Kontrola logu po infikaci PC archivem z emailu

[Fjup]

Dobrý den,

bohužel se členu mé rodiny v brzkých ranních hodinách podařilo poklepat na archiv v příloze emailu, který se tvářil jako faktura (klasika pdf.rar). Předpokládám nějaký ransomware, pravidelně vyskakuje windows defender, že byla odstraněna hrozba a není třeba žádné akce. Důležité soubory s posledními změnami se mi myslím podařilo zabalit do archivu a vytáhnout na prázdný flashdisk, zatím jsem je ale nekontroloval. Při prvotním pokusu o zkopírování pouze holých souborů (dokumenty - např. word, excel apod.) na flashdisk byl výstupem .jsc soubor a jejich obsah po otevření vypadal zdánlivě jako šifrovaný. Případnou zálohu souborů z PC mám relativně nedávnou.

Přišlo mi, že soubory na disku jsou zatím čitelné a jde s nimi normálně pracovat. PC je nyní v režimu spánku a zakázal jsem všem s ním cokoliv dělat.

Prosím o pomoc a zajímalo by mne, o jaké svinstvo se jedná?

Předem děkuji za jakoukoliv pomoc.

Screenshot emailu: https://prnt.sc/lsx5dz

RSIT

Kód: Vybrat vše

Logfile of random's system information tool 1.10 (written by random/random)
Run by Semerak at 2018-12-10 07:28:27
Microsoft Windows 7 Home Premium  Service Pack 1
System drive C: has 147 GB (48%) free of 307 GB
Total RAM: 8103 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:28:43, on 10.12.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19178)
Boot mode: Normal

Running processes:
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Users\Semerak\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Semerak.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: cvvi.jse
O4 - Startup: speedfan – zástupce.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7360 bytes

======Scheduled tasks folder======

  

=========Mozilla firefox=========

ProfilePath - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default

prefs.js - "browser.search.useDBForOrder" -  true
prefs.js - "browser.startup.homepage" -  "http://www.novinky.cz/"
prefs.js - "extensions.enabledItems" -  "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, FasterFox_Lite@BigRedBrent:3.9Lite, {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.131 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\searchplugins\
bazocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-28 461888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-28 173120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"=C:\Program Files\TrueCrypt\TrueCrypt.exe [2011-10-24 1517520]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25 31682144]

C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
cvvi.jse
speedfan – zástupce.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FFDS"=C:\PROGRA~2\COMBIN~1\Filters\FFDShow\ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-12-10 07:28:29 ----D---- C:\Program Files (x86)\trend micro
2018-12-10 07:28:27 ----D---- C:\rsit
2018-11-15 03:01:41 ----SHD---- C:\Config.Msi
2018-11-14 07:56:57 ----A---- C:\Windows\SysWOW64\mshtml.dll
2018-11-14 07:56:55 ----A---- C:\Windows\SysWOW64\ieframe.dll
2018-11-14 07:56:53 ----A---- C:\Windows\SysWOW64\wininet.dll
2018-11-14 07:56:52 ----A---- C:\Windows\SysWOW64\tquery.dll
2018-11-14 07:56:52 ----A---- C:\Windows\SysWOW64\ole32.dll
2018-11-14 07:56:52 ----A---- C:\Windows\SysWOW64\mssrch.dll
2018-11-14 07:56:51 ----A---- C:\Windows\SysWOW64\vbscript.dll
2018-11-14 07:56:51 ----A---- C:\Windows\SysWOW64\SearchIndexer.exe
2018-11-14 07:56:51 ----A---- C:\Windows\SysWOW64\rpcrt4.dll
2018-11-14 07:56:51 ----A---- C:\Windows\SysWOW64\iertutil.dll
2018-11-14 07:56:50 ----A---- C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-11-14 07:56:50 ----A---- C:\Windows\SysWOW64\mssph.dll
2018-11-14 07:56:49 ----A---- C:\Windows\SysWOW64\SearchFilterHost.exe
2018-11-14 07:56:49 ----A---- C:\Windows\SysWOW64\scrobj.dll
2018-11-14 07:56:49 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2018-11-14 07:56:49 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2018-11-14 07:56:49 ----A---- C:\Windows\SysWOW64\ntdll.dll
2018-11-14 07:56:49 ----A---- C:\Windows\SysWOW64\mshtmlmedia.dll
2018-11-14 07:56:49 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SysWOW64\wshcon.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SysWOW64\wscript.exe
2018-11-14 07:56:48 ----A---- C:\Windows\SysWOW64\urlmon.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SysWOW64\scrrun.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SysWOW64\dispex.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SysWOW64\d3d10warp.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SysWOW64\cscript.exe
2018-11-14 07:56:48 ----A---- C:\Windows\SysWOW64\certcli.dll
2018-11-14 07:56:47 ----A---- C:\Windows\SysWOW64\kerberos.dll
2018-11-14 07:56:47 ----A---- C:\Windows\SysWOW64\advapi32.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\webcheck.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\wdigest.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\TSpkg.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\sspicli.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\srclient.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\schannel.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\setup16.exe
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\secur32.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\rpchttp.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\ncrypt.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\msv1_0.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\kernel32.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\jscript9.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\jscript.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\cryptbase.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\credssp.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\comcat.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\bcrypt.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\auditpol.exe
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\appidapi.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SysWOW64\apisetschema.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-11-14 07:56:45 ----A---- C:\Windows\SysWOW64\wow32.dll
2018-11-14 07:56:45 ----A---- C:\Windows\SysWOW64\mssvp.dll
2018-11-14 07:56:45 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\occache.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\msrating.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\jscript9diag.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\instnm.exe
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\ieui.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\dxtrans.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SysWOW64\dxtmsft.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\mssprxy.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\mssphtb.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\mssitlb.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\MshtmlDac.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\inseng.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\iesetup.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\ieetwproxystub.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SysWOW64\adtschema.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SysWOW64\user.exe
2018-11-14 07:56:42 ----A---- C:\Windows\SysWOW64\oleres.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SysWOW64\msshooks.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SysWOW64\msscntrs.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SysWOW64\msobjs.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SysWOW64\msaudite.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SysWOW64\iernonce.dll

======List of files/folders modified in the last 1 month======

2018-12-10 07:28:43 ----D---- C:\Windows\Prefetch
2018-12-10 07:28:41 ----D---- C:\Windows\Temp
2018-12-10 07:28:29 ----RD---- C:\Program Files (x86)
2018-12-10 06:47:14 ----D---- C:\Windows\System32
2018-12-10 06:47:14 ----D---- C:\Windows\inf
2018-12-10 04:39:12 ----D---- C:\Windows\Tasks
2018-12-09 09:52:38 ----SHD---- C:\System Volume Information
2018-11-21 06:05:25 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-11-21 06:05:21 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-15 05:26:44 ----D---- C:\Windows\rescache
2018-11-15 04:47:12 ----D---- C:\Users\Semerak\AppData\Roaming\Skype
2018-11-15 04:39:00 ----D---- C:\Windows\winsxs
2018-11-15 03:23:42 ----D---- C:\Windows\SysWOW64\migration
2018-11-15 03:23:42 ----D---- C:\Windows\SysWOW64\en-US
2018-11-15 03:23:42 ----D---- C:\Windows\SysWOW64\cs-CZ
2018-11-15 03:23:42 ----D---- C:\Windows\SysWOW64
2018-11-15 03:23:42 ----D---- C:\Program Files (x86)\Internet Explorer
2018-11-15 03:23:38 ----D---- C:\Windows\AppPatch
2018-11-15 03:05:22 ----SHD---- C:\Windows\Installer
2018-11-15 03:05:21 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 IfsMount;IfsMount; C:\Windows\system32\DRIVERS\ifsmount.sys []
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R0 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R1 Ext2fs;Ext2fs; C:\Windows\system32\DRIVERS\ext2fs.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys []
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys []
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys []
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys []
S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys []
S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys []
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys []
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys []
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-08-13 83984]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-26 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-26 125064]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V []
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-06-14 161472]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-01 272384]
S4 APC Data Service;APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
S4 APC UPS Service;APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-26 51320]
S4 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-01-29 279000]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-08-16 73728]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-11-21 216528]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 OKI OPHD DCS Loader;OKI OPHD DCS Loader; C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE [2011-10-23 20480]
S4 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-12-03 743688]

-----------------EOF-----------------

FRST

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by Semerak (administrator) on PRACOVNA2 (10-12-2018 07:40:43)
Running from C:\Users\Semerak\Downloads
Loaded Profiles: Semerak (Available Profiles: Semerak)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2011-10-24] (TrueCrypt Foundation)
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\MountPoints2: {6e3d0097-0dd5-11e1-ab27-f46d047b04f6} - K:\unlock.exe autoplay=true
Startup: C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvvi.jse [2018-12-10] ()
Startup: C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan – zástupce.lnk [2011-11-13]
ShortcutTarget: speedfan – zástupce.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{366927BE-BAB2-494B-86DD-2754BB1D4DDA}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-28] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-28] (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxp://195.28.70.134/kapor2/lib/mgaxctrl.cab

FireFox:
========
FF ProfilePath: C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default [2018-12-10]
FF Homepage: Mozilla\Firefox\Profiles\r1pxg21r.default -> hxxp://www.novinky.cz/
FF NetworkProxy: Mozilla\Firefox\Profiles\r1pxg21r.default -> no_proxies_on", "localhost,127.0.0.1"
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-05-12] [Legacy]
FF Extension: (Classic Theme Restorer) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2017-11-15] [Legacy]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\elemhidehelper@adblockplus.org.xpi [2017-04-12] [Legacy]
FF Extension: (Expire History By Days) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\expire-history-by-days@bonardo.net.xpi [2017-06-21]
FF Extension: (Tab Utilities) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\tabutils@ithinc.cn.xpi [2016-04-27] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-02]
FF Extension: (Vývojové sestavení Adblock Plus) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-03]
FF Extension: (Greasemonkey) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-08-29]
FF SearchPlugin: C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\searchplugins\bazocz.xml [2015-10-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-07-01] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-07-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
S4 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 OKI OPHD DCS Loader; C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE [20480 2011-10-23] (Oki Data Corporation) [File not signed]
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-11-12] (DT Soft Ltd)
R1 Ext2fs; C:\Windows\System32\DRIVERS\ext2fs.sys [364080 2015-12-26] (Stephan Schreiber)
R0 IfsMount; C:\Windows\System32\DRIVERS\ifsmount.sys [77360 2015-12-23] (Stephan Schreiber)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-10 07:37 - 2018-12-10 07:37 - 001362634 _____ C:\Users\Semerak\Downloads\FRST.zip
2018-12-10 07:35 - 2018-12-10 07:40 - 000041007 _____ C:\Users\Semerak\Downloads\Addition.txt
2018-12-10 07:31 - 2018-12-10 07:40 - 000011676 _____ C:\Users\Semerak\Downloads\FRST.txt
2018-12-10 07:30 - 2018-12-10 07:40 - 000000000 ____D C:\FRST
2018-12-10 07:30 - 2018-12-10 07:30 - 002417152 _____ (Farbar) C:\Users\Semerak\Downloads\FRST64.exe
2018-12-10 07:29 - 2018-12-10 07:29 - 001776640 _____ (Farbar) C:\Users\Semerak\Downloads\FRST.exe
2018-12-10 07:28 - 2018-12-10 07:35 - 000000000 ____D C:\rsit
2018-12-10 07:28 - 2018-12-10 07:28 - 000000000 ____D C:\Program Files (x86)\trend micro
2018-12-10 07:27 - 2018-12-10 07:27 - 001107968 _____ C:\Users\Semerak\Downloads\RSIT.exe
2018-12-10 07:24 - 2018-12-10 07:24 - 000000111 _____ C:\Users\Semerak\Desktop\ff_sync.rar
2018-12-10 07:16 - 2018-12-10 07:16 - 000000016 _____ C:\Users\Semerak\Desktop\ff_sync
2018-12-10 07:13 - 2018-12-10 07:39 - 813895779 _____ C:\Users\Semerak\Documents\Documents.rar
2018-12-10 07:11 - 2018-12-10 07:11 - 006939092 _____ C:\Users\Semerak\Documents\Faktury sro 2018.rar
2018-12-10 06:44 - 2018-12-10 05:56 - 002544880 _____ C:\Users\Semerak\Desktop\Účty 2000+.xlsx
2018-12-08 08:45 - 2018-12-08 08:45 - 000000000 ____D C:\Users\Semerak\Desktop\fotky prodej stromků
2018-11-28 19:01 - 2018-11-28 19:01 - 000249310 _____ C:\Users\Semerak\Desktop\ukončení mfdnes_.pdf
2018-11-14 07:56 - 2018-11-11 02:29 - 005551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-14 07:56 - 2018-11-11 02:28 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-11-14 07:56 - 2018-11-11 02:28 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-11-14 07:56 - 2018-11-11 02:28 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-11-14 07:56 - 2018-11-11 02:28 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-11-14 07:56 - 2018-11-11 02:27 - 001664352 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-11-14 07:56 - 2018-11-11 02:27 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-11-14 07:56 - 2018-11-11 02:26 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-11-14 07:56 - 2018-11-11 02:26 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-11-14 07:56 - 2018-11-11 02:25 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:14 - 004054248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-11-14 07:56 - 2018-11-11 02:14 - 003960040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-11-14 07:56 - 2018-11-11 02:12 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-11-14 07:56 - 2018-11-11 02:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-11-14 07:56 - 2018-11-11 02:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 02:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 01:53 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-11-14 07:56 - 2018-11-11 01:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-11-14 07:56 - 2018-11-11 01:53 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-11-14 07:56 - 2018-11-11 01:52 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-11-14 07:56 - 2018-11-11 01:48 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-11-14 07:56 - 2018-11-11 01:48 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-11-14 07:56 - 2018-11-11 01:47 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-11-14 07:56 - 2018-11-11 01:47 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-11-14 07:56 - 2018-11-11 01:45 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-11-14 07:56 - 2018-11-11 01:44 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-11-14 07:56 - 2018-11-11 01:44 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-11-14 07:56 - 2018-11-11 01:44 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-11-14 07:56 - 2018-11-11 01:43 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-11-14 07:56 - 2018-11-11 01:43 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-11-14 07:56 - 2018-11-11 01:43 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-11-14 07:56 - 2018-11-11 01:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-11-14 07:56 - 2018-11-11 01:43 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-11-14 07:56 - 2018-11-11 01:43 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-11-14 07:56 - 2018-11-11 01:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-11-14 07:56 - 2018-11-11 01:41 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-11-14 07:56 - 2018-11-11 01:41 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-11-14 07:56 - 2018-11-11 01:41 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-11-14 07:56 - 2018-11-11 01:40 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-11-14 07:56 - 2018-11-11 01:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 01:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 01:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-11-14 07:56 - 2018-11-11 01:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-11-14 07:56 - 2018-10-27 04:42 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2018-11-14 07:56 - 2018-10-27 04:42 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-14 07:56 - 2018-10-27 04:42 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2018-11-14 07:56 - 2018-10-27 04:42 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2018-11-14 07:56 - 2018-10-27 04:41 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll
2018-11-14 07:56 - 2018-10-27 04:27 - 000173568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2018-11-14 07:56 - 2018-10-27 04:27 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-11-14 07:56 - 2018-10-27 04:27 - 000121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2018-11-14 07:56 - 2018-10-27 04:11 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2018-11-14 07:56 - 2018-10-27 04:11 - 000156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2018-11-14 07:56 - 2018-10-27 04:05 - 003227648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-11-14 07:56 - 2018-10-27 04:04 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2018-11-14 07:56 - 2018-10-27 04:04 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2018-11-14 07:56 - 2018-10-27 04:04 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2018-11-14 07:56 - 2018-10-27 04:04 - 000015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dispex.dll
2018-11-14 07:56 - 2018-10-18 20:49 - 000396888 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-11-14 07:56 - 2018-10-18 19:51 - 000348760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-11-14 07:56 - 2018-10-18 03:48 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-14 07:56 - 2018-10-18 03:17 - 020281344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-14 07:56 - 2018-10-12 21:36 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-11-14 07:56 - 2018-10-12 21:26 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-14 07:56 - 2018-10-12 21:25 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-11-14 07:56 - 2018-10-12 21:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-11-14 07:56 - 2018-10-12 21:25 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-11-14 07:56 - 2018-10-12 21:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-11-14 07:56 - 2018-10-12 21:22 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-11-14 07:56 - 2018-10-12 21:20 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-11-14 07:56 - 2018-10-12 21:20 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-11-14 07:56 - 2018-10-12 21:18 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-11-14 07:56 - 2018-10-12 21:17 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-11-14 07:56 - 2018-10-12 21:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-11-14 07:56 - 2018-10-12 21:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-11-14 07:56 - 2018-10-12 21:11 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-11-14 07:56 - 2018-10-12 21:07 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-11-14 07:56 - 2018-10-12 21:07 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-11-14 07:56 - 2018-10-12 21:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-11-14 07:56 - 2018-10-12 21:05 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-11-14 07:56 - 2018-10-12 21:04 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-11-14 07:56 - 2018-10-12 21:03 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-14 07:56 - 2018-10-12 21:03 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-11-14 07:56 - 2018-10-12 21:02 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-11-14 07:56 - 2018-10-12 20:59 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-11-14 07:56 - 2018-10-12 20:57 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-11-14 07:56 - 2018-10-12 20:56 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-11-14 07:56 - 2018-10-12 20:55 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-11-14 07:56 - 2018-10-12 20:55 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-11-14 07:56 - 2018-10-12 20:42 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-11-14 07:56 - 2018-10-12 20:38 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-11-14 07:56 - 2018-10-12 20:36 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-11-14 07:56 - 2018-10-12 03:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-11-14 07:56 - 2018-10-12 03:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-11-14 07:56 - 2018-10-12 03:12 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-11-14 07:56 - 2018-10-12 03:11 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-11-14 07:56 - 2018-10-12 03:10 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-14 07:56 - 2018-10-12 03:10 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-11-14 07:56 - 2018-10-12 03:10 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-11-14 07:56 - 2018-10-12 03:10 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-11-14 07:56 - 2018-10-12 03:04 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-11-14 07:56 - 2018-10-12 03:03 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-11-14 07:56 - 2018-10-12 03:01 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-11-14 07:56 - 2018-10-12 03:00 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-11-14 07:56 - 2018-10-12 03:00 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-11-14 07:56 - 2018-10-12 02:59 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-14 07:56 - 2018-10-12 02:59 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-11-14 07:56 - 2018-10-12 02:59 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-11-14 07:56 - 2018-10-12 02:54 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-11-14 07:56 - 2018-10-12 02:51 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-11-14 07:56 - 2018-10-12 02:46 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-11-14 07:56 - 2018-10-12 02:45 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-11-14 07:56 - 2018-10-12 02:44 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-11-14 07:56 - 2018-10-12 02:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-11-14 07:56 - 2018-10-12 02:42 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-11-14 07:56 - 2018-10-12 02:40 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-11-14 07:56 - 2018-10-12 02:38 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-11-14 07:56 - 2018-10-12 02:30 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-11-14 07:56 - 2018-10-12 02:27 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-11-14 07:56 - 2018-10-12 02:27 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-11-14 07:56 - 2018-10-12 02:26 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-11-14 07:56 - 2018-10-12 02:26 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-11-14 07:56 - 2018-10-12 02:25 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-11-14 07:56 - 2018-10-12 02:19 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-11-14 07:56 - 2018-10-12 02:06 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-11-14 07:56 - 2018-10-12 01:55 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-11-14 07:56 - 2018-10-06 17:02 - 000366824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-14 07:56 - 2018-10-06 14:42 - 001988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-11-14 07:56 - 2018-10-06 14:05 - 002565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-11-14 07:56 - 2018-09-23 03:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-11-14 07:56 - 2018-09-23 03:54 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-11-14 07:56 - 2018-09-23 03:54 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-11-14 07:56 - 2018-09-23 03:54 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-11-14 07:56 - 2018-09-23 03:54 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2018-11-14 07:56 - 2018-09-23 03:54 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2018-11-14 07:56 - 2018-09-23 03:54 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-11-14 07:56 - 2018-09-23 03:54 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-11-14 07:56 - 2018-09-23 03:54 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2018-11-14 07:56 - 2018-09-23 03:37 - 001549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-11-14 07:56 - 2018-09-23 03:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-11-14 07:56 - 2018-09-23 03:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-11-14 07:56 - 2018-09-23 03:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-11-14 07:56 - 2018-09-23 03:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2018-11-14 07:56 - 2018-09-23 03:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2018-11-14 07:56 - 2018-09-23 03:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2018-11-14 07:56 - 2018-09-23 03:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2018-11-14 07:56 - 2018-09-23 03:34 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-11-14 07:56 - 2018-09-23 03:34 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-11-14 07:56 - 2018-09-23 03:33 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-11-14 07:56 - 2018-09-23 03:22 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-11-14 07:56 - 2018-09-23 03:22 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-11-14 07:56 - 2018-09-23 03:21 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2018-11-14 07:56 - 2018-09-23 03:21 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2018-11-14 07:56 - 2018-08-28 04:48 - 000419608 _____ C:\Windows\SysWOW64\locale.nls
2018-11-14 07:56 - 2018-08-28 04:48 - 000419608 _____ C:\Windows\system32\locale.nls
2018-11-13 15:04 - 2018-11-13 15:04 - 000009918 _____ C:\Users\Semerak\Desktop\MojeBanka.htm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-10 07:39 - 2011-11-13 12:40 - 000000000 ____D C:\Users\Semerak\Documents\Soubory aplikace Outlook
2018-12-10 06:49 - 2016-11-19 17:52 - 000000000 ____D C:\Users\Semerak\AppData\LocalLow\Mozilla
2018-12-10 06:47 - 2011-04-12 09:34 - 000672136 _____ C:\Windows\system32\perfh005.dat
2018-12-10 06:47 - 2011-04-12 09:34 - 000142732 _____ C:\Windows\system32\perfc005.dat
2018-12-10 06:47 - 2009-07-14 06:13 - 001593214 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-10 06:47 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-12-10 06:01 - 2011-11-13 13:02 - 000000000 ____D C:\Users\Semerak\Documents\Vánoční stromky
2018-12-10 05:56 - 2011-11-13 13:01 - 000000000 ____D C:\Users\Semerak\Documents\Jirka
2018-12-10 04:44 - 2009-07-14 05:45 - 000029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-10 04:44 - 2009-07-14 05:45 - 000029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-27 02:33 - 2010-11-21 04:27 - 000592416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-11-25 17:48 - 2018-03-24 08:05 - 000000000 ____D C:\Users\Semerak\Documents\Faktury sro 2018
2018-11-25 17:30 - 2011-11-13 13:00 - 000000000 ____D C:\Users\Semerak\Documents\Faktury sro 2006
2018-11-21 06:28 - 2011-11-13 13:02 - 000000000 ____D C:\Users\Semerak\Documents\vzory
2018-11-21 06:05 - 2016-11-18 07:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-21 06:05 - 2012-05-02 13:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-15 05:26 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2018-11-15 04:47 - 2017-05-30 18:28 - 000000000 ____D C:\Users\Semerak\AppData\Roaming\Skype
2018-11-15 04:38 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-15 04:38 - 2009-07-14 05:45 - 000342928 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-15 03:07 - 2013-08-05 02:03 - 000000000 ____D C:\Windows\system32\MRT
2018-11-15 03:05 - 2011-11-01 19:33 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-11-14 22:55 - 2015-04-26 08:48 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-14 05:12 - 2009-07-14 06:08 - 000032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\en_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\es_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000021880 _____ (Schneider Electric) C:\Users\Semerak\fr_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000021880 _____ (Schneider Electric) C:\Users\Semerak\grm_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\it_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000020344 _____ (Schneider Electric) C:\Users\Semerak\jp_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 001079808 _____ (Microsoft Corporation) C:\Users\Semerak\mfc80u.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000626688 _____ (Microsoft Corporation) C:\Users\Semerak\msvcr80.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 013923704 _____ (Schneider Electric) C:\Users\Semerak\PCPE Setup.exe
2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\pt_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000018808 _____ () C:\Users\Semerak\ResourceReader.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000020856 _____ (Schneider Electric) C:\Users\Semerak\ru_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000019832 _____ (Schneider Electric) C:\Users\Semerak\zh_res.dll
2011-11-17 16:38 - 2017-06-26 14:06 - 000033792 _____ () C:\Users\Semerak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-25 18:10 - 2016-12-25 19:32 - 000000600 _____ () C:\Users\Semerak\AppData\Local\PUTTY.RND
2017-05-20 09:42 - 2017-05-20 09:42 - 000000848 _____ () C:\Users\Semerak\AppData\Local\recently-used.xbel
2012-08-17 15:21 - 2014-07-10 20:11 - 000007611 _____ () C:\Users\Semerak\AppData\Local\resmon.resmoncfg
2013-02-01 09:58 - 2013-02-01 09:58 - 000000003 _____ () C:\Users\Semerak\AppData\Local\updater.log
2013-02-01 09:58 - 2014-12-17 13:19 - 000000425 _____ () C:\Users\Semerak\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2017-03-23 10:52 - 2017-03-23 10:53 - 002612600 _____ (Microsoft Corporation) C:\Users\Semerak\AppData\Local\Temp\DefaultPack.EXE
2017-08-22 12:52 - 2017-08-22 12:52 - 092985049 _____ () C:\Users\Semerak\AppData\Local\Temp\KCT-Pitztalske-alpy-m.exe
2017-03-23 20:09 - 2017-03-23 20:10 - 038086544 _____ (PandoraTV) C:\Users\Semerak\AppData\Local\Temp\KMP_4.1.5.8.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-04 00:36

==================== End of FRST.txt ============================

Addition

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by Semerak (10-12-2018 07:41:00)
Running from C:\Users\Semerak\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-10-23 16:49:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3730243165-907656754-2530024790-500 - Administrator - Disabled)
Guest (S-1-5-21-3730243165-907656754-2530024790-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3730243165-907656754-2530024790-1002 - Limited - Enabled)
Semerak (S-1-5-21-3730243165-907656754-2530024790-1000 - Administrator - Enabled) => C:\Users\Semerak

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
AIMP2 (HKLM-x32\...\AIMP2) (Version:  - AIMP DevTeam)
ArcSoft MediaImpression 2 (HKLM-x32\...\{FB46F473-333E-4A06-A777-31C54188593E}) (Version: 2.0.14.672 - ArcSoft)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.27 - ArcSoft)
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5 (HKLM-x32\...\{E031338C-839D-4EDD-9537-99B653C39D81}) (Version: 6.5.5.24 - Autodesk, Inc.)
Balíček ovladače systému Windows - Hewlett-Packard Image  (12/28/2006 8.0.0.0) (HKLM\...\4C806F98217A7FD4E853F458FF399F052625F21C) (Version: 12/28/2006 8.0.0.0 - Hewlett-Packard)
Balíček ovladače systému Windows - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Bullzip PDF Printer 10.12.0.2361 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.12.0.2361 - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Combined Community Codec Pack 2011-07-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{FE5ED0AC-BCC8-482A-8B08-AA11D5F00152}) (Version: 2.40.0002 - SEIKO EPSON CORPORATION)
EPSON Perfection V33/V330 Manuál (HKLM-x32\...\EPSON Perfection V33_V330 Manual) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Ext2 IFS 1.12 for Windows 7/Server 2008 R2 (HKLM\...\Ext2Ifs_for_NT601) (Version:  - )
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.19.8 - Androxyde)
FreeFileSync 8.0 (HKLM-x32\...\FreeFileSync_is1) (Version: 8.0 - www.FreeFileSync.org)
Gaming Mouse (HKLM-x32\...\KYE) (Version: 8.01.00 - KYE Systems Corp.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Git version 2.6.4 (HKLM\...\Git_is1) (Version: 2.6.4 - The Git Development Community)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® SDK for OpenCL™ Applications 2015 for Windows* (HKLM\...\{646CF4A9-51D2-4F38-B2C6-E7B2E3BD496E}) (Version: 5.3.0.713 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JetAudio 8.0.1.110 Plus XCV Edition (HKLM-x32\...\JetAudio) (Version: 8.0.1.110 Plus - )
jetAudio Plus VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
LG CyberLink LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3109 - CyberLink Corp.) Hidden
LG CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3109 - CyberLink Corp.)
LG CyberLink Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.4009 - CyberLink Corp.) Hidden
LG CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.4009 - CyberLink Corp.)
LG CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.5529 - CyberLink Corp.)
LG CyberLink YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304a - CyberLink Corp.) Hidden
LG CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304a - CyberLink Corp.)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 9.01.1124.01 - )
LG Power Tools (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3316 - CyberLink Corp.) Hidden
LG Power Tools (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3316 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
Luminance HDR 2.4.0 (HKLM-x32\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version:  - Luminance HDR Dev Team)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (čeština) (HKLM-x32\...\{E249803A-BD5B-4FDC-A630-976C2971F5B4}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (čeština) (HKLM-x32\...\{25C7677B-0398-46A3-A0EE-7B393D20FA30}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Modul pro žadatele (HKLM-x32\...\{61729396-388E-4F09-A7E9-87C0EBC85A05}) (Version: 1.0.7 - MZe)
Mozilla Firefox 63.0.3 (x64 cs) (HKLM\...\Mozilla Firefox 63.0.3 (x64 cs)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
Mp3tag v2.89a (HKLM-x32\...\Mp3tag) (Version: 2.89a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{D18925CE-5AF9-4394-8EF7-1081FFE7E98B}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Raw Codec (HKLM\...\{0136EF84-8660-4FE0-A9E5-F052F6230085}) (Version: 1.3.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 3 (HKLM-x32\...\{BC12793B-1F89-4950-BB6C-63467B76B2D9}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
PostSignumToolPlus (HKLM-x32\...\PostSignumToolPlus) (Version: 2.2.1.0 - Česká pošta s.p.)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
QIP 2012 4.0.6715 (HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\QIP 2012) (Version: 4.0.6715 - )
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Roslyn Language Services - x86 (HKLM-x32\...\{7E0DDE7A-9EC6-3672-AC92-08DA2C292DB7}) (Version: 14.0.24723 - Microsoft Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Secure Download Manager (HKLM-x32\...\{7682DFED-23C6-44C9-B9FD-109E0B630277}) (Version: 3.1.10 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version:  - )
TortoiseGit 1.8.16.0 (64 bit) (HKLM\...\{A329FEBC-4132-4B07-8085-88E03A8C0C9B}) (Version: 1.8.16.0 - TortoiseGit)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ContextMenuHandlers1-x32: [AIMPClassic] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP2\System\aimp_shell.dll [2009-03-06] (AIMP DevTeam)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-07-12] (Florian Heidenreich)
ContextMenuHandlers1-x32: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2015-11-01] (hxxps://tortoisegit.org/)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-28] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-07-12] (Florian Heidenreich)
ContextMenuHandlers2: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2015-11-01] (hxxps://tortoisegit.org/)
ContextMenuHandlers3: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => K:\JetAudio\install\JetFlExt64.dll -> No File
ContextMenuHandlers4-x32: [AIMPClassic] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP2\System\aimp_shell.dll [2009-03-06] (AIMP DevTeam)
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-07-12] (Florian Heidenreich)
ContextMenuHandlers4-x32: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)
ContextMenuHandlers4-x32: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2015-11-01] (hxxps://tortoisegit.org/)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-28] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-29] (Intel Corporation)
ContextMenuHandlers5: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2015-11-01] (hxxps://tortoisegit.org/)
ContextMenuHandlers6: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => K:\JetAudio\install\JetFlExt64.dll -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)
ContextMenuHandlers6: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2015-11-01] (hxxps://tortoisegit.org/)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-28] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1064FD5A-A433-4636-9C1F-D8F3E49A9A1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {18EFA45B-788D-4190-9AEE-6353BA3F3CAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5F5EDCDA-CB06-4908-8DE2-AF2C6978A47B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {60D9EB5B-3B0B-47B9-8859-6FC165F3B79C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {69AE4259-2B91-4732-AF10-8CEE38619511} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {89556DB1-948B-49AF-9A49-42A95BFE52FD} - System32\Tasks\{2F5BF6EE-F33C-423C-B09F-5967563D1162} => C:\Windows\system32\pcalua.exe -a C:\Users\Semerak\Downloads\irfanview_plugins_430_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {AE8C57E4-0B80-4545-A030-70C804B7FAE3} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {C669E260-17B3-4853-8577-339E2522CC39} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {C7CDFFBF-F784-4BB7-9404-736CD389B8B1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D249D029-BEC8-48C7-A99F-BF52E38EF642} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D6E568D3-945D-4B19-867A-62037BB1AFC4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {EE442941-F0E4-4889-8E4B-F75E7FDB2E9E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F4FE51B1-55F6-4E55-B364-C99377A6DABB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F5585C7C-7C9B-4423-A8A0-FC41A36A2016} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-01] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-11-01 21:45 - 2015-11-01 21:45 - 000934328 _____ () C:\Program Files\TortoiseGit\bin\libgit2_tgit.dll
2015-11-01 21:46 - 2015-11-01 21:46 - 000087480 _____ () C:\Program Files\TortoiseGit\bin\zlib1_tgit.dll
2011-11-12 23:00 - 2011-05-28 22:05 - 000164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-08-31 18:13 - 2011-08-31 18:13 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-11-01 21:43 - 2015-11-01 21:43 - 000694720 _____ () C:\Program Files\TortoiseGit\bin\libgit232_tgit.dll
2015-11-01 21:43 - 2015-11-01 21:43 - 000076728 _____ () C:\Program Files\TortoiseGit\bin\zlib132_tgit.dll
2018-10-17 19:59 - 2018-10-17 19:59 - 004310296 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\mojebanka.cz -> hxxps://etrading.mojebanka.cz
IE trusted site: HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\postsignum.cz -> hxxps://www.postsignum.cz

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-13 22:05 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3730243165-907656754-2530024790-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APC Data Service => 2
MSCONFIG\Services: APC UPS Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: OKI OPHD DCS Loader => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: uvnc_service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk => C:\Windows\pss\APC UPS Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Semerak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lightshot.lnk => C:\Windows\pss\Lightshot.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Semerak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk => C:\Windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk.Startup
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: Display => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: Infium => "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Lightshot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
MSCONFIG\startupreg: mouseElf => C:\PROGRA~2\GAMING~1\MouseElf.EXE
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: OV3_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{883CF05C-3E93-4F1E-9DAE-762E93A8D252}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{0A4672D2-E35B-44E4-8EDC-19C57F723EA9}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{6DAE39AD-034B-420C-813F-BF863992E08B}C:\program files (x86)\qip 2012\qip.exe] => (Allow) C:\program files (x86)\qip 2012\qip.exe
FirewallRules: [UDP Query User{BAD0A031-C62F-4994-85BF-5A404658293C}C:\program files (x86)\qip 2012\qip.exe] => (Allow) C:\program files (x86)\qip 2012\qip.exe
FirewallRules: [TCP Query User{5F65C521-73BB-467D-BB12-34898D54F96E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{1C579A4B-B4A2-47D8-8F0D-F7FEC7DC770D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{BC812D18-D5D6-40D0-A0E1-CFA096FC7FAC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C54D8FBC-C2F5-4F39-B3F0-069B4954723C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{3D4A6AB6-C28C-4610-91E2-A3ED180D68EB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{55DAFA08-8FB1-4304-8DD0-FA1B490A6C0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{81CE29B8-0A7C-494F-A6DD-0FA8993B207E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B174085B-6EDD-4EC9-8F11-42A1D748BFE2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E11DCADE-3135-4542-AA6F-D929E28A1F15}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A7E6BC29-D401-4C8E-AFAE-6C0A543329E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{05904F70-F28A-4212-8157-E76D993D89DB}C:\program files (x86)\intel\opencl sdk\5.3\bin\x86\kbserver_ivb32.exe] => (Allow) C:\program files (x86)\intel\opencl sdk\5.3\bin\x86\kbserver_ivb32.exe
FirewallRules: [UDP Query User{B64064EC-CDB4-4652-A1F1-C0FF396F5F3B}C:\program files (x86)\intel\opencl sdk\5.3\bin\x86\kbserver_ivb32.exe] => (Allow) C:\program files (x86)\intel\opencl sdk\5.3\bin\x86\kbserver_ivb32.exe
FirewallRules: [{9F24033D-8DA8-4573-8C00-AC2E93338C70}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Restore Points =========================

28-11-2018 00:20:36 Windows Update
01-12-2018 05:29:49 Windows Update
04-12-2018 16:21:32 Windows Update
08-12-2018 06:45:22 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2018 04:38:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/14/2018 05:13:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/08/2018 07:59:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/01/2018 02:55:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/29/2018 04:20:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/10/2018 06:24:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/07/2018 05:22:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/22/2018 01:16:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (12/10/2018 05:55:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR2.

Error: (12/10/2018 05:55:51 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR2.

Error: (12/10/2018 05:55:50 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR2.

Error: (12/10/2018 05:55:50 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR2.

Error: (11/08/2018 07:56:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {995C996E-D918-4A8C-A302-45719A6F4EA7} se v daném časovém limitu neregistroval u služby DCOM.

Error: (11/08/2018 07:55:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {F9717507-6651-4EDB-BFF7-AE615179BCCF} se v daném časovém limitu neregistroval u služby DCOM.

Error: (11/01/2018 02:52:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {995C996E-D918-4A8C-A302-45719A6F4EA7} se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/29/2018 04:19:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (22:37:49, ‎28.‎10.‎2018) bylo neočekávané.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 54%
Total physical RAM: 8103.21 MB
Available physical RAM: 3682.08 MB
Total Virtual: 16204.57 MB
Available Virtual: 11654.8 MB

==================== Drives ================================

Drive c: (Systémový a pracovní disk) (Fixed) (Total:300 GB) (Free:138.36 GB) NTFS
Drive d: (Data) (Fixed) (Total:631.41 GB) (Free:535.26 GB) NTFS
Drive m: () (Removable) (Total:29.44 GB) (Free:7.33 GB) NTFS

\\?\Volume{2ac4f1bb-fd8e-11e0-8b78-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C099E35C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=300 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=631.4 GB) - (Type=0F Extended)

========================================================
Disk: 1 (Protective MBR) (Size: 29.4 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

[Rudy]

Zdravím! Soubory, pokud jsou ještě použitelné zazálohujte. Dále:
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[Fjup]

Dobrý večer,

děkuji za radu, log je na konci postu . Přišlo mi, že nic moc nenašel... Zde je onen archiv na virustotal:
archiv: https://www.virustotal.com/#/file/50624 ... /detection
rozbalený: https://www.virustotal.com/#/file/3c669 ... /detection

Malwarebytes ho podle virustotalu nedetekují... Jinak data jsem komplet zazálohoval a odpojil externí disk od PC. Data na flash disku z rána zůstala zašifrovaná, ale nešlo o nic důležitého. Pokud jsem tam znovu nakopíroval testovací soubory, již nebyly znovu zašifrovány (zatím). Ve windows defenderu je potom kupa detekcí jak předtím vyskakovala hláška o aktivitě viru. Teď už ale nepřibývají.

Edit: v noci se soubory na flash disku zašifrovaly...
Edit2: jen pro doplnění screenshot z defenderu http://prntscr.com/lt8ut8

Kód: Vybrat vše

# -------------------------------
# Malwarebytes AdwCleaner 7.2.5.0
# -------------------------------
# Build:    11-26-2018
# Database: 2018-12-07.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-10-2018
# Duration: 00:00:02
# OS:       Windows 7 Home Premium
# Cleaned:  2
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\Semerak\AppData\Local\slimware utilities inc

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\SlimWare Utilities Inc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1359 octets] - [10/12/2018 20:58:49]
AdwCleaner[S01].txt - [1420 octets] - [10/12/2018 21:00:46]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

[Rudy]

OK. Dejte nový log RSIT.

[Fjup]

Kód: Vybrat vše

Logfile of random's system information tool 1.10 (written by random/random)

Run by Semerak at 2018-12-11 12:22:14

Microsoft Windows 7 Home Premium  Service Pack 1

System drive C: has 161 GB (52%) free of 307 GB

Total RAM: 8103 MB (44% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:22:16, on 11.12.2018

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.19178)

Boot mode: Normal

 

Running processes:

C:\Program Files\TrueCrypt\TrueCrypt.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe

C:\Windows\twain_32\escndv\escndv.exe

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

C:\Program Files\trend micro\Semerak.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll

O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon

O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: cvvi.jse

O4 - Startup: speedfan – zástupce.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe

O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 7284 bytes

 

======Listing Processes======

 

 

 

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3


ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3


ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

"C:\Program Files\Microsoft Security Client\MsMpEng.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

C:\Windows\System32\svchost.exe -k utcsvc

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

"taskhost.exe"

"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"

"C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe"

"C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files\Microsoft Security Client\NisSrv.exe"

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s

"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"C:\Windows\System32\igfxtray.exe"

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon

"C:\Windows\System32\WScript.exe" "C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvvi.jse"

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-2615db04-2a53-4e7d-981e-312c7dcad84c -SystemEventPortName:HostProcess-


2a805b8a-77de-4d4c-b8b8-37f26af942a3 -IoCancelEventPortName:HostProcess-b5aa7dae-2e80-4f7f-b7e5-d9e439c0c821 -NonStateChangingEventPortName:HostProcess-72c33865-0a4e-48b2-98fe-3ae537746704


-ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:7fda0f13-d233-4cbb-829a-07ad4b0af701 -DeviceGroupId:WpdFsGroup

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "http://link.mailforce.cz/Link.ashx?


aid=27063933&soid=54294&lid=&dest=aHR0cHM6Ly93d3cuZGF0YXJ0LmN6L25vdmlua3kvc2x1emJ5LW5pZ2h0c2hvcHBpbmcuaHRtbD91dG1fc291cmNlPW5ld3NsZXR0ZXImdXRtX21lZGl1bT1lbWFpbCZ1dG1fY29udGVudD1jb3Zlci1uaWd


odHNob3BwaW5nJnV0bV9jYW1wYWlnbj1kbWRjejIwMTgtMTItMTAtbmlnaHRzaG9wcGluZy0tLTFhMmEzJmthbXBhbj0xODE0&h=3c7fc459335c62c44f82b137133dd853&mid=aa116208-db7c-49fd-8dab-ee805c0579082@mailforce.cz"

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.0.482250935\434755307" -parentBuildID 20181114214635 -greomni "C:\Program Files (x86)\Mozilla Firefox


\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - "C:\Users\Semerak\AppData\LocalLow\Mozilla\Temp-


{ad80293a-9f52-4bc6-9aa2-50d8f8169e25}" 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 1076 gpu

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.3.1796713678\393952761" -childID 1 -isForBrowser -prefsHandle 1940 -prefMapHandle 1936 -prefsLen 1 -


prefMapSize 216962 -schedulerPrefs 0001,2 -parentBuildID 20181114214635 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser


\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 1960 tab

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.20.1707211908\1101347972" -childID 3 -isForBrowser -prefsHandle 2800 -prefMapHandle 2476 -prefsLen 83 -


prefMapSize 216962 -schedulerPrefs 0001,2 -parentBuildID 20181114214635 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser


\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 2696 tab

"C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe"

"C:\Windows\system32\mspaint.exe"

"C:\Windows\twain_32\escndv\escndv.exe"

C:\Windows\System32\wiawow64.exe -Embedding

"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.34.1541005560\2020174628" -childID 5 -isForBrowser -prefsHandle 7132 -prefMapHandle 3336 -prefsLen 5760 -


prefMapSize 216962 -schedulerPrefs 0001,2 -parentBuildID 20181114214635 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser


\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 2448 tab

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.55.1041155706\1296348126" -childID 8 -isForBrowser -prefsHandle 2700 -prefMapHandle 7112 -prefsLen 5761 -


prefMapSize 216962 -schedulerPrefs 0001,2 -parentBuildID 20181114214635 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser


\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 7760 tab

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4280.62.727119542\1732425588" -childID 9 -isForBrowser -prefsHandle 7244 -prefMapHandle 7160 -prefsLen 5761 -


prefMapSize 216962 -schedulerPrefs 0001,2 -parentBuildID 20181114214635 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser


\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 4280 "\\.\pipe\gecko-crash-server-pipe.4280" 7016 tab

C:\Windows\splwow64.exe 8192

"C:\Users\Semerak\Desktop\RSITx64.exe"

 

======Scheduled tasks folder======

=========Mozilla firefox=========

 

ProfilePath - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default

 

prefs.js - "browser.search.useDBForOrder" -  true

prefs.js - "browser.startup.homepage" -  "http://www.novinky.cz/"

prefs.js - "extensions.enabledItems" -  "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, FasterFox_Lite@BigRedBrent:3.9Lite, {097d3191-e6fa-


4728-9826-b533d755359d}:0.7.12, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {888d99e7-e8b5-


46a3-851e-1ec45da1e644}:4.0.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2,


{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6, {CAFEEFAC-0016-0000-0029-


ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 26.0.0.131 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 26.0.0.131 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

 

 

C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\searchplugins\

bazocz.xml

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-28 461888]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-28 173120]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-19 11613288]

"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14 1353680]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2014-01-29 171992]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2014-01-29 399832]

"Persistence"=C:\Windows\system32\igfxpers.exe [2014-01-29 442328]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"TrueCrypt"=C:\Program Files\TrueCrypt\TrueCrypt.exe [2011-10-24 1517520]

"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25 31682144]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Display]

C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [2012-01-24 284024]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2009-12-17 976832]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]

C:\Program Files (x86)\QIP 2012\qip.exe [2011-10-26 7110096]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-08-16 2736128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lightshot]

C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [2014-11-18 226560]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mouseElf]

C:\PROGRA~2\GAMING~1\MouseElf.EXE [2005-12-16 475228]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OV3_Monitor]

C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe [2014-09-09 420208]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-05-20 595992]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-02-17 218408]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]

C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk]

C:\PROGRA~2\APC\POWERC~1\Display.exe [2012-01-24 271736]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Semerak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lightshot.lnk]

C:\PROGRA~2\SKILLB~1\LIGHTS~1\LIGHTS~1.EXE [2014-11-18 226560]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Semerak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění


aplikace OneNote 2010.lnk]

C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE [2015-10-13 228552]

 

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

""= []

 

C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

cvvi.jse

speedfan – zástupce.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2014-01-29 442880]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"SoftwareSASGeneration"=1

"EnableLinkedConnections"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

 

======List of files/folders created in the last 1 month======

 

2018-12-11 12:22:14 ----D---- C:\Program Files\trend micro

2018-12-10 20:58:30 ----D---- C:\AdwCleaner

2018-12-10 07:30:48 ----D---- C:\FRST

2018-12-10 07:28:29 ----D---- C:\Program Files (x86)\trend micro

2018-12-10 07:28:27 ----D---- C:\rsit

2018-11-15 03:01:41 ----SHD---- C:\Config.Msi

2018-11-14 07:56:58 ----A---- C:\Windows\system32\mshtml.dll

2018-11-14 07:56:57 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2018-11-14 07:56:55 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2018-11-14 07:56:55 ----A---- C:\Windows\system32\ieframe.dll

2018-11-14 07:56:53 ----A---- C:\Windows\SYSWOW64\wininet.dll

2018-11-14 07:56:53 ----A---- C:\Windows\system32\wininet.dll

2018-11-14 07:56:52 ----A---- C:\Windows\SYSWOW64\tquery.dll

2018-11-14 07:56:52 ----A---- C:\Windows\SYSWOW64\ole32.dll

2018-11-14 07:56:52 ----A---- C:\Windows\SYSWOW64\mssrch.dll

2018-11-14 07:56:52 ----A---- C:\Windows\system32\win32k.sys

2018-11-14 07:56:52 ----A---- C:\Windows\system32\tquery.dll

2018-11-14 07:56:52 ----A---- C:\Windows\system32\ole32.dll

2018-11-14 07:56:52 ----A---- C:\Windows\system32\mssrch.dll

2018-11-14 07:56:52 ----A---- C:\Windows\system32\iertutil.dll

2018-11-14 07:56:51 ----A---- C:\Windows\SYSWOW64\vbscript.dll

2018-11-14 07:56:51 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe

2018-11-14 07:56:51 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll

2018-11-14 07:56:51 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2018-11-14 07:56:51 ----A---- C:\Windows\system32\vbscript.dll

2018-11-14 07:56:51 ----A---- C:\Windows\system32\SearchIndexer.exe

2018-11-14 07:56:51 ----A---- C:\Windows\system32\rpcss.dll

2018-11-14 07:56:51 ----A---- C:\Windows\system32\ntoskrnl.exe

2018-11-14 07:56:50 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe

2018-11-14 07:56:50 ----A---- C:\Windows\SYSWOW64\mssph.dll

2018-11-14 07:56:50 ----A---- C:\Windows\system32\scrobj.dll

2018-11-14 07:56:50 ----A---- C:\Windows\system32\rpcrt4.dll

2018-11-14 07:56:50 ----A---- C:\Windows\system32\mssvp.dll

2018-11-14 07:56:50 ----A---- C:\Windows\system32\mssphtb.dll

2018-11-14 07:56:50 ----A---- C:\Windows\system32\drivers\msrpc.sys

2018-11-14 07:56:49 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe

2018-11-14 07:56:49 ----A---- C:\Windows\SYSWOW64\scrobj.dll

2018-11-14 07:56:49 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

2018-11-14 07:56:49 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

2018-11-14 07:56:49 ----A---- C:\Windows\SYSWOW64\ntdll.dll

2018-11-14 07:56:49 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll

2018-11-14 07:56:49 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll

2018-11-14 07:56:49 ----A---- C:\Windows\system32\urlmon.dll

2018-11-14 07:56:49 ----A---- C:\Windows\system32\SearchProtocolHost.exe

2018-11-14 07:56:49 ----A---- C:\Windows\system32\SearchFilterHost.exe

2018-11-14 07:56:49 ----A---- C:\Windows\system32\ntdll.dll

2018-11-14 07:56:49 ----A---- C:\Windows\system32\mssph.dll

2018-11-14 07:56:49 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe

2018-11-14 07:56:49 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys

2018-11-14 07:56:49 ----A---- C:\Windows\system32\d3d10warp.dll

2018-11-14 07:56:48 ----A---- C:\Windows\SYSWOW64\wshcon.dll

2018-11-14 07:56:48 ----A---- C:\Windows\SYSWOW64\wscript.exe

2018-11-14 07:56:48 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2018-11-14 07:56:48 ----A---- C:\Windows\SYSWOW64\scrrun.dll

2018-11-14 07:56:48 ----A---- C:\Windows\SYSWOW64\dispex.dll

2018-11-14 07:56:48 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll

2018-11-14 07:56:48 ----A---- C:\Windows\SYSWOW64\cscript.exe

2018-11-14 07:56:48 ----A---- C:\Windows\SYSWOW64\certcli.dll

2018-11-14 07:56:48 ----A---- C:\Windows\system32\wscript.exe

2018-11-14 07:56:48 ----A---- C:\Windows\system32\scrrun.dll

2018-11-14 07:56:48 ----A---- C:\Windows\system32\rstrui.exe

2018-11-14 07:56:48 ----A---- C:\Windows\system32\mssprxy.dll

2018-11-14 07:56:48 ----A---- C:\Windows\system32\mshtmlmedia.dll

2018-11-14 07:56:48 ----A---- C:\Windows\system32\msfeeds.dll

2018-11-14 07:56:48 ----A---- C:\Windows\system32\lsasrv.dll

2018-11-14 07:56:48 ----A---- C:\Windows\system32\jscript9.dll

2018-11-14 07:56:48 ----A---- C:\Windows\system32\iedkcs32.dll

2018-11-14 07:56:48 ----A---- C:\Windows\system32\hal.dll

2018-11-14 07:56:48 ----A---- C:\Windows\system32\drivers\mrxsmb.sys

2018-11-14 07:56:48 ----A---- C:\Windows\system32\drivers\ksecpkg.sys

2018-11-14 07:56:48 ----A---- C:\Windows\system32\drivers\ksecdd.sys

2018-11-14 07:56:48 ----A---- C:\Windows\system32\dispex.dll

2018-11-14 07:56:48 ----A---- C:\Windows\system32\cscript.exe

2018-11-14 07:56:48 ----A---- C:\Windows\system32\conhost.exe

2018-11-14 07:56:48 ----A---- C:\Windows\system32\certcli.dll

2018-11-14 07:56:48 ----A---- C:\Windows\system32\advapi32.dll

2018-11-14 07:56:47 ----A---- C:\Windows\SYSWOW64\kerberos.dll

2018-11-14 07:56:47 ----A---- C:\Windows\SYSWOW64\advapi32.dll

2018-11-14 07:56:47 ----A---- C:\Windows\system32\wshcon.dll

2018-11-14 07:56:47 ----A---- C:\Windows\system32\winsrv.dll

2018-11-14 07:56:47 ----A---- C:\Windows\system32\schannel.dll

2018-11-14 07:56:47 ----A---- C:\Windows\system32\KernelBase.dll

2018-11-14 07:56:47 ----A---- C:\Windows\system32\kernel32.dll

2018-11-14 07:56:47 ----A---- C:\Windows\system32\kerberos.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\webcheck.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\wdigest.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\TSpkg.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\sspicli.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\srclient.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\schannel.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\setup16.exe

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\secur32.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\rpchttp.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\ncrypt.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\msv1_0.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\KernelBase.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\kernel32.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\jscript.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\cryptbase.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\credssp.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\comcat.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\bcrypt.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\auditpol.exe

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\appidapi.dll

2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\apisetschema.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\wow64win.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\wow64cpu.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\wow64.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\webcheck.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\wdigest.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\TSpkg.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\sspisrv.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\sspicli.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\srcore.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\srclient.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\smss.exe

2018-11-14 07:56:46 ----A---- C:\Windows\system32\setbcdlocale.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\secur32.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\rpchttp.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\ntvdm64.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\ncrypt.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\msv1_0.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\lsass.exe

2018-11-14 07:56:46 ----A---- C:\Windows\system32\jscript.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\ieui.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\ieapfltr.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\ie4uinit.exe

2018-11-14 07:56:46 ----A---- C:\Windows\system32\drivers\videoprt.sys

2018-11-14 07:56:46 ----A---- C:\Windows\system32\drivers\processr.sys

2018-11-14 07:56:46 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys

2018-11-14 07:56:46 ----A---- C:\Windows\system32\drivers\intelppm.sys

2018-11-14 07:56:46 ----A---- C:\Windows\system32\drivers\appid.sys

2018-11-14 07:56:46 ----A---- C:\Windows\system32\drivers\amdppm.sys

2018-11-14 07:56:46 ----A---- C:\Windows\system32\drivers\amdk8.sys

2018-11-14 07:56:46 ----A---- C:\Windows\system32\csrsrv.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\cryptbase.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\credssp.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\comcat.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\bcrypt.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\auditpol.exe

2018-11-14 07:56:46 ----A---- C:\Windows\system32\appidsvc.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\appidpolicyconverter.exe

2018-11-14 07:56:46 ----A---- C:\Windows\system32\appidcertstorecheck.exe

2018-11-14 07:56:46 ----A---- C:\Windows\system32\appidapi.dll

2018-11-14 07:56:46 ----A---- C:\Windows\system32\apisetschema.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2018-11-14 07:56:45 ----A---- C:\Windows\SYSWOW64\wow32.dll

2018-11-14 07:56:45 ----A---- C:\Windows\SYSWOW64\mssvp.dll

2018-11-14 07:56:45 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll

2018-11-14 07:56:45 ----A---- C:\Windows\system32\msrating.dll

2018-11-14 07:56:45 ----A---- C:\Windows\system32\mshtmled.dll

2018-11-14 07:56:45 ----A---- C:\Windows\system32\jscript9diag.dll

2018-11-14 07:56:45 ----A---- C:\Windows\system32\dxtrans.dll

2018-11-14 07:56:45 ----A---- C:\Windows\system32\dxtmsft.dll

2018-11-14 07:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll

2018-11-14 07:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll

2018-11-14 07:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll

2018-11-14 07:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2018-11-14 07:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll

2018-11-14 07:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2018-11-14 07:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2018-11-14 07:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\occache.dll

2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\msrating.dll

2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll

2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\instnm.exe

2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\ieui.dll

2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\dxtrans.dll

2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll

2018-11-14 07:56:44 ----A---- C:\Windows\system32\occache.dll

2018-11-14 07:56:44 ----A---- C:\Windows\system32\mssitlb.dll

2018-11-14 07:56:44 ----A---- C:\Windows\system32\msscntrs.dll

2018-11-14 07:56:44 ----A---- C:\Windows\system32\jsproxy.dll

2018-11-14 07:56:44 ----A---- C:\Windows\system32\inseng.dll

2018-11-14 07:56:44 ----A---- C:\Windows\system32\ieUnatt.exe

2018-11-14 07:56:44 ----A---- C:\Windows\system32\ieetwproxystub.dll

2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\mssprxy.dll

2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\mssphtb.dll

2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\mssitlb.dll

2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll

2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll

2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\inseng.dll

2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe

2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\iesetup.dll

2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll

2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\adtschema.dll

2018-11-14 07:56:43 ----A---- C:\Windows\system32\msshooks.dll

2018-11-14 07:56:43 ----A---- C:\Windows\system32\MshtmlDac.dll

2018-11-14 07:56:43 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll

2018-11-14 07:56:43 ----A---- C:\Windows\system32\iesetup.dll

2018-11-14 07:56:43 ----A---- C:\Windows\system32\iernonce.dll

2018-11-14 07:56:43 ----A---- C:\Windows\system32\ieetwcollector.exe

2018-11-14 07:56:43 ----A---- C:\Windows\system32\adtschema.dll

2018-11-14 07:56:42 ----A---- C:\Windows\SYSWOW64\user.exe

2018-11-14 07:56:42 ----A---- C:\Windows\SYSWOW64\oleres.dll

2018-11-14 07:56:42 ----A---- C:\Windows\SYSWOW64\msshooks.dll

2018-11-14 07:56:42 ----A---- C:\Windows\SYSWOW64\msscntrs.dll

2018-11-14 07:56:42 ----A---- C:\Windows\SYSWOW64\msobjs.dll

2018-11-14 07:56:42 ----A---- C:\Windows\SYSWOW64\msaudite.dll

2018-11-14 07:56:42 ----A---- C:\Windows\SYSWOW64\iernonce.dll

2018-11-14 07:56:42 ----A---- C:\Windows\system32\oleres.dll

2018-11-14 07:56:42 ----A---- C:\Windows\system32\msobjs.dll

2018-11-14 07:56:42 ----A---- C:\Windows\system32\msaudite.dll

2018-11-14 07:56:41 ----A---- C:\Windows\system32\ieetwcollectorres.dll

 

======List of files/folders modified in the last 1 month======

 

2018-12-11 12:22:16 ----D---- C:\Windows\Prefetch

2018-12-11 12:22:15 ----D---- C:\Windows\Temp

2018-12-11 12:22:14 ----RD---- C:\Program Files

2018-12-10 21:54:48 ----D---- C:\Users\Semerak\AppData\Roaming\Skype

2018-12-10 21:20:37 ----D---- C:\Windows\system32\config

2018-12-10 21:07:08 ----D---- C:\Windows\System32

2018-12-10 21:07:08 ----D---- C:\Windows\inf

2018-12-10 21:07:08 ----A---- C:\Windows\system32\PerfStringBackup.INI

2018-12-10 21:03:43 ----D---- C:\Windows\system32\Tasks

2018-12-10 21:03:36 ----D---- C:\Windows\Tasks

2018-12-10 21:01:55 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

2018-12-10 07:41:09 ----D---- C:\Windows

2018-12-10 07:32:40 ----SHD---- C:\System Volume Information

2018-12-10 07:28:29 ----RD---- C:\Program Files (x86)

2018-11-27 02:33:44 ----N---- C:\Windows\system32\MpSigStub.exe

2018-11-21 06:05:25 ----D---- C:\Program Files (x86)\Mozilla Firefox

2018-11-15 05:26:44 ----D---- C:\Windows\rescache

2018-11-15 04:39:00 ----D---- C:\Windows\winsxs

2018-11-15 03:23:42 ----D---- C:\Windows\SYSWOW64\migration

2018-11-15 03:23:42 ----D---- C:\Windows\SYSWOW64\en-US

2018-11-15 03:23:42 ----D---- C:\Windows\SYSWOW64\cs-CZ

2018-11-15 03:23:42 ----D---- C:\Windows\SysWOW64

2018-11-15 03:23:42 ----D---- C:\Program Files\Internet Explorer

2018-11-15 03:23:42 ----D---- C:\Program Files (x86)\Internet Explorer

2018-11-15 03:23:41 ----D---- C:\Windows\system32\migration

2018-11-15 03:23:41 ----D---- C:\Windows\system32\en-US

2018-11-15 03:23:41 ----D---- C:\Windows\system32\drivers

2018-11-15 03:23:41 ----D---- C:\Windows\system32\cs-CZ

2018-11-15 03:23:38 ----D---- C:\Windows\AppPatch

2018-11-15 03:23:36 ----D---- C:\Windows\system32\Boot

2018-11-15 03:23:35 ----D---- C:\Windows\system32\DriverStore

2018-11-15 03:07:57 ----D---- C:\Windows\system32\MRT

2018-11-15 03:05:32 ----AC---- C:\Windows\system32\MRT.exe

2018-11-15 03:05:22 ----SHD---- C:\Windows\Installer

2018-11-15 03:05:21 ----D---- C:\ProgramData\Microsoft Help

2018-11-14 07:51:44 ----D---- C:\Windows\system32\catroot2

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 IfsMount;IfsMount; C:\Windows\system32\DRIVERS\ifsmount.sys [2015-12-23 77360]

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2016-08-25 295000]

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]

R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]

R0 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2011-10-24 230864]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-12 279616]

R1 Ext2fs;Ext2fs; C:\Windows\system32\DRIVERS\ext2fs.sys [2015-12-26 364080]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-01-29 5363200]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-23 2565736]

R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 135928]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]

S3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]

S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2009-07-14 13824]

S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2014-08-03 14448]

S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2014-08-03 27760]

S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208]

S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2014-12-03 169288]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2014-12-03 21320]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2014-12-03 188232]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2014-12-03 158024]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]

S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-08-13 83984]

R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]

R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]

R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-26 105096]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-26 125064]

S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]

S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-10-12 116224]

S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-06-14 161472]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-24 1255736]

S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]

S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-01 272384]

S4 APC Data Service;APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]

S4 APC UPS Service;APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]

S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-26 51320]

S4 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-01-29 279000]

S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-08-16 73728]

S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-11-21 216528]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]

S4 OKI OPHD DCS Loader;OKI OPHD DCS Loader; C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE [2011-10-23 20480]

S4 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-12-03 743688]

 

-----------------EOF-----------------

[Rudy]

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

[Fjup]

OTM

Kód: Vybrat vše

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Kuba
 
User: Public
 
User: Semerak
->Temp folder emptied: 1728716989 bytes
->Temporary Internet Files folder emptied: 499875717 bytes
->Java cache emptied: 4050558 bytes
->FireFox cache emptied: 1089104708 bytes
->Flash cache emptied: 8137467 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116425449 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 639 bytes
RecycleBin emptied: 52028 bytes
 
Total Files Cleaned = 3 287,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Kuba
 
User: Public
 
User: Semerak
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 12112018_215626

Files moved on Reboot...
C:\Users\Semerak\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Semerak\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Semerak\AppData\Local\Mozilla\Firefox\Profiles\r1pxg21r.default\startupCache\scriptCache-child-current.bin moved successfully.
C:\Users\Semerak\AppData\Local\Mozilla\Firefox\Profiles\r1pxg21r.default\startupCache\scriptCache-current.bin moved successfully.
C:\Users\Semerak\AppData\Local\Mozilla\Firefox\Profiles\r1pxg21r.default\startupCache\startupCache.8.little moved successfully.
C:\Users\Semerak\AppData\Local\Mozilla\Firefox\Profiles\r1pxg21r.default\OfflineCache\index.sqlite moved successfully.
C:\Users\Semerak\AppData\Local\Mozilla\Firefox\Profiles\r1pxg21r.default\cache2\entries\32A6813E6563496A90804CAAF6AADF1028BBF9A8 moved successfully.
C:\Users\Semerak\AppData\Local\Mozilla\Firefox\Profiles\r1pxg21r.default\cache2\entries\BEE654A63DF4BABE2FA20ED67259DE09319E06F9 moved successfully.
File move failed. C:\Windows\temp\5DF34B55-331F-486C-9346-524702B6632D1608.1d3c2706840efdd\nisfull.vdm scheduled to be moved on reboot.

Registry entries deleted on Reboot...

RSIT

Kód: Vybrat vše

Logfile of random's system information tool 1.10 (written by random/random)
Run by Semerak at 2018-12-11 22:08:16
Microsoft Windows 7 Home Premium  Service Pack 1
System drive C: has 172 GB (56%) free of 307 GB
Total RAM: 8103 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:08:22, on 11.12.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19178)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\trend micro\Semerak.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: cvvi.jse
O4 - Startup: speedfan – zástupce.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7270 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 

ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 

ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
taskeng.exe {2BC836A6-D28A-4CD7-BEB3-472AED87E658}
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1d3a2f2e-2735-4c62-aaf0-bf9d209d33a9 -SystemEventPortName:HostProcess-

ebc9d3dd-ea92-40d3-baca-4e9838bfa960 -IoCancelEventPortName:HostProcess-720b33a4-ed52-4041-8532-9433b7e69164 -NonStateChangingEventPortName:HostProcess-02d0515f-bb56-406a-b57d-e0a22d6e11fa 

-ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:451037e7-5710-4542-a9ce-314c37dbcbc5 -DeviceGroupId:WpdFsGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
"C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe"  --IPCport 5939
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks  --log C:\Program Files (x86)\TeamViewer\TeamViewer14_Logfile.log  
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks  --log C:\Program Files (x86)\TeamViewer\TeamViewer14_Logfile.log  
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
taskeng.exe {58EE3717-FF90-4B54-BBC8-D0D58072B851}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\12112018_215626.log
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Windows\System32\igfxtray.exe" 
"C:\Windows\System32\hkcmd.exe" 
"C:\Windows\System32\igfxpers.exe" 
"C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Windows\System32\WScript.exe" "C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvvi.jse" 
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Semerak\Desktop\RSITx64.exe" 
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

=========Mozilla firefox=========

ProfilePath - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default

prefs.js - "browser.search.useDBForOrder" -  true
prefs.js - "browser.startup.homepage" -  "http://www.novinky.cz/"
prefs.js - "extensions.enabledItems" -  "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, FasterFox_Lite@BigRedBrent:3.9Lite, {097d3191-e6fa-

4728-9826-b533d755359d}:0.7.12, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {888d99e7-e8b5-

46a3-851e-1ec45da1e644}:4.0.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2, 

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6, {CAFEEFAC-0016-0000-0029-

ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.131 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.131 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL


C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\searchplugins\
bazocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-28 461888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-28 173120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-19 11613288]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14 1353680]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2014-01-29 171992]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2014-01-29 399832]
"Persistence"=C:\Windows\system32\igfxpers.exe [2014-01-29 442328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"=C:\Program Files\TrueCrypt\TrueCrypt.exe [2011-10-24 1517520]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25 31682144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Display]
C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [2012-01-24 284024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2009-12-17 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files (x86)\QIP 2012\qip.exe [2011-10-26 7110096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-08-16 2736128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lightshot]
C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [2014-11-18 226560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mouseElf]
C:\PROGRA~2\GAMING~1\MouseElf.EXE [2005-12-16 475228]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OV3_Monitor]
C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe [2014-09-09 420208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-05-20 595992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-02-17 218408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk]
C:\PROGRA~2\APC\POWERC~1\Display.exe [2012-01-24 271736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Semerak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lightshot.lnk]
C:\PROGRA~2\SKILLB~1\LIGHTS~1\LIGHTS~1.EXE [2014-11-18 226560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Semerak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění 

aplikace OneNote 2010.lnk]
C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE [2015-10-13 228552]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []

C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
cvvi.jse
speedfan – zástupce.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2014-01-29 442880]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-12-11 21:56:26 ----D---- C:\_OTM
2018-12-11 17:40:47 ----D---- C:\Users\Semerak\AppData\Roaming\TeamViewer
2018-12-11 17:40:33 ----D---- C:\Program Files (x86)\TeamViewer
2018-12-11 12:22:14 ----D---- C:\Program Files\trend micro
2018-12-10 20:58:30 ----D---- C:\AdwCleaner
2018-12-10 07:30:48 ----D---- C:\FRST
2018-12-10 07:28:29 ----D---- C:\Program Files (x86)\trend micro
2018-12-10 07:28:27 ----D---- C:\rsit
2018-11-15 03:01:41 ----SHD---- C:\Config.Msi
2018-11-14 07:56:58 ----A---- C:\Windows\system32\mshtml.dll
2018-11-14 07:56:57 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2018-11-14 07:56:55 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2018-11-14 07:56:55 ----A---- C:\Windows\system32\ieframe.dll
2018-11-14 07:56:53 ----A---- C:\Windows\SYSWOW64\wininet.dll
2018-11-14 07:56:53 ----A---- C:\Windows\system32\wininet.dll
2018-11-14 07:56:52 ----A---- C:\Windows\SYSWOW64\tquery.dll
2018-11-14 07:56:52 ----A---- C:\Windows\SYSWOW64\ole32.dll
2018-11-14 07:56:52 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2018-11-14 07:56:52 ----A---- C:\Windows\system32\win32k.sys
2018-11-14 07:56:52 ----A---- C:\Windows\system32\tquery.dll
2018-11-14 07:56:52 ----A---- C:\Windows\system32\ole32.dll
2018-11-14 07:56:52 ----A---- C:\Windows\system32\mssrch.dll
2018-11-14 07:56:52 ----A---- C:\Windows\system32\iertutil.dll
2018-11-14 07:56:51 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2018-11-14 07:56:51 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2018-11-14 07:56:51 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2018-11-14 07:56:51 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2018-11-14 07:56:51 ----A---- C:\Windows\system32\vbscript.dll
2018-11-14 07:56:51 ----A---- C:\Windows\system32\SearchIndexer.exe
2018-11-14 07:56:51 ----A---- C:\Windows\system32\rpcss.dll
2018-11-14 07:56:51 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-11-14 07:56:50 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2018-11-14 07:56:50 ----A---- C:\Windows\SYSWOW64\mssph.dll
2018-11-14 07:56:50 ----A---- C:\Windows\system32\scrobj.dll
2018-11-14 07:56:50 ----A---- C:\Windows\system32\rpcrt4.dll
2018-11-14 07:56:50 ----A---- C:\Windows\system32\mssvp.dll
2018-11-14 07:56:50 ----A---- C:\Windows\system32\mssphtb.dll
2018-11-14 07:56:50 ----A---- C:\Windows\system32\drivers\msrpc.sys
2018-11-14 07:56:49 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2018-11-14 07:56:49 ----A---- C:\Windows\SYSWOW64\scrobj.dll
2018-11-14 07:56:49 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2018-11-14 07:56:49 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2018-11-14 07:56:49 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2018-11-14 07:56:49 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2018-11-14 07:56:49 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2018-11-14 07:56:49 ----A---- C:\Windows\system32\urlmon.dll
2018-11-14 07:56:49 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2018-11-14 07:56:49 ----A---- C:\Windows\system32\SearchFilterHost.exe
2018-11-14 07:56:49 ----A---- C:\Windows\system32\ntdll.dll
2018-11-14 07:56:49 ----A---- C:\Windows\system32\mssph.dll
2018-11-14 07:56:49 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2018-11-14 07:56:49 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-11-14 07:56:49 ----A---- C:\Windows\system32\d3d10warp.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SYSWOW64\wshcon.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SYSWOW64\wscript.exe
2018-11-14 07:56:48 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SYSWOW64\scrrun.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SYSWOW64\dispex.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2018-11-14 07:56:48 ----A---- C:\Windows\SYSWOW64\cscript.exe
2018-11-14 07:56:48 ----A---- C:\Windows\SYSWOW64\certcli.dll
2018-11-14 07:56:48 ----A---- C:\Windows\system32\wscript.exe
2018-11-14 07:56:48 ----A---- C:\Windows\system32\scrrun.dll
2018-11-14 07:56:48 ----A---- C:\Windows\system32\rstrui.exe
2018-11-14 07:56:48 ----A---- C:\Windows\system32\mssprxy.dll
2018-11-14 07:56:48 ----A---- C:\Windows\system32\mshtmlmedia.dll
2018-11-14 07:56:48 ----A---- C:\Windows\system32\msfeeds.dll
2018-11-14 07:56:48 ----A---- C:\Windows\system32\lsasrv.dll
2018-11-14 07:56:48 ----A---- C:\Windows\system32\jscript9.dll
2018-11-14 07:56:48 ----A---- C:\Windows\system32\iedkcs32.dll
2018-11-14 07:56:48 ----A---- C:\Windows\system32\hal.dll
2018-11-14 07:56:48 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-11-14 07:56:48 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-11-14 07:56:48 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-11-14 07:56:48 ----A---- C:\Windows\system32\dispex.dll
2018-11-14 07:56:48 ----A---- C:\Windows\system32\cscript.exe
2018-11-14 07:56:48 ----A---- C:\Windows\system32\conhost.exe
2018-11-14 07:56:48 ----A---- C:\Windows\system32\certcli.dll
2018-11-14 07:56:48 ----A---- C:\Windows\system32\advapi32.dll
2018-11-14 07:56:47 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2018-11-14 07:56:47 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2018-11-14 07:56:47 ----A---- C:\Windows\system32\wshcon.dll
2018-11-14 07:56:47 ----A---- C:\Windows\system32\winsrv.dll
2018-11-14 07:56:47 ----A---- C:\Windows\system32\schannel.dll
2018-11-14 07:56:47 ----A---- C:\Windows\system32\KernelBase.dll
2018-11-14 07:56:47 ----A---- C:\Windows\system32\kernel32.dll
2018-11-14 07:56:47 ----A---- C:\Windows\system32\kerberos.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\srclient.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\schannel.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\setup16.exe
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\secur32.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\jscript.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\credssp.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\comcat.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2018-11-14 07:56:46 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\wow64win.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\wow64cpu.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\wow64.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\webcheck.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\wdigest.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\TSpkg.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\sspisrv.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\sspicli.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\srcore.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\srclient.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\smss.exe
2018-11-14 07:56:46 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\secur32.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\rpchttp.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\ntvdm64.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\ncrypt.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\msv1_0.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\lsass.exe
2018-11-14 07:56:46 ----A---- C:\Windows\system32\jscript.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\ieui.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\ieapfltr.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\ie4uinit.exe
2018-11-14 07:56:46 ----A---- C:\Windows\system32\drivers\videoprt.sys
2018-11-14 07:56:46 ----A---- C:\Windows\system32\drivers\processr.sys
2018-11-14 07:56:46 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-11-14 07:56:46 ----A---- C:\Windows\system32\drivers\intelppm.sys
2018-11-14 07:56:46 ----A---- C:\Windows\system32\drivers\appid.sys
2018-11-14 07:56:46 ----A---- C:\Windows\system32\drivers\amdppm.sys
2018-11-14 07:56:46 ----A---- C:\Windows\system32\drivers\amdk8.sys
2018-11-14 07:56:46 ----A---- C:\Windows\system32\csrsrv.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\cryptbase.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\credssp.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\comcat.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\bcrypt.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\auditpol.exe
2018-11-14 07:56:46 ----A---- C:\Windows\system32\appidsvc.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-11-14 07:56:46 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-11-14 07:56:46 ----A---- C:\Windows\system32\appidapi.dll
2018-11-14 07:56:46 ----A---- C:\Windows\system32\apisetschema.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-11-14 07:56:45 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-11-14 07:56:45 ----A---- C:\Windows\SYSWOW64\wow32.dll
2018-11-14 07:56:45 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2018-11-14 07:56:45 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2018-11-14 07:56:45 ----A---- C:\Windows\system32\msrating.dll
2018-11-14 07:56:45 ----A---- C:\Windows\system32\mshtmled.dll
2018-11-14 07:56:45 ----A---- C:\Windows\system32\jscript9diag.dll
2018-11-14 07:56:45 ----A---- C:\Windows\system32\dxtrans.dll
2018-11-14 07:56:45 ----A---- C:\Windows\system32\dxtmsft.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-11-14 07:56:44 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\occache.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\msrating.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\instnm.exe
2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\ieui.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2018-11-14 07:56:44 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2018-11-14 07:56:44 ----A---- C:\Windows\system32\occache.dll
2018-11-14 07:56:44 ----A---- C:\Windows\system32\mssitlb.dll
2018-11-14 07:56:44 ----A---- C:\Windows\system32\msscntrs.dll
2018-11-14 07:56:44 ----A---- C:\Windows\system32\jsproxy.dll
2018-11-14 07:56:44 ----A---- C:\Windows\system32\inseng.dll
2018-11-14 07:56:44 ----A---- C:\Windows\system32\ieUnatt.exe
2018-11-14 07:56:44 ----A---- C:\Windows\system32\ieetwproxystub.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\mssprxy.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\mssitlb.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\inseng.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2018-11-14 07:56:43 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2018-11-14 07:56:43 ----A---- C:\Windows\system32\msshooks.dll
2018-11-14 07:56:43 ----A---- C:\Windows\system32\MshtmlDac.dll
2018-11-14 07:56:43 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-11-14 07:56:43 ----A---- C:\Windows\system32\iesetup.dll
2018-11-14 07:56:43 ----A---- C:\Windows\system32\iernonce.dll
2018-11-14 07:56:43 ----A---- C:\Windows\system32\ieetwcollector.exe
2018-11-14 07:56:43 ----A---- C:\Windows\system32\adtschema.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SYSWOW64\user.exe
2018-11-14 07:56:42 ----A---- C:\Windows\SYSWOW64\oleres.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SYSWOW64\msshooks.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2018-11-14 07:56:42 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2018-11-14 07:56:42 ----A---- C:\Windows\system32\oleres.dll
2018-11-14 07:56:42 ----A---- C:\Windows\system32\msobjs.dll
2018-11-14 07:56:42 ----A---- C:\Windows\system32\msaudite.dll
2018-11-14 07:56:41 ----A---- C:\Windows\system32\ieetwcollectorres.dll

======List of files/folders modified in the last 1 month======

2018-12-11 22:08:20 ----D---- C:\Windows\Temp
2018-12-11 22:08:05 ----D---- C:\Windows\Prefetch
2018-12-11 22:07:33 ----D---- C:\Users\Semerak\AppData\Roaming\Skype
2018-12-11 22:06:21 ----D---- C:\Windows\Tasks
2018-12-11 21:57:48 ----SHD---- C:\System Volume Information
2018-12-11 21:26:09 ----D---- C:\Windows\system32\config
2018-12-11 17:41:17 ----D---- C:\Windows\system32\Tasks
2018-12-11 17:40:48 ----RSD---- C:\Windows\Fonts
2018-12-11 17:40:33 ----RD---- C:\Program Files (x86)
2018-12-11 12:22:14 ----RD---- C:\Program Files
2018-12-10 23:04:09 ----N---- C:\Windows\system32\MpSigStub.exe
2018-12-10 21:07:08 ----D---- C:\Windows\System32
2018-12-10 21:07:08 ----D---- C:\Windows\inf
2018-12-10 21:07:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-12-10 21:01:55 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-10 07:41:09 ----D---- C:\Windows
2018-11-21 06:05:25 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-11-15 05:26:44 ----D---- C:\Windows\rescache
2018-11-15 04:39:00 ----D---- C:\Windows\winsxs
2018-11-15 03:23:42 ----D---- C:\Windows\SYSWOW64\migration
2018-11-15 03:23:42 ----D---- C:\Windows\SYSWOW64\en-US
2018-11-15 03:23:42 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-11-15 03:23:42 ----D---- C:\Windows\SysWOW64
2018-11-15 03:23:42 ----D---- C:\Program Files\Internet Explorer
2018-11-15 03:23:42 ----D---- C:\Program Files (x86)\Internet Explorer
2018-11-15 03:23:41 ----D---- C:\Windows\system32\migration
2018-11-15 03:23:41 ----D---- C:\Windows\system32\en-US
2018-11-15 03:23:41 ----D---- C:\Windows\system32\drivers
2018-11-15 03:23:41 ----D---- C:\Windows\system32\cs-CZ
2018-11-15 03:23:38 ----D---- C:\Windows\AppPatch
2018-11-15 03:23:36 ----D---- C:\Windows\system32\Boot
2018-11-15 03:23:35 ----D---- C:\Windows\system32\DriverStore
2018-11-15 03:07:57 ----D---- C:\Windows\system32\MRT
2018-11-15 03:05:32 ----AC---- C:\Windows\system32\MRT.exe
2018-11-15 03:05:22 ----SHD---- C:\Windows\Installer
2018-11-15 03:05:21 ----D---- C:\ProgramData\Microsoft Help
2018-11-14 07:51:44 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 IfsMount;IfsMount; C:\Windows\system32\DRIVERS\ifsmount.sys [2015-12-23 77360]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2016-08-25 295000]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R0 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2011-10-24 230864]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-12 279616]
R1 Ext2fs;Ext2fs; C:\Windows\system32\DRIVERS\ext2fs.sys [2015-12-26 364080]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-01-29 5363200]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-23 2565736]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 135928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2009-07-14 13824]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2014-08-03 14448]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2014-08-03 27760]
S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208]
S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2014-12-03 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2014-12-03 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2014-12-03 188232]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2014-12-03 158024]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-08-13 83984]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
R2 TeamViewer;TeamViewer 14; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2018-11-14 11786992]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-26 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-26 125064]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-10-12 116224]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-06-14 161472]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-24 1255736]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-01 272384]
S4 APC Data Service;APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
S4 APC UPS Service;APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-26 51320]
S4 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-01-29 279000]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-08-16 73728]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-11-21 216528]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 OKI OPHD DCS Loader;OKI OPHD DCS Loader; C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE [2011-10-23 20480]
S4 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-12-03 743688]

-----------------EOF-----------------

[Rudy]

OK. Jak to vypadá teď?

[Fjup]

Zkusil jsem na flash disk nakopírovat nějaké další soubory a uvidím, jestli se zašifrují nebo se zase ozve defender. Jinak podařilo se podle logů tu potvoru odstranit? Jinak jednalo se o haveť zmiňovanou zde?
https://www.seznamzpravy.cz/clanek/hlid ... ctvi-62268

[Rudy]

Měl by být odstraněn. Pokud se ovšem časem nějak neobnoví.

[Fjup]

Zdánlivě je vše v pořádku. Defender zatím nic nedetekoval a další data na flash disku se zatím nezašifrovala... Myslíte, že je ta potvora pryč? Nejde se ještě nějak ujistit?

[Rudy]

Můžeme uděla hloubkový sken. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[Fjup]

Dobrý den, pardon za menší prodlevu. Zde je log:

Kód: Vybrat vše

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 13.12.18
Čas skenování: 7:09
Logovací soubor: 9a6530c6-fe9d-11e8-a86e-f46d047b04f6.json

-Informace o softwaru-
Verze: 3.6.1.2711
Verze komponentů: 1.0.508
Aktualizovat verzi balíku komponent: 1.0.8291
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: PRACOVNA2\Semerak

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 379721
Zjištěné hrozby: 6
Hrozby umístěné do karantény: 0
Uplynulý čas: 2 hod, 52 min, 44 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 6
PUP.Optional.OpenCandy, C:\USERS\SEMERAK\DOWNLOADS\INSTALLED PRACOVNA2\DTLITE4451-0236.EXE, Žádná uživatelská akce, [1094], [297667],1.0.8291
Generic.Malware/Suspicious, C:\USERS\SEMERAK\DOWNLOADS\INSTALLED PRACOVNA2\DTLITE4451-0236.EXE, Žádná uživatelská akce, [0], [392686],1.0.8291
PUP.Optional.SlimCleanerPlus, C:\USERS\SEMERAK\DOWNLOADS\INSTALLED PRACOVNA2\SLIMDRIVERS-SETUP.EXE, Žádná uživatelská akce, [1474], [472306],1.0.8291
PUP.Optional.ASK, C:\USERS\SEMERAK\DOWNLOADS\INSTALLED PRACOVNA2\KMPLAYER_EN_3.0.0.1442_R2.EXE, Žádná uživatelská akce, [2], [383618],1.0.8291
Generic.Malware/Suspicious, C:\USERS\SEMERAK\DOWNLOADS\INSTALLED PRACOVNA2\KMPLAYER_EN_3.0.0.1442_R2.EXE, Žádná uživatelská akce, [0], [392686],1.0.8291
PUP.Optional.BundleInstaller.Generic, C:\USERS\SEMERAK\DOWNLOADS\FREEFILESYNC_8.0_WINDOWS_SETUP.EXE, Žádná uživatelská akce, [6114], [518788],1.0.8291

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[Rudy]

Ještě nějaké zbytky potenciálně nechtěných programů. Všechny nálezy smažte.

[Fjup]

Děkuji, nálezy smažu. Jinak si tedy myslíte, že je to OK? Resp. je počítač bezpečný k používaní bankovnictví?