Kontrola logu po infikaci PC archivem z emailu

Zpráva

#16 Příspěvek od **Rudy** » 14 pro 2018 13:30

Máte-li PC chráněn firewallem a aktuálním antivirem, určitě ano. PC by již měl být bez malware.

Fjup · #17 Příspěvek od **Fjup** » 14 pro 2018 13:46

Dobře, mám tam Windows Defender a základní windows firewall, což by mělo snad postačovat

. Děkuji Vám mockrát za pomoc

#18 Příspěvek od **Rudy** » 14 pro 2018 14:54

Systémový fw určitě a Windef by měl také stačit na běžné viry. Nemáte zač!

Fjup · #19 Příspěvek od **Fjup** » 14 pro 2018 18:00

Tak asi jsem to zakřikl. Problém je zpět, vyskakuje stejné okno defenderu jako předtím se stejným virem... Vypadá to, že tam tedy ještě pořád je.
http://prntscr.com/lv0j04

Edit: flash disk jsem zpět nedával, takže nevím, jestli to šifruje opět soubory na flash disku.

Kód: Vybrat vše

RSIT log
Logfile of random's system information tool 1.10 (written by random/random)
Run by Semerak at 2018-12-14 18:01:22
Microsoft Windows 7 Home Premium  Service Pack 1
System drive C: has 169 GB (55%) free of 307 GB
Total RAM: 8103 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:01:27, on 14.12.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19203)
Boot mode: Normal

Running processes:
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
C:\Program Files\trend micro\Semerak.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: cvvi.jse
O4 - Startup: speedfan – zástupce.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7699 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-30b089e9-cd8a-482c-8652-4109a4b844cf -SystemEventPortName:HostProcess-abc9b466-1024-45f6-85f1-21139f3cb384 -IoCancelEventPortName:HostProcess-2a47942a-dd8f-4f7b-ba85-8c899b2d21ca -NonStateChangingEventPortName:HostProcess-027bc562-dc2c-4fe5-b0ca-43ccce2536f5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:2b0e0cb1-4d51-4dde-9faf-35c51a719ec7 -DeviceGroupId:WpdFsGroup
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Windows\System32\igfxtray.exe" 
"C:\Windows\System32\hkcmd.exe" 
"C:\Windows\System32\igfxpers.exe" 
"C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Windows\System32\WScript.exe" "C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvvi.jse" 
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -os-restarted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="3828.0.339118212\21305856" -parentBuildID 20181114214635 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - "C:\Users\Semerak\AppData\LocalLow\Mozilla\Temp-{ad80293a-9f52-4bc6-9aa2-50d8f8169e25}" 3828 "\\.\pipe\gecko-crash-server-pipe.3828" 1064 gpu
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="3828.3.1979139345\1639230082" -childID 1 -isForBrowser -prefsHandle 1972 -prefMapHandle 1968 -prefsLen 1 -prefMapSize 217135 -schedulerPrefs 0001,2 -parentBuildID 20181114214635 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 3828 "\\.\pipe\gecko-crash-server-pipe.3828" 1992 tab
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks  --log C:\Program Files (x86)\TeamViewer\TeamViewer14_Logfile.log  
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks  --log C:\Program Files (x86)\TeamViewer\TeamViewer14_Logfile.log  
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="3828.13.1458134987\1399890312" -childID 2 -isForBrowser -prefsHandle 2256 -prefMapHandle 1908 -prefsLen 83 -prefMapSize 217135 -schedulerPrefs 0001,2 -parentBuildID 20181114214635 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 3828 "\\.\pipe\gecko-crash-server-pipe.3828" 1696 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="3828.20.888469026\549615381" -childID 3 -isForBrowser -prefsHandle 2752 -prefMapHandle 2692 -prefsLen 83 -prefMapSize 217135 -schedulerPrefs 0001,2 -parentBuildID 20181114214635 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 3828 "\\.\pipe\gecko-crash-server-pipe.3828" 2968 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="3828.34.90203467\2128715355" -childID 5 -isForBrowser -prefsHandle 3300 -prefMapHandle 3776 -prefsLen 4175 -prefMapSize 217135 -schedulerPrefs 0001,2 -parentBuildID 20181114214635 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 3828 "\\.\pipe\gecko-crash-server-pipe.3828" 3764 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="3828.48.992908818\1207738827" -childID 7 -isForBrowser -prefsHandle 7704 -prefMapHandle 3996 -prefsLen 6125 -prefMapSize 217135 -schedulerPrefs 0001,2 -parentBuildID 20181114214635 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 3828 "\\.\pipe\gecko-crash-server-pipe.3828" 7820 tab
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe" 
"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"
"taskhost.exe"
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" 
C:\Windows\splwow64.exe 8192
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" 
"C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe" 
"C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe"  --IPCport 5939

"C:\Users\Semerak\Desktop\RSITx64.exe" 

======Scheduled tasks folder======

=========Mozilla firefox=========

ProfilePath - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default

prefs.js - "browser.search.useDBForOrder" -  true
prefs.js - "browser.startup.homepage" -  "http://www.novinky.cz/"
prefs.js - "extensions.enabledItems" -  "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, FasterFox_Lite@BigRedBrent:3.9Lite, {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.131 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 26.0.0.131 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL


C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\searchplugins\
bazocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-28 461888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-28 173120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-19 11613288]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2016-11-14 1353680]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2014-01-29 171992]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2014-01-29 399832]
"Persistence"=C:\Windows\system32\igfxpers.exe [2014-01-29 442328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"=C:\Program Files\TrueCrypt\TrueCrypt.exe [2011-10-24 1517520]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25 31682144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Display]
C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [2012-01-24 284024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2009-12-17 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files (x86)\QIP 2012\qip.exe [2011-10-26 7110096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-08-16 2736128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lightshot]
C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [2014-11-18 226560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mouseElf]
C:\PROGRA~2\GAMING~1\MouseElf.EXE [2005-12-16 475228]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OV3_Monitor]
C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe [2014-09-09 420208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-05-20 595992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-02-17 218408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk]
C:\PROGRA~2\APC\POWERC~1\Display.exe [2012-01-24 271736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Semerak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lightshot.lnk]
C:\PROGRA~2\SKILLB~1\LIGHTS~1\LIGHTS~1.EXE [2014-11-18 226560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Semerak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk]
C:\PROGRA~2\MICROS~2\Office14\ONENOTEM.EXE [2015-10-13 228552]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []

C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
cvvi.jse
speedfan – zástupce.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2014-01-29 442880]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-12-13 06:58:21 ----A---- C:\Windows\system32\drivers\mbam.sys
2018-12-13 06:58:05 ----A---- C:\Windows\system32\drivers\MbamChameleon.sys
2018-12-13 06:58:05 ----A---- C:\Windows\system32\drivers\farflt.sys
2018-12-13 06:58:04 ----A---- C:\Windows\system32\drivers\mwac.sys
2018-12-13 06:57:56 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2018-12-13 06:57:45 ----A---- C:\Windows\system32\drivers\mbae64.sys
2018-12-13 06:57:40 ----D---- C:\ProgramData\Malwarebytes
2018-12-13 06:57:40 ----D---- C:\Program Files\Malwarebytes
2018-12-13 03:03:42 ----SHD---- C:\Config.Msi
2018-12-12 12:23:10 ----A---- C:\Windows\system32\mshtml.dll
2018-12-12 12:23:08 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2018-12-12 12:23:07 ----A---- C:\Windows\system32\ieframe.dll
2018-12-12 12:23:06 ----A---- C:\Windows\system32\wmp.dll
2018-12-12 12:23:05 ----A---- C:\Windows\SYSWOW64\wmp.dll
2018-12-12 12:23:05 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2018-12-12 12:23:04 ----A---- C:\Windows\system32\msxml3.dll
2018-12-12 12:23:04 ----A---- C:\Windows\system32\jscript9.dll
2018-12-12 12:23:03 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2018-12-12 12:23:03 ----A---- C:\Windows\SYSWOW64\jscript.dll
2018-12-12 12:23:03 ----A---- C:\Windows\system32\win32k.sys
2018-12-12 12:23:03 ----A---- C:\Windows\system32\rpcrt4.dll
2018-12-12 12:23:03 ----A---- C:\Windows\system32\ntoskrnl.exe
2018-12-12 12:23:02 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2018-12-12 12:23:02 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2018-12-12 12:23:02 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2018-12-12 12:23:02 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2018-12-12 12:23:02 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2018-12-12 12:23:02 ----A---- C:\Windows\system32\vbscript.dll
2018-12-12 12:23:02 ----A---- C:\Windows\system32\msxml6.dll
2018-12-12 12:23:02 ----A---- C:\Windows\system32\jscript.dll
2018-12-12 12:23:02 ----A---- C:\Windows\system32\iedkcs32.dll
2018-12-12 12:23:02 ----A---- C:\Windows\system32\gdi32.dll
2018-12-12 12:23:01 ----A---- C:\Windows\SYSWOW64\t2embed.dll
2018-12-12 12:23:01 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2018-12-12 12:23:01 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2018-12-12 12:23:01 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2018-12-12 12:23:01 ----A---- C:\Windows\SYSWOW64\certcli.dll
2018-12-12 12:23:01 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2018-12-12 12:23:01 ----A---- C:\Windows\system32\t2embed.dll
2018-12-12 12:23:01 ----A---- C:\Windows\system32\ntdll.dll
2018-12-12 12:23:01 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2018-12-12 12:23:01 ----A---- C:\Windows\system32\hal.dll
2018-12-12 12:23:01 ----A---- C:\Windows\system32\drivers\msrpc.sys
2018-12-12 12:23:01 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2018-12-12 12:23:01 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2018-12-12 12:23:01 ----A---- C:\Windows\system32\certcli.dll
2018-12-12 12:23:01 ----A---- C:\Windows\system32\atmfd.dll
2018-12-12 12:23:00 ----A---- C:\Windows\SYSWOW64\wininet.dll
2018-12-12 12:23:00 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2018-12-12 12:23:00 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2018-12-12 12:23:00 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2018-12-12 12:23:00 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2018-12-12 12:23:00 ----A---- C:\Windows\system32\wininet.dll
2018-12-12 12:23:00 ----A---- C:\Windows\system32\urlmon.dll
2018-12-12 12:23:00 ----A---- C:\Windows\system32\spwmp.dll
2018-12-12 12:23:00 ----A---- C:\Windows\system32\mshtmlmedia.dll
2018-12-12 12:23:00 ----A---- C:\Windows\system32\msfeeds.dll
2018-12-12 12:23:00 ----A---- C:\Windows\system32\iertutil.dll
2018-12-12 12:23:00 ----A---- C:\Windows\system32\dxmasf.dll
2018-12-12 12:23:00 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2018-12-12 12:23:00 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2018-12-12 12:22:59 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2018-12-12 12:22:59 ----A---- C:\Windows\system32\wmploc.DLL
2018-12-12 12:22:58 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2018-12-12 12:22:58 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2018-12-12 12:22:58 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2018-12-12 12:22:58 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2018-12-12 12:22:58 ----A---- C:\Windows\system32\webcheck.dll
2018-12-12 12:22:58 ----A---- C:\Windows\system32\ieui.dll
2018-12-12 12:22:58 ----A---- C:\Windows\system32\ieapfltr.dll
2018-12-12 12:22:57 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2018-12-12 12:22:57 ----A---- C:\Windows\SYSWOW64\ieui.dll
2018-12-12 12:22:57 ----A---- C:\Windows\system32\smss.exe
2018-12-12 12:22:57 ----A---- C:\Windows\system32\msrating.dll
2018-12-12 12:22:57 ----A---- C:\Windows\system32\mshtmled.dll
2018-12-12 12:22:57 ----A---- C:\Windows\system32\lsasrv.dll
2018-12-12 12:22:57 ----A---- C:\Windows\system32\jscript9diag.dll
2018-12-12 12:22:57 ----A---- C:\Windows\system32\dxtrans.dll
2018-12-12 12:22:57 ----A---- C:\Windows\system32\dxtmsft.dll
2018-12-12 12:22:57 ----A---- C:\Windows\system32\drivers\videoprt.sys
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\tzres.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\srclient.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\schannel.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\occache.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\msrating.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\lpk.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\inseng.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2018-12-12 12:22:56 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\wow64win.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\wow64cpu.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\wow64.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\winsrv.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\wdigest.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\tzres.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\TSpkg.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\sspisrv.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\sspicli.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\srcore.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\srclient.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\schannel.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\setbcdlocale.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\secur32.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\rstrui.exe
2018-12-12 12:22:56 ----A---- C:\Windows\system32\rpchttp.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\occache.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\ntvdm64.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\ncrypt.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\msv1_0.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\MshtmlDac.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\lsass.exe
2018-12-12 12:22:56 ----A---- C:\Windows\system32\lpk.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\KernelBase.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\kernel32.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\kerberos.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\jsproxy.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\inseng.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\ieUnatt.exe
2018-12-12 12:22:56 ----A---- C:\Windows\system32\iesetup.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\iernonce.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\ieetwproxystub.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\ieetwcollector.exe
2018-12-12 12:22:56 ----A---- C:\Windows\system32\ie4uinit.exe
2018-12-12 12:22:56 ----A---- C:\Windows\system32\fontsub.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\drivers\processr.sys
2018-12-12 12:22:56 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2018-12-12 12:22:56 ----A---- C:\Windows\system32\drivers\intelppm.sys
2018-12-12 12:22:56 ----A---- C:\Windows\system32\drivers\appid.sys
2018-12-12 12:22:56 ----A---- C:\Windows\system32\drivers\amdppm.sys
2018-12-12 12:22:56 ----A---- C:\Windows\system32\drivers\amdk8.sys
2018-12-12 12:22:56 ----A---- C:\Windows\system32\dciman32.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\csrsrv.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\cryptbase.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\conhost.exe
2018-12-12 12:22:56 ----A---- C:\Windows\system32\bcrypt.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\appidsvc.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2018-12-12 12:22:56 ----A---- C:\Windows\system32\appidapi.dll
2018-12-12 12:22:56 ----A---- C:\Windows\system32\advapi32.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-12-12 12:22:55 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-12-12 12:22:55 ----A---- C:\Windows\SYSWOW64\wow32.dll
2018-12-12 12:22:55 ----A---- C:\Windows\SYSWOW64\user.exe
2018-12-12 12:22:55 ----A---- C:\Windows\SYSWOW64\setup16.exe
2018-12-12 12:22:55 ----A---- C:\Windows\SYSWOW64\secur32.dll
2018-12-12 12:22:55 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2018-12-12 12:22:55 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2018-12-12 12:22:55 ----A---- C:\Windows\SYSWOW64\instnm.exe
2018-12-12 12:22:55 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2018-12-12 12:22:55 ----A---- C:\Windows\SYSWOW64\credssp.dll
2018-12-12 12:22:55 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2018-12-12 12:22:55 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2018-12-12 12:22:55 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2018-12-12 12:22:55 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2018-12-12 12:22:55 ----A---- C:\Windows\system32\msaudite.dll
2018-12-12 12:22:55 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2018-12-12 12:22:55 ----A---- C:\Windows\system32\credssp.dll
2018-12-12 12:22:55 ----A---- C:\Windows\system32\auditpol.exe
2018-12-12 12:22:55 ----A---- C:\Windows\system32\atmlib.dll
2018-12-12 12:22:55 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2018-12-12 12:22:55 ----A---- C:\Windows\system32\apisetschema.dll
2018-12-12 12:22:55 ----A---- C:\Windows\system32\adtschema.dll
2018-12-12 12:22:54 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2018-12-12 12:22:54 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2018-12-12 12:22:54 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2018-12-12 12:22:54 ----A---- C:\Windows\system32\msxml6r.dll
2018-12-12 12:22:54 ----A---- C:\Windows\system32\msxml3r.dll
2018-12-12 12:22:54 ----A---- C:\Windows\system32\msobjs.dll
2018-12-11 21:56:26 ----D---- C:\_OTM
2018-12-11 17:40:47 ----D---- C:\Users\Semerak\AppData\Roaming\TeamViewer
2018-12-11 17:40:33 ----D---- C:\Program Files (x86)\TeamViewer
2018-12-11 12:22:14 ----D---- C:\Program Files\trend micro
2018-12-10 20:58:30 ----D---- C:\AdwCleaner
2018-12-10 07:30:48 ----D---- C:\FRST
2018-12-10 07:28:29 ----D---- C:\Program Files (x86)\trend micro
2018-12-10 07:28:27 ----D---- C:\rsit

======List of files/folders modified in the last 1 month======

2018-12-14 18:01:27 ----D---- C:\Windows\Prefetch
2018-12-14 18:01:14 ----D---- C:\Windows\Temp
2018-12-14 17:01:14 ----D---- C:\Windows\system32\drivers
2018-12-14 04:00:23 ----D---- C:\Windows\system32\config
2018-12-14 03:37:14 ----D---- C:\Windows\Tasks
2018-12-13 06:57:48 ----D---- C:\Windows
2018-12-13 06:57:40 ----RD---- C:\Program Files
2018-12-13 06:57:40 ----HD---- C:\ProgramData
2018-12-13 06:44:46 ----D---- C:\Windows\rescache
2018-12-13 04:22:32 ----D---- C:\Windows\Microsoft.NET
2018-12-13 04:22:03 ----RSD---- C:\Windows\assembly
2018-12-13 03:43:11 ----D---- C:\Windows\System32
2018-12-13 03:43:11 ----D---- C:\Windows\inf
2018-12-13 03:43:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-12-13 03:37:36 ----D---- C:\Windows\winsxs
2018-12-13 03:26:14 ----D---- C:\Program Files\Windows Media Player
2018-12-13 03:26:14 ----D---- C:\Program Files\Internet Explorer
2018-12-13 03:26:13 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-12-13 03:26:13 ----D---- C:\Program Files (x86)\Windows Media Player
2018-12-13 03:26:13 ----D---- C:\Program Files (x86)\Internet Explorer
2018-12-13 03:26:12 ----D---- C:\Windows\SYSWOW64\en-US
2018-12-13 03:26:12 ----D---- C:\Windows\SysWOW64
2018-12-13 03:26:11 ----D---- C:\Windows\system32\en-US
2018-12-13 03:26:11 ----D---- C:\Windows\system32\cs-CZ
2018-12-13 03:26:09 ----D---- C:\Windows\system32\Boot
2018-12-13 03:26:09 ----D---- C:\Windows\AppPatch
2018-12-13 03:26:07 ----D---- C:\Windows\system32\DriverStore
2018-12-13 03:09:12 ----SHD---- C:\Windows\Installer
2018-12-13 03:07:24 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2018-12-13 03:06:22 ----D---- C:\ProgramData\Microsoft Help
2018-12-13 03:05:58 ----D---- C:\Windows\system32\MRT
2018-12-13 03:04:01 ----AC---- C:\Windows\system32\MRT.exe
2018-12-13 03:03:52 ----A---- C:\Windows\win.ini
2018-12-13 03:00:34 ----SHD---- C:\System Volume Information
2018-12-12 12:15:18 ----D---- C:\Windows\system32\catroot2
2018-12-11 22:07:33 ----D---- C:\Users\Semerak\AppData\Roaming\Skype
2018-12-11 17:41:17 ----D---- C:\Windows\system32\Tasks
2018-12-11 17:40:48 ----RSD---- C:\Windows\Fonts
2018-12-11 17:40:33 ----RD---- C:\Program Files (x86)
2018-12-10 23:04:09 ----N---- C:\Windows\system32\MpSigStub.exe
2018-12-10 21:01:55 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-21 06:05:25 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-11-15 03:23:42 ----D---- C:\Windows\SYSWOW64\migration
2018-11-15 03:23:41 ----D---- C:\Windows\system32\migration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 IfsMount;IfsMount; C:\Windows\system32\DRIVERS\ifsmount.sys [2015-12-23 77360]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2016-08-25 295000]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 213736]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R0 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2011-10-24 230864]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-12 279616]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit; \??\C:\Windows\system32\drivers\mbae64.sys [2018-12-04 152688]
R1 Ext2fs;Ext2fs; C:\Windows\system32\DRIVERS\ext2fs.sys [2015-12-26 364080]
R2 MBAMChameleon;MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [2018-12-13 198512]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-01-29 5363200]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-23 2565736]
R3 MBAMFarflt;MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [2018-12-13 126624]
R3 MBAMProtection;MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [2018-12-13 72536]
R3 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [2018-12-13 261032]
R3 MBAMWebProtection;MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [2018-12-14 103760]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 135928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2009-07-14 13824]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2014-08-03 14448]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2014-08-03 27760]
S3 KMWDFILTER;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 30208]
S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2014-12-03 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2014-12-03 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2014-12-03 188232]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2014-12-03 158024]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-08-13 83984]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2018-09-19 6347056]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-11-14 119864]
R2 TeamViewer;TeamViewer 14; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2018-11-14 11786992]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-26 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-26 125064]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-11-13 116224]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-06-14 161472]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-24 1255736]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-01 272384]
S4 APC Data Service;APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
S4 APC UPS Service;APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-26 51320]
S4 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-01-29 279000]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-08-16 73728]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-11-21 216528]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 OKI OPHD DCS Loader;OKI OPHD DCS Loader; C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE [2011-10-23 20480]
S4 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-12-03 743688]

-----------------EOF-----------------

#20 Příspěvek od **Rudy** » 14 pro 2018 18:55

Udělejte kompletní sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Utilitu stáhněte, spusťte, nechte pracovat a po skončení skce smažte vše, co najde. Restartujte PC.

Fjup · #21 Příspěvek od **Fjup** » 16 pro 2018 19:29

Dobrý den, AVPTool tu potvoru asi našel a odstranil (bylo tam toho spousty i v Temp složce, ale nalezlo to něco i mimo ní, co ty další asi vytvářelo)

. Pustil jsem sken pro jistotu několikrát a dále již nic nalezeno nebylo. Zaškrtl jsem vše co šlo + přidal další nesystémové disky. Zatím to vypadá, že je vše v pořádku. Log z toho jinak žádný nevypadl. Moc Vám děkuji za pomoc a pokud si myslíte, že pročištění tímto nástrojem je již dostačující, tak to bude asi již vše. Ještě tedy pošlu menší příspěvek na provoz fóra

Děkuji a přeji hezké Vánoce.

#22 Příspěvek od **Conder** » 16 pro 2018 19:37

Pardon za vstup

Za prispevok dakujeme

Pre kontrolu by som poprosil este o obidva logy z FRST - https://forum.viry.cz/viewtopic.php?f=13&t=154679

Fjup · #23 Příspěvek od **Fjup** » 17 pro 2018 08:26

Addition

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018
Ran by Semerak (17-12-2018 08:22:52)
Running from C:\Users\Semerak\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-10-23 16:49:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3730243165-907656754-2530024790-500 - Administrator - Disabled)
Guest (S-1-5-21-3730243165-907656754-2530024790-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3730243165-907656754-2530024790-1002 - Limited - Enabled)
Semerak (S-1-5-21-3730243165-907656754-2530024790-1000 - Administrator - Enabled) => C:\Users\Semerak

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20064 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
AIMP2 (HKLM-x32\...\AIMP2) (Version:  - AIMP DevTeam)
ArcSoft MediaImpression 2 (HKLM-x32\...\{FB46F473-333E-4A06-A777-31C54188593E}) (Version: 2.0.14.672 - ArcSoft)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.27 - ArcSoft)
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5 (HKLM-x32\...\{E031338C-839D-4EDD-9537-99B653C39D81}) (Version: 6.5.5.24 - Autodesk, Inc.)
Balíček ovladače systému Windows - Hewlett-Packard Image  (12/28/2006 8.0.0.0) (HKLM\...\4C806F98217A7FD4E853F458FF399F052625F21C) (Version: 12/28/2006 8.0.0.0 - Hewlett-Packard)
Balíček ovladače systému Windows - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Bullzip PDF Printer 10.12.0.2361 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.12.0.2361 - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Combined Community Codec Pack 2011-07-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{FE5ED0AC-BCC8-482A-8B08-AA11D5F00152}) (Version: 2.40.0002 - SEIKO EPSON CORPORATION)
EPSON Perfection V33/V330 Manuál (HKLM-x32\...\EPSON Perfection V33_V330 Manual) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Ext2 IFS 1.12 for Windows 7/Server 2008 R2 (HKLM\...\Ext2Ifs_for_NT601) (Version:  - )
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.19.8 - Androxyde)
FreeFileSync 8.0 (HKLM-x32\...\FreeFileSync_is1) (Version: 8.0 - www.FreeFileSync.org)
Gaming Mouse (HKLM-x32\...\KYE) (Version: 8.01.00 - KYE Systems Corp.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Git version 2.6.4 (HKLM\...\Git_is1) (Version: 2.6.4 - The Git Development Community)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® SDK for OpenCL™ Applications 2015 for Windows* (HKLM\...\{646CF4A9-51D2-4F38-B2C6-E7B2E3BD496E}) (Version: 5.3.0.713 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JetAudio 8.0.1.110 Plus XCV Edition (HKLM-x32\...\JetAudio) (Version: 8.0.1.110 Plus - )
jetAudio Plus VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
LG CyberLink LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3109 - CyberLink Corp.) Hidden
LG CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3109 - CyberLink Corp.)
LG CyberLink Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.4009 - CyberLink Corp.) Hidden
LG CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.4009 - CyberLink Corp.)
LG CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.5529 - CyberLink Corp.)
LG CyberLink YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304a - CyberLink Corp.) Hidden
LG CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3304a - CyberLink Corp.)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 9.01.1124.01 - )
LG Power Tools (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3316 - CyberLink Corp.) Hidden
LG Power Tools (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3316 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
Luminance HDR 2.4.0 (HKLM-x32\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version:  - Luminance HDR Dev Team)
Malwarebytes verze 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (čeština) (HKLM-x32\...\{E249803A-BD5B-4FDC-A630-976C2971F5B4}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (čeština) (HKLM-x32\...\{25C7677B-0398-46A3-A0EE-7B393D20FA30}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Modul pro žadatele (HKLM-x32\...\{61729396-388E-4F09-A7E9-87C0EBC85A05}) (Version: 1.0.7 - MZe)
Mozilla Firefox 64.0 (x64 cs) (HKLM\...\Mozilla Firefox 64.0 (x64 cs)) (Version: 64.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 64.0.0.6914 - Mozilla)
Mp3tag v2.89a (HKLM-x32\...\Mp3tag) (Version: 2.89a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{D18925CE-5AF9-4394-8EF7-1081FFE7E98B}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Raw Codec (HKLM\...\{0136EF84-8660-4FE0-A9E5-F052F6230085}) (Version: 1.3.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 3 (HKLM-x32\...\{BC12793B-1F89-4950-BB6C-63467B76B2D9}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
PostSignumToolPlus (HKLM-x32\...\PostSignumToolPlus) (Version: 2.2.1.0 - Česká pošta s.p.)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
QIP 2012 4.0.6715 (HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\QIP 2012) (Version: 4.0.6715 - )
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Roslyn Language Services - x86 (HKLM-x32\...\{7E0DDE7A-9EC6-3672-AC92-08DA2C292DB7}) (Version: 14.0.24723 - Microsoft Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Secure Download Manager (HKLM-x32\...\{7682DFED-23C6-44C9-B9FD-109E0B630277}) (Version: 3.1.10 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.0.13880 - TeamViewer)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version:  - )
TortoiseGit 1.8.16.0 (64 bit) (HKLM\...\{A329FEBC-4132-4B07-8085-88E03A8C0C9B}) (Version: 1.8.16.0 - TortoiseGit)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ContextMenuHandlers1-x32: [AIMPClassic] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP2\System\aimp_shell.dll [2009-03-06] (AIMP DevTeam)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-07-12] (Florian Heidenreich)
ContextMenuHandlers1-x32: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2015-11-01] (hxxps://tortoisegit.org/)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-28] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-07-12] (Florian Heidenreich)
ContextMenuHandlers2: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2015-11-01] (hxxps://tortoisegit.org/)
ContextMenuHandlers3: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => K:\JetAudio\install\JetFlExt64.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4-x32: [AIMPClassic] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP2\System\aimp_shell.dll [2009-03-06] (AIMP DevTeam)
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4-x32: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2018-07-12] (Florian Heidenreich)
ContextMenuHandlers4-x32: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)
ContextMenuHandlers4-x32: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2015-11-01] (hxxps://tortoisegit.org/)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-28] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-29] (Intel Corporation)
ContextMenuHandlers5: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2015-11-01] (hxxps://tortoisegit.org/)
ContextMenuHandlers6: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => K:\JetAudio\install\JetFlExt64.dll -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)
ContextMenuHandlers6: [TortoiseGit] -> {10A0FDD2-B0C0-4CD4-A7AE-E594CE3B91C8} => C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll [2015-11-01] (hxxps://tortoisegit.org/)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-05-28] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1064FD5A-A433-4636-9C1F-D8F3E49A9A1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {18EFA45B-788D-4190-9AEE-6353BA3F3CAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4F70CC90-2254-4644-BC57-42C918F070BF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {5F5EDCDA-CB06-4908-8DE2-AF2C6978A47B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {60D9EB5B-3B0B-47B9-8859-6FC165F3B79C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {69AE4259-2B91-4732-AF10-8CEE38619511} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {89556DB1-948B-49AF-9A49-42A95BFE52FD} - System32\Tasks\{2F5BF6EE-F33C-423C-B09F-5967563D1162} => C:\Windows\system32\pcalua.exe -a C:\Users\Semerak\Downloads\irfanview_plugins_430_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C669E260-17B3-4853-8577-339E2522CC39} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {C7CDFFBF-F784-4BB7-9404-736CD389B8B1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D249D029-BEC8-48C7-A99F-BF52E38EF642} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D6E568D3-945D-4B19-867A-62037BB1AFC4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {EE442941-F0E4-4889-8E4B-F75E7FDB2E9E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F4FE51B1-55F6-4E55-B364-C99377A6DABB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F5585C7C-7C9B-4423-A8A0-FC41A36A2016} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-01] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-13 06:57 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-12-13 06:57 - 2018-11-21 11:07 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-11-01 21:45 - 2015-11-01 21:45 - 000934328 _____ () C:\Program Files\TortoiseGit\bin\libgit2_tgit.dll
2015-11-01 21:46 - 2015-11-01 21:46 - 000087480 _____ () C:\Program Files\TortoiseGit\bin\zlib1_tgit.dll
2011-08-31 18:13 - 2011-08-31 18:13 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-11-01 21:43 - 2015-11-01 21:43 - 000694720 _____ () C:\Program Files\TortoiseGit\bin\libgit232_tgit.dll
2015-11-01 21:43 - 2015-11-01 21:43 - 000076728 _____ () C:\Program Files\TortoiseGit\bin\zlib132_tgit.dll
2018-11-20 02:11 - 2018-11-20 02:11 - 004310088 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-11 02:42 - 2015-11-11 02:42 - 001045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\49039186.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\49039186.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\mojebanka.cz -> hxxps://etrading.mojebanka.cz
IE trusted site: HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\postsignum.cz -> hxxps://www.postsignum.cz

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-13 22:05 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3730243165-907656754-2530024790-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APC Data Service => 2
MSCONFIG\Services: APC UPS Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: OKI OPHD DCS Loader => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: uvnc_service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk => C:\Windows\pss\APC UPS Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Semerak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lightshot.lnk => C:\Windows\pss\Lightshot.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Semerak^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk => C:\Windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk.Startup
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: Display => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: Infium => "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Lightshot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
MSCONFIG\startupreg: mouseElf => C:\PROGRA~2\GAMING~1\MouseElf.EXE
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: OV3_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{883CF05C-3E93-4F1E-9DAE-762E93A8D252}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{0A4672D2-E35B-44E4-8EDC-19C57F723EA9}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{6DAE39AD-034B-420C-813F-BF863992E08B}C:\program files (x86)\qip 2012\qip.exe] => (Allow) C:\program files (x86)\qip 2012\qip.exe
FirewallRules: [UDP Query User{BAD0A031-C62F-4994-85BF-5A404658293C}C:\program files (x86)\qip 2012\qip.exe] => (Allow) C:\program files (x86)\qip 2012\qip.exe
FirewallRules: [TCP Query User{5F65C521-73BB-467D-BB12-34898D54F96E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{1C579A4B-B4A2-47D8-8F0D-F7FEC7DC770D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{BC812D18-D5D6-40D0-A0E1-CFA096FC7FAC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C54D8FBC-C2F5-4F39-B3F0-069B4954723C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{3D4A6AB6-C28C-4610-91E2-A3ED180D68EB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{55DAFA08-8FB1-4304-8DD0-FA1B490A6C0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{81CE29B8-0A7C-494F-A6DD-0FA8993B207E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B174085B-6EDD-4EC9-8F11-42A1D748BFE2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E11DCADE-3135-4542-AA6F-D929E28A1F15}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A7E6BC29-D401-4C8E-AFAE-6C0A543329E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{05904F70-F28A-4212-8157-E76D993D89DB}C:\program files (x86)\intel\opencl sdk\5.3\bin\x86\kbserver_ivb32.exe] => (Allow) C:\program files (x86)\intel\opencl sdk\5.3\bin\x86\kbserver_ivb32.exe
FirewallRules: [UDP Query User{B64064EC-CDB4-4652-A1F1-C0FF396F5F3B}C:\program files (x86)\intel\opencl sdk\5.3\bin\x86\kbserver_ivb32.exe] => (Allow) C:\program files (x86)\intel\opencl sdk\5.3\bin\x86\kbserver_ivb32.exe
FirewallRules: [{9F24033D-8DA8-4573-8C00-AC2E93338C70}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5FDE2B0C-B389-45E5-B35E-43210EEC2C53}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A434CF7D-D013-49C7-A81D-A5FE0BD603D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{60920969-A4CB-4C92-BF34-A7856E38F03E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A5055193-12BB-4DB6-B65E-1C9C9FE4623E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

12-12-2018 03:00:16 Windows Update
13-12-2018 03:00:23 Windows Update
16-12-2018 10:10:25 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/15/2018 05:36:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/13/2018 03:37:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/11/2018 10:07:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/10/2018 11:34:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: 186547.exe, verze: 4.9.8.0, časové razítko: 0x578d1c7d
Název chybujícího modulu: 186547.exe, verze: 4.9.8.0, časové razítko: 0x578d1c7d
Kód výjimky: 0xc0000005
Posun chyby: 0x00055bc7
ID chybujícího procesu: 0xea4
Čas spuštění chybující aplikace: 0x01d490d87f8e28a3
Cesta k chybující aplikaci: C:\Users\Semerak\AppData\Local\Temp\186547.exe
Cesta k chybujícímu modulu: C:\Users\Semerak\AppData\Local\Temp\186547.exe
ID zprávy: be80d008-fccb-11e8-ba4d-f46d047b04f6

Error: (12/10/2018 09:03:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/15/2018 04:38:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/14/2018 05:13:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/08/2018 07:59:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (12/15/2018 05:15:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro DeleteFlag s touto chybou: 
Byl překročen maximální počet tajných údajů, které lze uložit v jednom systému.

Error: (12/15/2018 05:15:28 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro DeleteFlag s touto chybou: 
Byl překročen maximální počet tajných údajů, které lze uložit v jednom systému.

Error: (12/15/2018 05:15:28 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro DeleteFlag s touto chybou: 
Byl překročen maximální počet tajných údajů, které lze uložit v jednom systému.

Error: (12/15/2018 05:15:28 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro DeleteFlag s touto chybou: 
Byl překročen maximální počet tajných údajů, které lze uložit v jednom systému.

Error: (12/15/2018 05:15:27 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro DeleteFlag s touto chybou: 
Byl překročen maximální počet tajných údajů, které lze uložit v jednom systému.

Error: (12/15/2018 05:15:26 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: Nelze spustit DCOM Server: {995C996E-D918-4A8C-A302-45719A6F4EA7} jako /. Došlo k chybě: 
%%5 = Přístup byl odepřen.
při provádění příkazu: 
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding

Error: (12/15/2018 05:15:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Funkčnost aplikací byla ukončena s následující chybou: 
Přístup byl odepřen.

Error: (12/15/2018 05:15:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Funkčnost aplikací byla ukončena s následující chybou: 
Přístup byl odepřen.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 70%
Total physical RAM: 8103.21 MB
Available physical RAM: 2372.74 MB
Total Virtual: 16204.57 MB
Available Virtual: 10634.49 MB

==================== Drives ================================

Drive c: (Systémový a pracovní disk) (Fixed) (Total:300 GB) (Free:167.24 GB) NTFS
Drive d: (Data) (Fixed) (Total:631.41 GB) (Free:538.74 GB) NTFS

\\?\Volume{2ac4f1bb-fd8e-11e0-8b78-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C099E35C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=300 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=631.4 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================

FRST.txt

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
Ran by Semerak (administrator) on PRACOVNA2 (17-12-2018 08:22:02)
Running from C:\Users\Semerak\Downloads
Loaded Profiles: Semerak (Available Profiles: Semerak)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1517520 2011-10-24] (TrueCrypt Foundation)
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\MountPoints2: {6e3d0097-0dd5-11e1-ab27-f46d047b04f6} - K:\unlock.exe autoplay=true
Startup: C:\Users\Semerak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan – zástupce.lnk [2011-11-13]
ShortcutTarget: speedfan – zástupce.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{366927BE-BAB2-494B-86DD-2754BB1D4DDA}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-28] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-28] (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxp://195.28.70.134/kapor2/lib/mgaxctrl.cab

FireFox:
========
FF ProfilePath: C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default [2018-12-17]
FF Homepage: Mozilla\Firefox\Profiles\r1pxg21r.default -> hxxp://www.novinky.cz/
FF NetworkProxy: Mozilla\Firefox\Profiles\r1pxg21r.default -> no_proxies_on", "localhost,127.0.0.1"
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-05-12] [Legacy]
FF Extension: (Classic Theme Restorer) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2017-11-15] [Legacy]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\elemhidehelper@adblockplus.org.xpi [2017-04-12] [Legacy]
FF Extension: (Expire History By Days) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\expire-history-by-days@bonardo.net.xpi [2017-06-21]
FF Extension: (Tab Utilities) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\tabutils@ithinc.cn.xpi [2016-04-27] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-02]
FF Extension: (Vývojové sestavení Adblock Plus) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-03]
FF Extension: (Greasemonkey) - C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-08-29]
FF SearchPlugin: C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\searchplugins\bazocz.xml [2015-10-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-07-01] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-07-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
S4 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 OKI OPHD DCS Loader; C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE [20480 2011-10-23] (Oki Data Corporation) [File not signed]
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11786992 2018-11-14] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-11-12] (DT Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes)
R1 Ext2fs; C:\Windows\System32\DRIVERS\ext2fs.sys [364080 2015-12-26] (Stephan Schreiber)
R0 IfsMount; C:\Windows\System32\DRIVERS\ifsmount.sys [77360 2015-12-23] (Stephan Schreiber)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2018-12-13] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [126624 2018-12-15] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [72536 2018-12-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2018-12-15] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [103760 2018-12-17] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-16 05:02 - 2018-12-16 05:02 - 000000165 ____H C:\Users\Semerak\Desktop\~$Účty 2000+.xlsx
2018-12-15 17:36 - 2018-12-15 17:36 - 000126624 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-12-15 17:36 - 2018-12-15 17:36 - 000072536 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-12-15 17:35 - 2018-12-17 06:47 - 000103760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-12-15 17:35 - 2018-12-15 17:35 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-15 13:21 - 2018-12-15 15:52 - 000000000 ____D C:\KVRT_Data
2018-12-15 13:21 - 2018-12-15 13:21 - 157649192 _____ (AO Kaspersky Lab) C:\Users\Semerak\Downloads\KVRT.exe
2018-12-13 07:07 - 2018-12-13 10:14 - 000002756 _____ C:\Users\Semerak\Desktop\mbam.txt
2018-12-13 06:58 - 2018-12-13 06:58 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-12-13 06:58 - 2018-12-13 06:58 - 000000000 ____D C:\Users\Semerak\AppData\Local\mbamtray
2018-12-13 06:58 - 2018-12-13 06:58 - 000000000 ____D C:\Users\Semerak\AppData\Local\mbam
2018-12-13 06:57 - 2018-12-13 06:57 - 000001892 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-12-13 06:57 - 2018-12-13 06:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-12-13 06:57 - 2018-12-13 06:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-12-13 06:57 - 2018-12-13 06:57 - 000000000 ____D C:\Program Files\Malwarebytes
2018-12-13 06:57 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-12-13 06:54 - 2018-12-13 06:56 - 081227760 _____ (Malwarebytes ) C:\Users\Semerak\Desktop\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2018-12-12 12:23 - 2018-12-06 03:39 - 003227648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-12-12 12:23 - 2018-11-28 23:02 - 014635520 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-12-12 12:23 - 2018-11-28 23:02 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2018-12-12 12:23 - 2018-11-28 23:02 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2018-12-12 12:23 - 2018-11-28 23:02 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2018-12-12 12:23 - 2018-11-28 22:50 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-12-12 12:23 - 2018-11-28 22:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2018-12-12 12:23 - 2018-11-28 22:38 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2018-12-12 12:23 - 2018-11-15 20:46 - 000397088 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-12-12 12:23 - 2018-11-15 19:55 - 000348976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-12-12 12:23 - 2018-11-15 04:00 - 025735680 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-12-12 12:23 - 2018-11-15 03:34 - 020281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-12-12 12:23 - 2018-11-15 02:51 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-12-12 12:23 - 2018-11-15 02:50 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-12-12 12:23 - 2018-11-13 05:42 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-12-12 12:23 - 2018-11-13 05:35 - 005778944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-12-12 12:23 - 2018-11-13 05:28 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-12-12 12:23 - 2018-11-13 05:21 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-12-12 12:23 - 2018-11-13 05:04 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-12-12 12:23 - 2018-11-13 04:52 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-12-12 12:23 - 2018-11-13 04:51 - 015284736 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-12-12 12:23 - 2018-11-13 04:50 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-12-12 12:23 - 2018-11-13 04:42 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-12-12 12:23 - 2018-11-13 04:38 - 013681152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-12-12 12:23 - 2018-11-13 04:38 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-12-12 12:23 - 2018-11-13 04:36 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-12-12 12:23 - 2018-11-13 04:27 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-12-12 12:23 - 2018-11-13 04:18 - 004386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-12-12 12:23 - 2018-11-13 04:15 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-12-12 12:23 - 2018-11-11 18:19 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-12-12 12:23 - 2018-11-11 18:02 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-12-12 12:23 - 2018-11-11 18:01 - 005551848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-12-12 12:23 - 2018-11-11 18:01 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-12-12 12:23 - 2018-11-11 18:01 - 000366824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-12-12 12:23 - 2018-11-11 18:01 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-12-12 12:23 - 2018-11-11 18:01 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-12-12 12:23 - 2018-11-11 18:00 - 001664360 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-12-12 12:23 - 2018-11-11 17:58 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-12-12 12:23 - 2018-11-11 17:58 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2018-12-12 12:23 - 2018-11-11 17:57 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-12-12 12:23 - 2018-11-11 17:49 - 004054760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-12-12 12:23 - 2018-11-11 17:49 - 003960040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-12-12 12:23 - 2018-11-11 17:47 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-12-12 12:23 - 2018-11-11 17:45 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-12-12 12:23 - 2018-11-11 17:45 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2018-12-12 12:23 - 2018-11-11 17:44 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-12-12 12:23 - 2018-11-11 17:16 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-12-12 12:23 - 2018-11-11 17:16 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-12-12 12:23 - 2018-11-08 17:58 - 002009600 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-12-12 12:23 - 2018-11-08 17:58 - 001889280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-12-12 12:23 - 2018-11-08 17:43 - 001391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-12-12 12:23 - 2018-11-08 17:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-12-12 12:23 - 2018-10-06 17:03 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-12-12 12:23 - 2018-10-06 16:59 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-12-12 12:23 - 2018-10-06 16:50 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-12-12 12:23 - 2018-10-06 16:44 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-12-12 12:22 - 2018-11-28 23:02 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2018-12-12 12:22 - 2018-11-28 22:50 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2018-12-12 12:22 - 2018-11-28 22:38 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2018-12-12 12:22 - 2018-11-13 05:54 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-12-12 12:22 - 2018-11-13 05:54 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-12-12 12:22 - 2018-11-13 05:41 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-12-12 12:22 - 2018-11-13 05:40 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-12-12 12:22 - 2018-11-13 05:40 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-12-12 12:22 - 2018-11-13 05:39 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-12-12 12:22 - 2018-11-13 05:33 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-12-12 12:22 - 2018-11-13 05:32 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-12-12 12:22 - 2018-11-13 05:30 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-12-12 12:22 - 2018-11-13 05:28 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-12-12 12:22 - 2018-11-13 05:28 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-12-12 12:22 - 2018-11-13 05:28 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-12-12 12:22 - 2018-11-13 05:26 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-12-12 12:22 - 2018-11-13 05:18 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-12-12 12:22 - 2018-11-13 05:13 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-12-12 12:22 - 2018-11-13 05:13 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-12-12 12:22 - 2018-11-13 05:13 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-12-12 12:22 - 2018-11-13 05:12 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-12-12 12:22 - 2018-11-13 05:11 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-12-12 12:22 - 2018-11-13 05:11 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-12-12 12:22 - 2018-11-13 05:10 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-12-12 12:22 - 2018-11-13 05:10 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-12-12 12:22 - 2018-11-13 05:07 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-12-12 12:22 - 2018-11-13 05:07 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-12-12 12:22 - 2018-11-13 05:06 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-12-12 12:22 - 2018-11-13 05:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-12-12 12:22 - 2018-11-13 05:05 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-12-12 12:22 - 2018-11-13 05:05 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-12-12 12:22 - 2018-11-13 05:03 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-12-12 12:22 - 2018-11-13 05:03 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-12-12 12:22 - 2018-11-13 05:03 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-12-12 12:22 - 2018-11-13 04:55 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-12-12 12:22 - 2018-11-13 04:53 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-12-12 12:22 - 2018-11-13 04:51 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-12-12 12:22 - 2018-11-13 04:51 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-12-12 12:22 - 2018-11-13 04:50 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-12-12 12:22 - 2018-11-13 04:50 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-12-12 12:22 - 2018-11-13 04:49 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-12-12 12:22 - 2018-11-13 04:47 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-12-12 12:22 - 2018-11-13 04:47 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-12-12 12:22 - 2018-11-13 04:46 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-12-12 12:22 - 2018-11-13 04:44 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-12-12 12:22 - 2018-11-13 04:39 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-12-12 12:22 - 2018-11-13 04:37 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-12-12 12:22 - 2018-11-13 04:37 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-12-12 12:22 - 2018-11-13 04:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-12-12 12:22 - 2018-11-13 04:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-12-12 12:22 - 2018-11-11 17:58 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:45 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-12-12 12:22 - 2018-11-11 17:45 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-12-12 12:22 - 2018-11-11 17:45 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-12-12 12:22 - 2018-11-11 17:45 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-12-12 12:22 - 2018-11-11 17:45 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-12-12 12:22 - 2018-11-11 17:45 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-12-12 12:22 - 2018-11-11 17:45 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-12-12 12:22 - 2018-11-11 17:45 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-12-12 12:22 - 2018-11-11 17:45 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-12-12 12:22 - 2018-11-11 17:45 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-12-12 12:22 - 2018-11-11 17:45 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-12-12 12:22 - 2018-11-11 17:45 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-12-12 12:22 - 2018-11-11 17:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-12-12 12:22 - 2018-11-11 17:45 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-12-12 12:22 - 2018-11-11 17:45 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-12-12 12:22 - 2018-11-11 17:45 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:44 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:25 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-12-12 12:22 - 2018-11-11 17:25 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-12-12 12:22 - 2018-11-11 17:25 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-12-12 12:22 - 2018-11-11 17:24 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-12-12 12:22 - 2018-11-11 17:20 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-12-12 12:22 - 2018-11-11 17:20 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-12-12 12:22 - 2018-11-11 17:19 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-12-12 12:22 - 2018-11-11 17:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-12-12 12:22 - 2018-11-11 17:16 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-12-12 12:22 - 2018-11-11 17:15 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-12-12 12:22 - 2018-11-11 17:15 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-12-12 12:22 - 2018-11-11 17:15 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-12-12 12:22 - 2018-11-11 17:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-12-12 12:22 - 2018-11-11 17:15 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-12-12 12:22 - 2018-11-11 17:15 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-12-12 12:22 - 2018-11-11 17:15 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-12-12 12:22 - 2018-11-11 17:15 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-12-12 12:22 - 2018-11-11 17:15 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-12-12 12:22 - 2018-11-11 17:15 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-12-12 12:22 - 2018-11-11 17:14 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-12-12 12:22 - 2018-11-11 17:13 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:13 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:13 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-12-12 12:22 - 2018-11-11 17:13 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-12-12 12:22 - 2018-11-08 17:58 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-12-12 12:22 - 2018-11-08 17:58 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2018-12-12 12:22 - 2018-11-08 17:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-12-12 12:22 - 2018-11-08 17:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2018-12-12 12:22 - 2018-11-06 05:36 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-12-12 12:22 - 2018-11-06 05:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-12-12 12:22 - 2018-10-06 16:59 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-12-12 12:22 - 2018-10-06 16:58 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-12-12 12:22 - 2018-10-06 16:58 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-12-12 12:22 - 2018-10-06 16:58 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-12-12 12:22 - 2018-10-06 16:44 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-12-12 12:22 - 2018-10-06 16:43 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-12-12 12:22 - 2018-10-06 16:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-12-12 12:22 - 2018-10-06 16:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-12-11 21:56 - 2018-12-11 21:56 - 000000000 ____D C:\_OTM
2018-12-11 21:55 - 2018-12-11 21:55 - 000522240 _____ (OldTimer Tools) C:\Users\Semerak\Desktop\OTM.exe
2018-12-11 17:46 - 2018-12-11 17:46 - 000000000 ____D C:\Users\Semerak\AppData\Local\TeamViewer
2018-12-11 17:40 - 2018-12-15 17:35 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-12-11 17:40 - 2018-12-11 17:40 - 000001068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2018-12-11 17:40 - 2018-12-11 17:40 - 000001056 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2018-12-11 17:40 - 2018-12-11 17:40 - 000000000 ____D C:\Users\Semerak\AppData\Roaming\TeamViewer
2018-12-11 17:39 - 2018-12-11 17:39 - 022542680 _____ (TeamViewer GmbH) C:\Users\Semerak\Desktop\TeamViewer_Setup.exe
2018-12-11 17:33 - 2018-12-11 17:33 - 000010884 _____ C:\Users\Semerak\Desktop\log.rar
2018-12-11 12:22 - 2018-12-14 18:01 - 000000000 ____D C:\Program Files\trend micro
2018-12-11 12:20 - 2018-12-11 12:20 - 001222144 _____ C:\Users\Semerak\Desktop\RSITx64.exe
2018-12-10 20:58 - 2018-12-10 21:00 - 000000000 ____D C:\AdwCleaner
2018-12-10 07:47 - 2018-12-10 07:47 - 000038560 _____ C:\Users\Semerak\Desktop\debug.zip
2018-12-10 07:37 - 2018-12-10 07:42 - 000019876 _____ C:\Users\Semerak\Desktop\FRST.zip
2018-12-10 07:35 - 2018-12-10 07:41 - 000041209 _____ C:\Users\Semerak\Downloads\Addition.txt
2018-12-10 07:35 - 2018-12-10 07:35 - 000018380 _____ C:\Users\Semerak\Desktop\rsit.zip
2018-12-10 07:31 - 2018-12-17 08:22 - 000012399 _____ C:\Users\Semerak\Downloads\FRST.txt
2018-12-10 07:30 - 2018-12-17 08:22 - 000000000 ____D C:\FRST
2018-12-10 07:30 - 2018-12-10 07:30 - 002417152 _____ (Farbar) C:\Users\Semerak\Downloads\FRST64.exe
2018-12-10 07:29 - 2018-12-10 07:29 - 001776640 _____ (Farbar) C:\Users\Semerak\Downloads\FRST.exe
2018-12-10 07:28 - 2018-12-11 12:22 - 000000000 ____D C:\rsit
2018-12-10 07:28 - 2018-12-10 07:28 - 000000000 ____D C:\Program Files (x86)\trend micro
2018-12-10 07:27 - 2018-12-10 07:27 - 001107968 _____ C:\Users\Semerak\Downloads\RSIT.exe
2018-12-10 07:24 - 2018-12-10 07:24 - 000000111 _____ C:\Users\Semerak\Desktop\ff_sync.rar
2018-12-10 07:16 - 2018-12-10 07:16 - 000000016 _____ C:\Users\Semerak\Desktop\ff_sync
2018-12-10 07:11 - 2018-12-10 07:11 - 006939092 _____ C:\Users\Semerak\Documents\Faktury sro 2018.rar
2018-12-10 06:44 - 2018-12-17 05:41 - 002545951 _____ C:\Users\Semerak\Desktop\Účty 2000+.xlsx
2018-12-08 08:45 - 2018-12-08 08:45 - 000000000 ____D C:\Users\Semerak\Desktop\fotky prodej stromků
2018-11-28 19:01 - 2018-11-28 19:01 - 000249310 _____ C:\Users\Semerak\Desktop\ukončení mfdnes_.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-17 08:11 - 2011-11-13 12:40 - 000000000 ____D C:\Users\Semerak\Documents\Soubory aplikace Outlook
2018-12-17 03:38 - 2009-07-14 05:45 - 000029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-12-17 03:38 - 2009-07-14 05:45 - 000029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-12-16 20:10 - 2011-11-13 13:02 - 000000000 ____D C:\Users\Semerak\Documents\Vánoční stromky
2018-12-16 02:23 - 2016-11-19 17:52 - 000000000 ____D C:\Users\Semerak\AppData\LocalLow\Mozilla
2018-12-16 02:23 - 2016-11-18 07:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-12-16 02:23 - 2012-05-02 13:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-15 17:35 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-15 17:15 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-12-15 15:52 - 2011-11-13 13:01 - 000000000 ____D C:\Users\Semerak\Documents\Jirka
2018-12-15 13:15 - 2011-11-13 10:05 - 000000000 ____D C:\Users\Semerak\Downloads\Installed PRACOVNA2
2018-12-13 06:44 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2018-12-13 03:43 - 2011-04-12 09:34 - 000672136 _____ C:\Windows\system32\perfh005.dat
2018-12-13 03:43 - 2011-04-12 09:34 - 000142732 _____ C:\Windows\system32\perfc005.dat
2018-12-13 03:43 - 2009-07-14 06:13 - 001593214 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-13 03:36 - 2009-07-14 05:45 - 000343672 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-13 03:07 - 2011-11-12 23:18 - 001567928 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-12-13 03:05 - 2013-08-05 02:03 - 000000000 ____D C:\Windows\system32\MRT
2018-12-13 03:04 - 2011-11-01 19:33 - 137260640 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-13 03:03 - 2009-07-14 03:34 - 000000490 _____ C:\Windows\win.ini
2018-12-12 22:50 - 2015-04-26 08:48 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-12-11 22:07 - 2017-05-30 18:28 - 000000000 ____D C:\Users\Semerak\AppData\Roaming\Skype
2018-12-11 22:07 - 2011-10-23 12:18 - 000086464 _____ C:\Users\Semerak\AppData\Local\GDIPFONTCACHEV1.DAT
2018-12-10 23:04 - 2010-11-21 04:27 - 000592616 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-12-10 18:27 - 2011-10-23 17:49 - 000000000 ____D C:\Users\Semerak
2018-12-10 18:19 - 2016-04-15 15:59 - 000004973 _____ C:\Users\Semerak\Documents\zaloha.ffs_gui
2018-11-25 17:48 - 2018-03-24 08:05 - 000000000 ____D C:\Users\Semerak\Documents\Faktury sro 2018
2018-11-25 17:30 - 2011-11-13 13:00 - 000000000 ____D C:\Users\Semerak\Documents\Faktury sro 2006
2018-11-21 06:28 - 2011-11-13 13:02 - 000000000 ____D C:\Users\Semerak\Documents\vzory

==================== Files in the root of some directories =======

2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\en_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\es_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000021880 _____ (Schneider Electric) C:\Users\Semerak\fr_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000021880 _____ (Schneider Electric) C:\Users\Semerak\grm_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\it_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000020344 _____ (Schneider Electric) C:\Users\Semerak\jp_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 001079808 _____ (Microsoft Corporation) C:\Users\Semerak\mfc80u.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000626688 _____ (Microsoft Corporation) C:\Users\Semerak\msvcr80.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 013923704 _____ (Schneider Electric) C:\Users\Semerak\PCPE Setup.exe
2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\pt_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000018808 _____ () C:\Users\Semerak\ResourceReader.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000020856 _____ (Schneider Electric) C:\Users\Semerak\ru_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000019832 _____ (Schneider Electric) C:\Users\Semerak\zh_res.dll
2011-11-17 16:38 - 2017-06-26 14:06 - 000033792 _____ () C:\Users\Semerak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-25 18:10 - 2016-12-25 19:32 - 000000600 _____ () C:\Users\Semerak\AppData\Local\PUTTY.RND
2017-05-20 09:42 - 2017-05-20 09:42 - 000000848 _____ () C:\Users\Semerak\AppData\Local\recently-used.xbel
2012-08-17 15:21 - 2014-07-10 20:11 - 000007611 _____ () C:\Users\Semerak\AppData\Local\resmon.resmoncfg
2013-02-01 09:58 - 2013-02-01 09:58 - 000000003 _____ () C:\Users\Semerak\AppData\Local\updater.log
2013-02-01 09:58 - 2014-12-17 13:19 - 000000425 _____ () C:\Users\Semerak\AppData\Local\UserProducts.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-14 00:20

==================== End of FRST.txt ============================

#24 Příspěvek od **Conder** » 17 pro 2018 15:29

Vyzera to OK, len docistime este zbytocnosti z FRST logov

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\adblockpopups@jessehakanen.net.xpi
File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
File: C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
File: C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\MountPoints2: {6e3d0097-0dd5-11e1-ab27-f46d047b04f6} - K:\unlock.exe autoplay=true
FF NetworkProxy: Mozilla\Firefox\Profiles\r1pxg21r.default -> no_proxies_on", "localhost,127.0.0.1"
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
ContextMenuHandlers3: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => K:\JetAudio\install\JetFlExt64.dll -> No File
ContextMenuHandlers6: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => K:\JetAudio\install\JetFlExt64.dll -> No File
Task: {5F5EDCDA-CB06-4908-8DE2-AF2C6978A47B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {60D9EB5B-3B0B-47B9-8859-6FC165F3B79C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {69AE4259-2B91-4732-AF10-8CEE38619511} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {89556DB1-948B-49AF-9A49-42A95BFE52FD} - System32\Tasks\{2F5BF6EE-F33C-423C-B09F-5967563D1162} => C:\Windows\system32\pcalua.exe -a C:\Users\Semerak\Downloads\irfanview_plugins_430_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C7CDFFBF-F784-4BB7-9404-736CD389B8B1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D249D029-BEC8-48C7-A99F-BF52E38EF642} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {EE442941-F0E4-4889-8E4B-F75E7FDB2E9E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F4FE51B1-55F6-4E55-B364-C99377A6DABB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
MSCONFIG\startupreg: Infium => "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun

2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\en_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\es_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000021880 _____ (Schneider Electric) C:\Users\Semerak\fr_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000021880 _____ (Schneider Electric) C:\Users\Semerak\grm_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\it_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000020344 _____ (Schneider Electric) C:\Users\Semerak\jp_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 001079808 _____ (Microsoft Corporation) C:\Users\Semerak\mfc80u.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000626688 _____ (Microsoft Corporation) C:\Users\Semerak\msvcr80.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 013923704 _____ (Schneider Electric) C:\Users\Semerak\PCPE Setup.exe
2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\pt_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000018808 _____ () C:\Users\Semerak\ResourceReader.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000020856 _____ (Schneider Electric) C:\Users\Semerak\ru_res.dll
2015-09-27 12:22 - 2015-09-27 12:22 - 000019832 _____ (Schneider Electric) C:\Users\Semerak\zh_res.dll

Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Fjup · #25 Příspěvek od **Fjup** » 18 pro 2018 13:42

Tu je

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.12.2018

Ran by Semerak (17-12-2018 19:14:08) Run:1

Running from C:\Users\Semerak\Downloads

Loaded Profiles: Semerak (Available Profiles: Semerak)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

Start

CloseProcesses:

CreateRestorePoint:

 

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum

File: C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\adblockpopups@jessehakanen.net.xpi

File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

File: C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

File: C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE

 

HKLM-x32\...\Run: [] => [X]

HKU\S-1-5-21-3730243165-907656754-2530024790-1000\...\MountPoints2: {6e3d0097-0dd5-11e1-ab27-f46d047b04f6} - K:\unlock.exe autoplay=true

FF NetworkProxy: Mozilla\Firefox\Profiles\r1pxg21r.default -> no_proxies_on", "localhost,127.0.0.1"

S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

ContextMenuHandlers3: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => K:\JetAudio\install\JetFlExt64.dll -> No File

ContextMenuHandlers6: [jetAudio] -> {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => K:\JetAudio\install\JetFlExt64.dll -> No File

Task: {5F5EDCDA-CB06-4908-8DE2-AF2C6978A47B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION

Task: {60D9EB5B-3B0B-47B9-8859-6FC165F3B79C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {69AE4259-2B91-4732-AF10-8CEE38619511} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {89556DB1-948B-49AF-9A49-42A95BFE52FD} - System32\Tasks\{2F5BF6EE-F33C-423C-B09F-5967563D1162} => C:\Windows\system32\pcalua.exe -a C:\Users\Semerak\Downloads\irfanview_plugins_430_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox"

Task: {C7CDFFBF-F784-4BB7-9404-736CD389B8B1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {D249D029-BEC8-48C7-A99F-BF52E38EF642} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {EE442941-F0E4-4889-8E4B-F75E7FDB2E9E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {F4FE51B1-55F6-4E55-B364-C99377A6DABB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

MSCONFIG\startupreg: Infium => "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun

 

2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\en_res.dll

2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\es_res.dll

2015-09-27 12:22 - 2015-09-27 12:22 - 000021880 _____ (Schneider Electric) C:\Users\Semerak\fr_res.dll

2015-09-27 12:22 - 2015-09-27 12:22 - 000021880 _____ (Schneider Electric) C:\Users\Semerak\grm_res.dll

2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\it_res.dll

2015-09-27 12:22 - 2015-09-27 12:22 - 000020344 _____ (Schneider Electric) C:\Users\Semerak\jp_res.dll

2015-09-27 12:22 - 2015-09-27 12:22 - 001079808 _____ (Microsoft Corporation) C:\Users\Semerak\mfc80u.dll

2015-09-27 12:22 - 2015-09-27 12:22 - 000626688 _____ (Microsoft Corporation) C:\Users\Semerak\msvcr80.dll

2015-09-27 12:22 - 2015-09-27 12:22 - 013923704 _____ (Schneider Electric) C:\Users\Semerak\PCPE Setup.exe

2015-09-27 12:22 - 2015-09-27 12:22 - 000021368 _____ (Schneider Electric) C:\Users\Semerak\pt_res.dll

2015-09-27 12:22 - 2015-09-27 12:22 - 000018808 _____ () C:\Users\Semerak\ResourceReader.dll

2015-09-27 12:22 - 2015-09-27 12:22 - 000020856 _____ (Schneider Electric) C:\Users\Semerak\ru_res.dll

2015-09-27 12:22 - 2015-09-27 12:22 - 000019832 _____ (Schneider Electric) C:\Users\Semerak\zh_res.dll

 

Hosts:

EmptyTemp:

End

*****************

 

Processes closed successfully.

Restore point was successfully created.

 

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========

 

 

 

Count    : 496

Average  :

Sum      : 1285182530

Maximum  :

Minimum  :

Property : Length

 

 

========= End of Powershell: =========

 

 

========================= File: C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\adblockpopups@jessehakanen.net.xpi ========================

 

C:\Users\Semerak\AppData\Roaming\Mozilla\Firefox\Profiles\r1pxg21r.default\Extensions\adblockpopups@jessehakanen.net.xpi

File not signed

MD5: D6156E64F5A46071A17385162ABB36F6

Creation and modification date: 2015-01-16 15:49 - 2016-05-12 04:21

Size: 000151382

Attributes: ----A

Company Name:

Internal Name:

Original Name:

Product:

Description:

File Version:

Product Version:

Copyright:

VirusTotal: https://www.virustotal.com/file/5a8ac71e67c792334248b2cf7796637c53567bc390bea01ae69a52a6797ab6ff/analysis/1514950317/

 

====== End of File: ======

 

 

========================= File: C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe ========================

 

C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

File not signed

MD5: 1CF03C69B49ACB70C722DF92755C0C8C

Creation and modification date: 2005-04-04 00:41 - 2005-04-04 00:41

Size: 000069632

Attributes: ----A

Company Name: Macrovision Corporation

Internal Name: IDriverT

Original Name: IDriverT.exe

Product: InstallShield (R)

Description: IDriverT Module

File Version: 11.00.28844

Product Version: 11.00

Copyright: Copyright (C) 2005 Macrovision Corporation

VirusTotal: https://www.virustotal.com/file/c227850c133f29bb9ded91a26a22ae077fd69629cef35b67d305f016c4bdaa81/analysis/1544839772/

 

====== End of File: ======

 

 

========================= File: C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe ========================

 

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

File not signed

MD5: FCBDCC6F1801E32244235608E1277752

Creation and modification date: 2010-08-16 12:50 - 2010-08-16 12:50

Size: 000073728

Attributes: ----A

Company Name: Hewlett-Packard Company

Internal Name: LSSrvc.exe

Original Name: LSSrvc.exe

Product: LightScribe

Description: LightScribe Service

File Version: 1.18.18.1

Product Version:

Copyright: © Copyright 2003-2010 Hewlett-Packard Development Company, LP

VirusTotal: https://www.virustotal.com/file/8cc8e22e412645f4a534c51fb550ab22410ae90fa266d75498827eb922e8191e/analysis/1539821463/

 

====== End of File: ======

 

 

========================= File: C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE ========================

 

C:\Windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE

File not signed

MD5: 9F7F6036149A1333018545283B7FF09E

Creation and modification date: 2011-10-23 12:10 - 2011-10-23 12:10

Size: 000020480

Attributes: ----A

Company Name: Oki Data Corporation

Internal Name: OPHDLDCS

Original Name: OPHDLDCS.exe

Product: OKI OPHD DCS Loader

Description: OPHDLDCS

File Version: 1, 0, 4, 0

Product Version: 1, 0, 4, 0

Copyright: Copyright (C) 2005 Oki Data Corporation

VirusTotal: https://www.virustotal.com/file/2f6261b55a0ff9efeb3c258b2926fcab2d835eaada859886a441e2ee17fb0893/analysis/1450340004/

 

====== End of File: ======

 

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully

HKU\S-1-5-21-3730243165-907656754-2530024790-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e3d0097-0dd5-11e1-ab27-f46d047b04f6} => removed successfully

HKLM\Software\Classes\CLSID\{6e3d0097-0dd5-11e1-ab27-f46d047b04f6} => not found

Firefox Proxy settings were reset.

HKLM\System\CurrentControlSet\Services\lmimirr => removed successfully

lmimirr => service removed successfully

HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\jetAudio => removed successfully

HKLM\Software\Classes\CLSID\{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => removed successfully

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\jetAudio => removed successfully

HKLM\Software\Classes\CLSID\{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} => not found

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F5EDCDA-CB06-4908-8DE2-AF2C6978A47B}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5EDCDA-CB06-4908-8DE2-AF2C6978A47B}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-URT" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60D9EB5B-3B0B-47B9-8859-6FC165F3B79C}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60D9EB5B-3B0B-47B9-8859-6FC165F3B79C}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69AE4259-2B91-4732-AF10-8CEE38619511}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69AE4259-2B91-4732-AF10-8CEE38619511}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89556DB1-948B-49AF-9A49-42A95BFE52FD} => removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89556DB1-948B-49AF-9A49-42A95BFE52FD} => removed successfully

C:\Windows\System32\Tasks\{2F5BF6EE-F33C-423C-B09F-5967563D1162} => moved successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2F5BF6EE-F33C-423C-B09F-5967563D1162} => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7CDFFBF-F784-4BB7-9404-736CD389B8B1}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7CDFFBF-F784-4BB7-9404-736CD389B8B1}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D249D029-BEC8-48C7-A99F-BF52E38EF642}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D249D029-BEC8-48C7-A99F-BF52E38EF642}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EE442941-F0E4-4889-8E4B-F75E7FDB2E9E}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE442941-F0E4-4889-8E4B-F75E7FDB2E9E}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4FE51B1-55F6-4E55-B364-C99377A6DABB}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4FE51B1-55F6-4E55-B364-C99377A6DABB}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Infium => removed successfully

C:\Users\Semerak\en_res.dll => moved successfully

C:\Users\Semerak\es_res.dll => moved successfully

C:\Users\Semerak\fr_res.dll => moved successfully

C:\Users\Semerak\grm_res.dll => moved successfully

C:\Users\Semerak\it_res.dll => moved successfully

C:\Users\Semerak\jp_res.dll => moved successfully

C:\Users\Semerak\mfc80u.dll => moved successfully

C:\Users\Semerak\msvcr80.dll => moved successfully

C:\Users\Semerak\PCPE Setup.exe => moved successfully

C:\Users\Semerak\pt_res.dll => moved successfully

C:\Users\Semerak\ResourceReader.dll => moved successfully

C:\Users\Semerak\ru_res.dll => moved successfully

C:\Users\Semerak\zh_res.dll => moved successfully

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

 

=========== EmptyTemp: ==========

 

BITS transfer queue => 8388608 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 100559289 B

Java, Flash, Steam htmlcache => 0 B

Windows/system/drivers => 45774 B

Edge => 0 B

Chrome => 0 B

Firefox => 244048315 B

Opera => 0 B

 

Temp, IE cache, history, cookies, recent:

Users => 0 B

Default => 0 B

Public => 0 B

ProgramData => 0 B

systemprofile => 0 B

systemprofile32 => 0 B

LocalService => 0 B

NetworkService => 23385234 B

Semerak => 196980992 B

 

RecycleBin => 0 B

EmptyTemp: => 546.8 MB temporary data Removed.

 

================================

 

 

The system needed a reboot.

 

==== End of Fixlog 19:16:43 ====

#26 Příspěvek od **Conder** » 18 pro 2018 15:36

Plocha ma cca 1 GB. Presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.

Ak uz teda nie su ziadne problemy s PC, tak este upraceme po pouzitych nastrojoch:

Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
Uloz na plochu a spusti
Nechaj oznacenu moznost "Remove disinfection tools"
Klikni na "Run"

Fjup · #27 Příspěvek od **Fjup** » 22 pro 2018 18:14

Děkuji, nástroje na čištění jsem odstranil delfixem. Plnou plochu vyčiním uživateli PC. Už jsem mu to říkal několikrát, ale stále marně

. Jinak mockrát děkuji za pomoc s infikací a čištěním PC. Přeju vám hezké a klidné Vánoce.

#28 Příspěvek od **Conder** » 22 pro 2018 21:07

Nie je zaco, radi sme pomohli

Dakujeme, taktiez prajeme prijemne prezitie vianocnych sviatkov.

VIRY.CZ

Kontrola logu po infikaci PC archivem z emailu

Re: Kontrola logu po infikaci PC archivem z emailu

Re: Kontrola logu po infikaci PC archivem z emailu

Re: Kontrola logu po infikaci PC archivem z emailu

Re: Kontrola logu po infikaci PC archivem z emailu

Re: Kontrola logu po infikaci PC archivem z emailu

Re: Kontrola logu po infikaci PC archivem z emailu

Re: Kontrola logu po infikaci PC archivem z emailu

Re: Kontrola logu po infikaci PC archivem z emailu

Re: Kontrola logu po infikaci PC archivem z emailu

Re: Kontrola logu po infikaci PC archivem z emailu

Re: Kontrola logu po infikaci PC archivem z emailu

Re: Kontrola logu po infikaci PC archivem z emailu

Re: Kontrola logu po infikaci PC archivem z emailu