-11-14 07:56 - 2018-10-27 04:04 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2018-11-14 07:56 - 2018-10-27 04:04 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2018-11-14 07:56 - 2018-10-27 04:04 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dispex.dll
2018-11-14 07:56 - 2018-10-18 20:49 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-11-14 07:56 - 2018-10-18 19:51 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-11-14 07:56 - 2018-10-18 03:48 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-14 07:56 - 2018-10-18 03:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-14 07:56 - 2018-10-12 21:36 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-11-14 07:56 - 2018-10-12 21:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-14 07:56 - 2018-10-12 21:25 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-11-14 07:56 - 2018-10-12 21:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-11-14 07:56 - 2018-10-12 21:25 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-11-14 07:56 - 2018-10-12 21:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-11-14 07:56 - 2018-10-12 21:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-11-14 07:56 - 2018-10-12 21:20 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-11-14 07:56 - 2018-10-12 21:20 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-11-14 07:56 - 2018-10-12 21:18 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-11-14 07:56 - 2018-10-12 21:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-14 07:56 - 2018-10-12 21:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-11-14 07:56 - 2018-10-12 21:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-11-14 07:56 - 2018-10-12 21:11 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-11-14 07:56 - 2018-10-12 21:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-11-14 07:56 - 2018-10-12 21:07 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-11-14 07:56 - 2018-10-12 21:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-11-14 07:56 - 2018-10-12 21:05 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-11-14 07:56 - 2018-10-12 21:04 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-11-14 07:56 - 2018-10-12 21:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-14 07:56 - 2018-10-12 21:03 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-11-14 07:56 - 2018-10-12 21:02 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-11-14 07:56 - 2018-10-12 20:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-14 07:56 - 2018-10-12 20:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-11-14 07:56 - 2018-10-12 20:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-14 07:56 - 2018-10-12 20:55 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-11-14 07:56 - 2018-10-12 20:55 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-11-14 07:56 - 2018-10-12 20:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-14 07:56 - 2018-10-12 20:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-14 07:56 - 2018-10-12 20:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-14 07:56 - 2018-10-12 03:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-11-14 07:56 - 2018-10-12 03:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-11-14 07:56 - 2018-10-12 03:12 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-11-14 07:56 - 2018-10-12 03:11 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-11-14 07:56 - 2018-10-12 03:10 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-14 07:56 - 2018-10-12 03:10 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-11-14 07:56 - 2018-10-12 03:10 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-11-14 07:56 - 2018-10-12 03:10 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-11-14 07:56 - 2018-10-12 03:04 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-11-14 07:56 - 2018-10-12 03:03 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-11-14 07:56 - 2018-10-12 03:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-11-14 07:56 - 2018-10-12 03:00 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-11-14 07:56 - 2018-10-12 03:00 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-11-14 07:56 - 2018-10-12 02:59 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-14 07:56 - 2018-10-12 02:59 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-11-14 07:56 - 2018-10-12 02:59 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-14 07:56 - 2018-10-12 02:54 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-11-14 07:56 - 2018-10-12 02:51 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-11-14 07:56 - 2018-10-12 02:46 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-11-14 07:56 - 2018-10-12 02:45 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-11-14 07:56 - 2018-10-12 02:44 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-11-14 07:56 - 2018-10-12 02:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-11-14 07:56 - 2018-10-12 02:42 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-11-14 07:56 - 2018-10-12 02:40 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-11-14 07:56 - 2018-10-12 02:38 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-11-14 07:56 - 2018-10-12 02:30 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-11-14 07:56 - 2018-10-12 02:27 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-14 07:56 - 2018-10-12 02:27 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-11-14 07:56 - 2018-10-12 02:26 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-11-14 07:56 - 2018-10-12 02:26 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-11-14 07:56 - 2018-10-12 02:25 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-14 07:56 - 2018-10-12 02:19 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-14 07:56 - 2018-10-12 02:06 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-14 07:56 - 2018-10-12 01:55 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-14 07:56 - 2018-10-06 17:02 - 000366824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-14 07:56 - 2018-10-06 14:42 - 001988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-11-14 07:56 - 2018-10-06 14:05 - 002565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-11-14 07:56 - 2018-09-23 03:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-11-14 07:56 - 2018-09-23 03:54 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-11-14 07:56 - 2018-09-23 03:54 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-11-14 07:56 - 2018-09-23 03:54 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-11-14 07:56 - 2018-09-23 03:54 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-11-14 07:56 - 2018-09-23 03:54 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2018-11-14 07:56 - 2018-09-23 03:54 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-11-14 07:56 - 2018-09-23 03:54 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-11-14 07:56 - 2018-09-23 03:54 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2018-11-14 07:56 - 2018-09-23 03:37 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-11-14 07:56 - 2018-09-23 03:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-11-14 07:56 - 2018-09-23 03:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-11-14 07:56 - 2018-09-23 03:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-11-14 07:56 - 2018-09-23 03:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2018-11-14 07:56 - 2018-09-23 03:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2018-11-14 07:56 - 2018-09-23 03:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2018-11-14 07:56 - 2018-09-23 03:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2018-11-14 07:56 - 2018-09-23 03:34 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-11-14 07:56 - 2018-09-23 03:34 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-11-14 07:56 - 2018-09-23 03:33 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-11-14 07:56 - 2018-09-23 03:22 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-11-14 07:56 - 2018-09-23 03:22 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-11-14 07:56 - 2018-09-23 03:21 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2018-11-14 07:56 - 2018-09-23 03:21 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2018-11-14 07:56 - 2018-08-28 04:48 - 000419608 _____ C:\Windows\SysWOW64\locale.nls
2018-11-14 07:56 - 2018-08-28 04:48 - 000419608 _____ C:\Windows\system32\locale.nls
2018-11-13 15:04 - 2018-11-13 15:04 - 000009918 _____ C:\Users\Semerak\Desktop\MojeBanka.htm
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-10 07:39 - 2011-11-13 12:40 - 000000000 ____D C:\Users\Semerak\Documents\Soubory aplikace Outlook
2018-12-10 06:49 - 2016-11-19 17:52 - 000000000 ____D C:\Users\Semerak\AppData\LocalLow\Mozilla
2018-12-10 06:47 - 2011-04-12 09:34 - 000672136 _____ C:\Windows\system32\perfh005.dat
2018-12-10 06:47 - 2011-04-12 09:34 - 000142732 _____ C:\Windows\system32\perfc005.dat
2018-12-10 06:47 - 2009-07-14 06:13 - 001593214 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-10 06:47 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-12-10 06:01 - 2011-11-13 13:02 - 000000000 ____D C:\Users\Semerak\Documents\Vánoční stromky
2018-12-10 05:56 - 2011-11-13 13:01 - 000000000 ____D C:\Users\Semerak\Documents\Jirka
2018-12-10 04:44 - 2009-07-14 05:45 - 000029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-10 04:44 - 2009-07-14 05:45 - 000029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-27 02:33 - 2010-11-21 04:27 - 000592416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-11-25 17:48 - 2018-03-24 08:05 - 000000000 ____D C:\Users\Semerak\Documents\Faktury sro 2018
2018-11-25 17:30 - 2011-11-13 13:00 - 000000000 ____D C:\Users\Semerak\Documents\Faktury sro 2006
2018-11-21 06:28 - 2011-11-13 13:02 - 000000000 ____D C:\Users\Semerak\Documents\vzory
2018-11-21 06:05 - 2016-11-18 07:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-21 06:05 - 2012-05-02 13:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-15 05:26 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2018-11-15 04:47 - 2017-05-30 18:28 - 000000000 ____D C:\Users\Semerak\AppData\Roaming\Skype
2018-11-15 04:38 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-15 04:38 - 2009-07-14 05:45 - 000342928 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-15 03:07 - 2013-08-05 02:03 - 000000000 ____D C:\Windows\system32\MRT
2018-11-15 03:05 - 2011-11-01 19:33 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-11-14 22:55 - 2015-04-26 08:48 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-14 05:12 - 2009-07-14 06:08 - 000032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\en_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\es_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000021880 _____ (Schneider Electric) C:\Users\Semerak\fr_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000021880 _____ (Schneider Electric) C:\Users\Semerak\grm_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\it_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000020344 _____ (Schneider Electric) C:\Users\Semerak\jp_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 001079808 _____ (Microsoft Corporation) C:\Users\Semerak\mfc80u.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000626688 _____ (Microsoft Corporation) C:\Users\Semerak\msvcr80.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 013923704 _____ (Schneider Electric) C:\Users\Semerak\PCPE Setup.exe
2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\pt_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000018808 _____ () C:\Users\Semerak\ResourceReader.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000020856 _____ (Schneider Electric) C:\Users\Semerak\ru_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000019832 _____ (Schneider Electric) C:\Users\Semerak\zh_res.dll
2011-11-17 16:38 - 2017-06-26 14:06 - 000033792 _____ () C:\Users\Semerak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-25 18:10 - 2016-12-25 19:32 - 000000600 _____ () C:\Users\Semerak\AppData\Local\PUTTY.RND
2017-05-20 09:42 - 2017-05-20 09:42 - 000000848 _____ () C:\Users\Semerak\AppData\Local\recently-used.xbel
2012-08-17 15:21 - 2014-07-10 20:11 - 000007611 _____ () C:\Users\Semerak\AppData\Local\resmon.resmoncfg
2013-02-01 09:58 - 2013-02-01 09:58 - 000000003 _____ () C:\Users\Semerak\AppData\Local\updater.log
2013-02-01 09:58 - 2014-12-17 13:19 - 000000425 _____ () C:\Users\Semerak\AppData\Local\UserProducts.xml
Some files in TEMP:
====================
2017-03-23 10:52 - 2017-03-23 10:53 - 002612600 _____ (Microsoft Corporation) C:\Users\Semerak\AppData\Local\Temp\DefaultPack.EXE
2017-08-22 12:52 - 2017-08-22 12:52 - 092985049 _____ () C:\Users\Semerak\AppData\Local\Temp\KCT-Pitztalske-alpy-m.exe
2017-03-23 20:09 - 2017-03-23 20:10 - 038086544 _____ (PandoraTV) C:\Users\Semerak\AppData\Local\Temp\KMP_4.1.5.8.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-12-04 00:36
==================== End of FRST.txt ============================
Kód: Vybrat vše
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by Semerak (10-12-2018 07:41:00)
Running from C:\Users\Semerak\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-10-23 16:49:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3730243165-907656754-2530024790-500 - Administrator - Disabled)
Guest (S-1-5-21-3730243165-907656754-2530024790-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3730243165-907656754-2530024790-1002 - Limited - Enabled)
Semerak (S-1-5-21-3730243165-907656754-2530024790-1000 - Administrator - Enabled) => C:\Users\Semerak
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
AIMP2 (HKLM-x32\...\AIMP2) (Version: - AIMP DevTeam)
ArcSoft MediaImpression 2 (HKLM-x32\...\{FB46F473-333E-4A06-A777-31C54188593E}) (Version: 2.0.14.672 - ArcSoft)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.27 - ArcSoft)
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5 (HKLM-x32\...\{E031338C-839D-4EDD-9537-99B653C39D81}) (Version: 6.5.5.24 - Autodesk, Inc.)
Balíček ovladače systému Windows - Hewlett-Packard Image (12/28/2006 8.0.0.0) (HKLM\...\4C806F98217A7FD4E853F458FF399F052625F21C) (Version: 12/28/2006 8.0.0.0 - Hewlett-Packard)
Balíček ovladače systému Windows - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Bullzip PDF Printer 10.12.0.2361 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.12.0.2361 - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Combined Community Codec Pack 2011-07-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{FE5ED0AC-BCC8-482A-8B08-AA11D5F00152}) (Version: 2.40.0002 - SEIKO EPSON CORPORATION)
EPSON Perfection V33/V330 Manuál (HKLM-x32\...\EPSON Perfection V33_V330 Manual) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Ext2 IFS 1.12 for Windows 7/Server 2008 R2 (HKLM\...\Ext2Ifs_for_NT601) (Version: - )
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.19.8 - Androxyde)
FreeFileSync 8.0 (HKLM-x32\...\FreeFileSync_is1) (Version: 8.0 - www.FreeFileSync.org)
Gaming Mouse (HKLM-x32\...\KYE) (Version: 8.01.00 - KYE Systems Corp.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Git version 2.6.4 (HKLM\...\Git_is1) (Version: 2.6.4 - The Git Development Community)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® SDK for OpenCL™ Applications 2015 for Windows* (HKLM\...\{646CF4A9-51D2-4F38-B2C6-E7B2E3BD496E}) (Version: 5.3.0.713 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JetAudio 8.0.1.110 Plus XCV Edition (HKLM-x32\...\JetAudio) (Version: 8.0.1.110 Plus - )
jetAudio Plus VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
LG CyberLink LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3109 - CyberLink Corp.) Hidden
LG CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3109 - CyberLink Corp.)
LG CyberLink Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.4009 - CyberLink Corp.) Hidden
LG CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.4009 - CyberLink Corp.)
LG CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.5529 - CyberLink Corp.)
LG CyberLink YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304a - CyberLink Corp.) Hidden
LG CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304a - CyberLink Corp.)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 9.01.1124.01 - )
LG Power Tools (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3316 - CyberLink Corp.) Hidden
LG Power Tools (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3316 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
Luminance HDR 2.4.0 (HKLM-x32\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version: - Luminance HDR Dev Team)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (čeština) (HKLM-x32\...\{E249803A-BD5B-4FDC-A630-976C2971F5B4}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (čeština) (HKLM-x32\...\{25C7677B-0398-46A3-A0EE-7B393D20FA30}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Modul pro žadatele (HKLM-x32\...\{61729396-388E-4F09-A7E9-87C0EBC85A05}) (Version: 1.0.7 - MZe)
Mozilla Firefox 63.0.3 (x64 cs) (HKLM\...\Mozilla Firefox 63.0.3 (x64 cs)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
Mp3tag v2.89a (HKLM-x32\...\Mp3tag) (Version: 2.89a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{D18925CE-5AF9-4394-8EF7-1081FFE7E98B}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Raw Codec (HKLM\...\{0136EF84-8660-4FE0-A9E5-F052F6230085}) (Version: 1.3.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 3 (HKLM-x32\...\{BC12793B-1F89-4950-BB6C-63467B76B2D9}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
PostSignumToolPlus (HKLM-x32\...\PostSignumToolPlus) (Version: 2.2.1.0 - Česká pošta s.p.)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
QIP 2012 4.0.6715 (HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\QIP 2012) (Version: 4.0.6715 - )
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Roslyn Language Services - x86 (HKLM-x32\...\{7E0DDE7A-9EC6-3672-AC92-08DA2C292DB7}) (Version: 14.0.24723 - Microsoft Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Secure Download Manager (HKLM-x32\...\{7682DFED-23C6-44C9-B9FD-109E0B630277}) (Version: 3.1.10 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
TortoiseGit 1.8.16.0 (64 bit) (HKLM\...\{A329FEBC-4132-4B07-8085-88E03A8C0C9B}) (Version: 1.8.16.0 - TortoiseGit)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ContextMenuHandlers1-x32: [AIMPClassic] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP2\System\aimp_shell.dll [2009-03-06] (AIMP DevTeam)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-07-12] (Florian Heidenreich)
ContextMenuHandlers1-x32: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2015-11-01] (hxxps://tortoisegit.org/)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-28] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-07-12] (Florian Heidenreich)
ContextMenuHandlers2: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2015-11-01] (hxxps://tortoisegit.org/)
ContextMenuHandlers3: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => K:\JetAudio\install\JetFlExt64.dll -> No File
ContextMenuHandlers4-x32: [AIMPClassic] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP2\System\aimp_shell.dll [2009-03-06] (AIMP DevTeam)
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-07-12] (Florian Heidenreich)
ContextMenuHandlers4-x32: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)
ContextMenuHandlers4-x32: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2015-11-01] (hxxps://tortoisegit.org/)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-28] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-29] (Intel Corporation)
ContextMenuHandlers5: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2015-11-01] (hxxps://tortoisegit.org/)
ContextMenuHandlers6: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => K:\JetAudio\install\JetFlExt64.dll -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)
ContextMenuHandlers6: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2015-11-01] (hxxps://tortoisegit.org/)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-28] ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1064FD5A-A433-4636-9C1F-D8F3E49A9A1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {18EFA45B-788D-4190-9AEE-6353BA3F3CAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5F5EDCDA-CB06-4908-8DE2-AF2C6978A47B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {60D9EB5B-3B0B-47B9-8859-6FC165F3B79C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {69AE4259-2B91-4732-AF10-8CEE38619511} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {89556DB1-948B-49AF-9A49-42A95BFE52FD} - System32\Tasks\{2F5BF6EE-F33C-423C-B09F-5967563D1162} => C:\Windows\system32\pcalua.exe -a C:\Users\Semerak\Downloads\irfanview_plugins_430_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {AE8C57E4-0B80-4545-A030-70C804B7FAE3} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {C669E260-17B3-4853-8577-339E2522CC39} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {C7CDFFBF-F784-4BB7-9404-736CD389B8B1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D249D029-BEC8-48C7-A99F-BF52E38EF642} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D6E568D3-945D-4B19-867A-62037BB1AFC4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {EE442941-F0E4-4889-8E4B-F75E7FDB2E9E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F4FE51B1-55F6-4E55-B364-C99377A6DABB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F5585C7C-7C9B-4423-A8A0-FC41A36A2016} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-01] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-11-01 21:45 - 2015-11-01 21:45 - 000934328 _____ () C:\Program Files\TortoiseGit\bin\libgit2_tgit.dll
2015-11-01 21:46 - 2015-11-01 21:46 - 000087480 _____ () C:\Program Files\TortoiseGit\bin\zlib1_tgit.dll
2011-11-12 23:00 - 2011-05-28 22:05 - 000164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-08-31 18:13 - 2011-08-31 18:13 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-11-01 21:43 - 2015-11-01 21:43 - 000694720 _____ () C:\Program Files\TortoiseGit\bin\libgit232_tgit.dll
2015-11-01 21:43 - 2015-11-01 21:43 - 000076728 _____ () C:\Program Files\TortoiseGit\bin\zlib132_tgit.dll
2018-10-17 19:59 - 2018-10-17 19:59 - 004310296 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\mojebanka.cz -> hxxps://etrading.mojebanka.cz
IE trusted site: HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\postsignum.cz -> hxxps://www.postsignum.cz
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-01-13 22:05 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APC Data Service => 2
MSCONFIG\Services: APC UPS Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: OKI OPHD DCS Loader => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: uvnc_service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk => C:\Windows\pss\APC UPS Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Semerak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lightshot.lnk => C:\Windows\pss\Lightshot.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Semerak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk => C:\Windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk.Startup
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: Display => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: Infium => "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Lightshot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
MSCONFIG\startupreg: mouseElf => C:\PROGRA~2\GAMING~1\MouseElf.EXE
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: OV3_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{883CF05C-3E93-4F1E-9DAE-762E93A8D252}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{0A4672D2-E35B-44E4-8EDC-19C57F723EA9}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{6DAE39AD-034B-420C-813F-BF863992E08B}C:\program files (x86)\qip 2012\qip.exe] => (Allow) C:\program files (x86)\qip 2012\qip.exe
FirewallRules: [UDP Query User{BAD0A031-C62F-4994-85BF-5A404658293C}C:\program files (x86)\qip 2012\qip.exe] => (Allow) C:\program files (x86)\qip 2012\qip.exe
FirewallRules: [TCP Query User{5F65C521-73BB-467D-BB12-34898D54F96E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{1C579A4B-B4A2-47D8-8F0D-F7FEC7DC770D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{BC812D18-D5D6-40D0-A0E1-CFA096FC7FAC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C54D8FBC-C2F5-4F39-B3F0-069B4954723C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{3D4A6AB6-C28C-4610-91E2-A3ED180D68EB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{55DAFA08-8FB1-4304-8DD0-FA1B490A6C0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{81CE29B8-0A7C-494F-A6DD-0FA8993B207E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B174085B-6EDD-4EC9-8F11-42A1D748BFE2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E11DCADE-3135-4542-AA6F-D929E28A1F15}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A7E6BC29-D401-4C8E-AFAE-6C0A543329E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{05904F70-F28A-4212-8157-E76D993D89DB}C:\program files (x86)\intel\opencl sdk\5.3\bin\x86\kbserver_ivb32.exe] => (Allow) C:\program files (x86)\intel\opencl sdk\5.3\bin\x86\kbserver_ivb32.exe
FirewallRules: [UDP Query User{B64064EC-CDB4-4652-A1F1-C0FF396F5F3B}C:\program files (x86)\intel\opencl sdk\5.3\bin\x86\kbserver_ivb32.exe] => (Allow) C:\program files (x86)\intel\opencl sdk\5.3\bin\x86\kbserver_ivb32.exe
FirewallRules: [{9F24033D-8DA8-4573-8C00-AC2E93338C70}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
==================== Restore Points =========================
28-11-2018 00:20:36 Windows Update
01-12-2018 05:29:49 Windows Update
04-12-2018 16:21:32 Windows Update
08-12-2018 06:45:22 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/15/2018 04:38:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (11/14/2018 05:13:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (11/08/2018 07:59:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (11/01/2018 02:55:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/29/2018 04:20:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/10/2018 06:24:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/07/2018 05:22:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (09/22/2018 01:16:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (12/10/2018 05:55:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR2.
Error: (12/10/2018 05:55:51 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR2.
Error: (12/10/2018 05:55:50 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR2.
Error: (12/10/2018 05:55:50 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR2.
Error: (11/08/2018 07:56:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {995C996E-D918-4A8C-A302-45719A6F4EA7} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/08/2018 07:55:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {F9717507-6651-4EDB-BFF7-AE615179BCCF} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/01/2018 02:52:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {995C996E-D918-4A8C-A302-45719A6F4EA7} se v daném časovém limitu neregistroval u služby DCOM.
Error: (10/29/2018 04:19:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (22:37:49, 28.10.2018) bylo neočekávané.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 54%
Total physical RAM: 8103.21 MB
Available physical RAM: 3682.08 MB
Total Virtual: 16204.57 MB
Available Virtual: 11654.8 MB
==================== Drives ================================
Drive c: (Systémový a pracovní disk) (Fixed) (Total:300 GB) (Free:138.36 GB) NTFS
Drive d: (Data) (Fixed) (Total:631.41 GB) (Free:535.26 GB) NTFS
Drive m: () (Removable) (Total:29.44 GB) (Free:7.33 GB) NTFS
\\?\Volume{2ac4f1bb-fd8e-11e0-8b78-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C099E35C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=300 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=631.4 GB) - (Type=0F Extended)
========================================================
Disk: 1 (Protective MBR) (Size: 29.4 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================