Kontrola logu po útoku ransomware .coharos

Zpráva

vasekpetr1 · #1 Příspěvek od **vasekpetr1** » 06 zář 2019 16:29

Prosím o kontrolu logu po odmazání zašifrovaných souborů následkem útoku .coharos.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-09-2019
Ran by Vojta (administrator) on VOJTA-PC (LENOVO 6077AM1) (06-09-2019 17:23:04)
Running from C:\Users\Vojta\Desktop
Loaded Profiles: Vojta (Available Profiles: Vojta)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_32_0_0_238.exe
(Adobe Inc. -> Adobe) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_32_0_0_238.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: D - D:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {018352cb-beac-11e5-8962-001e37364e82} - F:\setup.exe /autorun
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {096b1e7b-148e-11e7-b0a3-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {453d547f-d0e8-11e6-b074-001e37364e82} - G:\setup.exe /autorun
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {644377ec-c209-11e6-b06b-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {64437802-c209-11e6-b06b-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {654210fd-c89e-11e8-b1e3-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {96428a52-0102-11e9-b1c3-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {d77618c3-cf7f-11e6-b01b-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005BD7AB-90E8-40C3-8CB0-38C5C592E1AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-14] (Adobe Inc. -> Adobe)
Task: {06B6E82C-BF64-4B94-B50D-38A921656B6B} - System32\Tasks\uDWJWTXJNtceTmi => rundll32 "C:\Program Files\LaRPJwypU\ftweeM.dll",#1
Task: {32675A99-4ABB-4D50-A374-1843628AC1F0} - System32\Tasks\PRqDsAmBDBAyI2 => C:\Windows\system32\wscript.exe "C:\ProgramData\rgrCtQIGjQWGqjVB\PKBhQUQ.wsf"
Task: {3CBF6EE4-295D-4B7A-8393-AA5372894B96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {4276E4E2-7079-4FC4-A136-D24F702BA089} - System32\Tasks\{9CD2F391-C0A3-40CE-8BD2-AC5F63C35554} => C:\Windows\system32\pcalua.exe -a "E:\Program Files\HD Tune\unins000.exe"
Task: {5079534F-01F8-4001-A965-37176743753F} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [153768 2011-02-15] (Visan Industries -> )
Task: {5D434B00-1A6D-4C43-AF07-29118FFADA96} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_238_Plugin.exe [1457208 2019-08-14] (Adobe Inc. -> Adobe)
Task: {612726B8-286D-45A1-90DD-E4E89C426876} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [345824 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {6184A915-3D13-4272-9E9F-5B332A94868B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {625E62E5-8815-4597-9750-89A6777D790D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {84AB67DB-37A6-4CE6-B1A6-7C4907CAD20E} - System32\Tasks\{121242C0-A705-473D-92BC-8B32948373DD} => C:\Windows\system32\pcalua.exe -a C:\Users\Vojta\Downloads\setup(1).exe -d C:\Users\Vojta\Downloads
Task: {9AD64118-7F60-4C0A-A282-54CA2D65E5E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14636224 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BB10A299-B9F6-4F1C-A2C2-5F022977F222} - System32\Tasks\SmartShare => C:\Program Files\LG Software\LG Smart Share\SmartShareStart.exe
Task: {DE279096-C984-41B3-878C-E83D8B1AB9F7} - System32\Tasks\WiperSoft Startup => c:\program files\WiperSoft\WiperSoft.exe [3921008 2019-08-22] (Wiper Software, UAB -> Wiper Software, UAB)
Task: {E1885DD8-5E83-4395-B821-79BDC0FDB036} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {E7758F04-3AE4-4E82-B07E-AF986B46B771} - System32\Tasks\Pošta => C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe [845584 2018-04-11] (Microsoft Corporation -> )
Task: {E982CA0A-BBE8-4649-957A-DFE77D23017F} - System32\Tasks\{99F3F297-D888-453C-97E3-CE55AB99E0E1} => C:\Windows\system32\pcalua.exe -a "E:\Program Files\Microsoft Games\Train Simulator\unins006.exe"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\uDWJWTXJNtceTmi.job => C:\Program Files\LaRPJwypU\ftweeM.dll

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BC2DAF9C-4130-4E26-A4A3-EF85916DF03C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D48461E7-DA8F-4718-8ACD-557293A42A76}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2091321983-474696320-977629267-1001 -> DefaultScope {E6BBF592-8669-4A08-9C75-67EE5631D7BE} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-2091321983-474696320-977629267-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2091321983-474696320-977629267-1001 -> {E6BBF592-8669-4A08-9C75-67EE5631D7BE} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-10] (Oracle America, Inc. -> Oracle Corporation)
DPF: {CAFEEFAC-0018-0000-00101-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_101-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: v28pucrl.default
FF ProfilePath: C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\v28pucrl.default [2019-09-06]
FF Homepage: Mozilla\Firefox\Profiles\v28pucrl.default -> hxxps://www.seznam.cz/
FF HomepageOverride: Mozilla\Firefox\Profiles\v28pucrl.default -> Enabled: _14Members_@download.totalrecipesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\v28pucrl.default -> Enabled: _14Members_@download.totalrecipesearch.com
FF Extension: (Firefox ESR configurer for OLDJAWS screen reader ) - C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\v28pucrl.default\features\{824b15f1-322e-4475-9343-caf700e59e7d}\jaws-esr@mozilla.org.xpi [2019-09-05] [Legacy]
FF Extension: (Firefox ESR configurer for OLDJAWS screen reader ) - C:\Program Files\Mozilla Firefox\browser\features\jaws-esr@mozilla.org.xpi [2019-09-04] [Legacy] [not signed]
FF Extension: (Google Slides Offline) - C:\Program Files\Mozilla Firefox\browser\features\{1F811EFA-5187-46DC-8F9F-766102E95F2D}.xpi [2019-08-14] [not signed]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_238.dll [2019-08-14] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-11] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-07-24] (Adobe Inc. -> Adobe Systems)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1142464 2016-12-22] (Disc Soft Ltd -> Disc Soft Ltd)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-01-19] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-01-19] (Disc Soft Ltd -> Disc Soft Ltd)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2016-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-06 17:23 - 2019-09-06 17:24 - 000015773 _____ C:\Users\Vojta\Desktop\FRST.txt
2019-09-06 17:22 - 2019-09-06 17:23 - 000000000 ____D C:\FRST
2019-09-06 17:22 - 2019-09-06 17:22 - 001451008 _____ (Farbar) C:\Users\Vojta\Desktop\FRST.exe
2019-09-06 17:20 - 2019-09-06 17:20 - 000067862 _____ C:\Windows\ntbtlog.txt
2019-09-06 17:13 - 2019-09-06 17:13 - 000000000 ___HD C:\Windows\PIF
2019-08-30 13:56 - 2019-08-30 13:56 - 000000000 ____D C:\Program Files\JARRUgEbUkUn
2019-08-30 13:55 - 2019-09-06 10:02 - 000000278 _____ C:\Windows\Tasks\uDWJWTXJNtceTmi.job
2019-08-23 16:06 - 2019-08-23 16:06 - 000467680 _____ C:\Users\Vojta\Documents\Objednávka Dmychadla a náhradní díly.mht
2019-08-22 15:32 - 2019-09-05 10:29 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\WiperSoft
2019-08-22 15:31 - 2019-08-22 15:32 - 000000000 ____D C:\Program Files\WiperSoft
2019-08-22 15:30 - 2019-08-22 15:30 - 002427504 _____ (Wiper Software, UAB) C:\Users\Vojta\Downloads\WiperSoft-installer.exe
2019-08-18 11:30 - 2019-08-18 11:30 - 000000000 ____D C:\Users\Vojta\AppData\LocalLow\xHLLMjruyIoAv
2019-08-17 17:48 - 2019-08-17 17:51 - 399801000 _____ C:\Users\Vojta\Downloads\Airport.CEO.v32.7.3.rar
2019-08-17 09:38 - 2019-08-17 11:04 - 000000160 _____ C:\Users\Vojta\AppData\LocalLow\rbxcsettings.rbx
2019-08-14 19:45 - 2019-08-15 07:26 - 000000004 _____ C:\ProgramData\lock.dat
2019-08-14 19:45 - 2019-08-14 19:45 - 000000008 _____ C:\ProgramData\ts.dat
2019-08-14 19:45 - 2019-08-14 19:45 - 000000004 _____ C:\ProgramData\irw.atsd
2019-08-14 07:34 - 2019-08-05 23:55 - 000348800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-08-14 07:34 - 2019-08-04 03:21 - 020291584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-08-14 07:34 - 2019-08-04 03:15 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-08-14 07:34 - 2019-08-04 03:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-08-14 07:34 - 2019-08-04 03:04 - 000496128 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-08-14 07:34 - 2019-08-04 03:03 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-08-14 07:34 - 2019-08-04 03:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-08-14 07:34 - 2019-08-04 03:03 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-08-14 07:34 - 2019-08-04 03:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-08-14 07:34 - 2019-08-04 03:00 - 002301952 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-08-14 07:34 - 2019-08-04 02:57 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-08-14 07:34 - 2019-08-04 02:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-08-14 07:34 - 2019-08-04 02:55 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-08-14 07:34 - 2019-08-04 02:54 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-08-14 07:34 - 2019-08-04 02:54 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-08-14 07:34 - 2019-08-04 02:54 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-08-14 07:34 - 2019-08-04 02:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-08-14 07:34 - 2019-08-04 02:48 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-08-14 07:34 - 2019-08-04 02:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-08-14 07:34 - 2019-08-04 02:41 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-08-14 07:34 - 2019-08-04 02:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-08-14 07:34 - 2019-08-04 02:40 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-08-14 07:34 - 2019-08-04 02:38 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-08-14 07:34 - 2019-08-04 02:37 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-08-14 07:34 - 2019-08-04 02:36 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-08-14 07:34 - 2019-08-04 02:35 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-08-14 07:34 - 2019-08-04 02:32 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-08-14 07:34 - 2019-08-04 02:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-08-14 07:34 - 2019-08-04 02:28 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-08-14 07:34 - 2019-08-04 02:28 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-08-14 07:34 - 2019-08-04 02:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-08-14 07:34 - 2019-08-04 02:27 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-08-14 07:34 - 2019-08-04 02:23 - 013791744 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-08-14 07:34 - 2019-08-04 02:09 - 004387840 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-08-14 07:34 - 2019-08-04 02:06 - 001331200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-08-14 07:34 - 2019-08-04 02:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-08-14 07:34 - 2019-07-30 04:19 - 004058848 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2019-08-14 07:34 - 2019-07-30 04:19 - 003965664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-08-14 07:34 - 2019-07-30 04:19 - 000191200 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2019-08-14 07:34 - 2019-07-30 04:19 - 000191200 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-08-14 07:34 - 2019-07-30 04:19 - 000137952 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2019-08-14 07:34 - 2019-07-30 04:19 - 000137440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-08-14 07:34 - 2019-07-30 04:19 - 000068832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-08-14 07:34 - 2019-07-30 04:17 - 001315904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 001425920 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 001072640 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000583680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000555520 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000261632 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 03:54 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-08-14 07:34 - 2019-07-30 03:53 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-08-14 07:34 - 2019-07-30 03:53 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-08-14 07:34 - 2019-07-30 03:53 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-08-14 07:34 - 2019-07-30 03:53 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-08-14 07:34 - 2019-07-30 03:53 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-08-14 07:34 - 2019-07-30 03:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-08-14 07:34 - 2019-07-30 03:51 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-08-14 07:34 - 2019-07-30 03:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-08-14 07:34 - 2019-07-30 03:50 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-08-14 07:34 - 2019-07-30 03:48 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-08-14 07:34 - 2019-07-30 03:48 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-08-14 07:34 - 2019-07-30 03:48 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-08-14 07:34 - 2019-07-30 03:48 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-08-14 07:34 - 2019-07-30 03:48 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-08-14 07:34 - 2019-07-30 03:48 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-08-14 07:34 - 2019-07-30 03:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-08-14 07:34 - 2019-07-30 03:47 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-08-14 07:34 - 2019-07-30 03:47 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-08-14 07:34 - 2019-07-30 03:47 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2019-08-14 07:34 - 2019-07-30 03:47 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-08-14 07:34 - 2019-07-30 03:47 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-08-14 07:34 - 2019-07-30 03:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-08-14 07:34 - 2019-07-30 03:47 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-08-14 07:34 - 2019-07-30 03:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-08-14 07:34 - 2019-07-30 03:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-08-14 07:34 - 2019-07-30 03:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 03:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 03:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 03:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-08-14 07:34 - 2019-07-24 04:34 - 002752000 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-08-14 07:34 - 2019-07-19 05:34 - 002406912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-08-14 07:34 - 2019-07-13 10:38 - 000242400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2019-08-14 07:34 - 2019-07-13 10:37 - 001312992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-08-14 07:34 - 2019-07-13 10:37 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-08-14 07:34 - 2019-07-13 10:37 - 000189152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-08-14 07:34 - 2019-07-13 10:34 - 001391616 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000836608 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000335360 _____ (Microsoft Corporation) C:\Windows\system32\P2PGraph.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000180736 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000162816 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\ssdpapi.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000256512 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\Groupinghc.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-08-14 07:34 - 2019-07-13 10:22 - 000353280 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2019-08-14 07:34 - 2019-07-13 10:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2019-08-14 07:34 - 2019-07-13 10:22 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll
2019-08-14 07:34 - 2019-07-13 10:15 - 006135808 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-08-14 07:34 - 2019-07-13 10:13 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcmonitor.dll
2019-08-14 07:34 - 2019-07-13 10:07 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-08-14 07:34 - 2019-07-04 03:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-08-13 13:01 - 2019-08-13 13:07 - 667153328 _____ C:\Users\Vojta\Downloads\microsoft-flight-simulator-x.exe
2019-08-13 09:15 - 2019-08-13 09:21 - 399801429 _____ C:\Users\Vojta\Downloads\Airport.CEO.v32.7.3.rar.rar
2019-08-13 08:25 - 2019-08-13 08:25 - 000001109 _____ C:\Users\Vojta\_readme.txt
2019-08-13 08:25 - 2019-08-13 08:25 - 000001109 _____ C:\Users\Bohunka\_readme.txt
2019-08-13 08:25 - 2019-08-13 08:25 - 000001109 _____ C:\Users\Administrator\_readme.txt
2019-08-13 08:25 - 2019-08-13 08:25 - 000001109 _____ C:\_readme.txt
2019-08-13 08:22 - 2019-08-18 13:10 - 000000000 ____D C:\Program Files\ZRDvywJUeGUn
2019-08-13 08:22 - 2019-08-16 06:59 - 000000000 ____D C:\Program Files\VIyHCwavsSZPC
2019-08-13 08:22 - 2019-08-15 07:28 - 000000000 ____D C:\Program Files\IZPpBbJozjrU2
2019-08-13 08:22 - 2019-08-15 07:27 - 000000000 ____D C:\Program Files\pGPGVCCgEdIJAbCqPrR
2019-08-13 08:22 - 2019-08-13 08:22 - 000000000 ____D C:\ProgramData\rgrCtQIGjQWGqjVB
2019-08-13 08:21 - 2019-08-30 14:58 - 000000270 __RSH C:\Users\Vojta\ntuser.pol
2019-08-13 08:21 - 2019-08-18 13:10 - 000000000 ____D C:\Program Files\bDUDIwWNEIE
2019-08-13 08:21 - 2019-08-17 07:18 - 000000000 ____D C:\Program Files\zsTynKNKU
2019-08-13 08:20 - 2019-08-13 08:20 - 000000000 ____D C:\Users\Vojta\AppData\Local\da568ce5-de21-4c03-9f67-820714b28a41
2019-08-13 08:20 - 2019-08-13 08:20 - 000000000 ____D C:\SystemID
2019-08-13 08:20 - 2019-08-13 08:20 - 000000000 ____D C:\ProgramData\Lamia
2019-08-13 08:19 - 2019-08-22 11:29 - 000000000 ____D C:\Users\Vojta\AppData\Local\Mail.Ru
2019-08-13 08:19 - 2019-08-15 07:27 - 000000000 ____D C:\ProgramData\WIFIService
2019-08-13 08:19 - 2019-08-13 08:26 - 000000000 ____D C:\Users\Vojta\AppData\Local\d4ce6a02-0d6a-4429-b795-8bda16a60e8b
2019-08-13 08:19 - 2019-08-13 08:23 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\CoreTempApp
2019-08-13 08:19 - 2019-08-13 08:20 - 000000000 ____D C:\ProgramData\Mail.Ru
2019-08-13 08:15 - 2019-08-22 11:29 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\uTorrent
2019-08-12 16:26 - 2019-08-17 09:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2019-08-12 16:26 - 2019-08-12 16:26 - 000000000 ____D C:\ProgramData\Roblox
2019-08-12 16:25 - 2019-08-12 16:25 - 000000000 ____D C:\Program Files\Roblox

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-06 17:20 - 2017-04-20 18:09 - 000000000 ____D C:\Users\Vojta\AppData\LocalLow\Mozilla
2019-09-06 17:01 - 2016-01-07 21:04 - 000000256 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2019-09-06 10:10 - 2009-07-14 06:34 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-06 10:10 - 2009-07-14 06:34 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-06 10:02 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-06 09:37 - 2017-12-22 22:50 - 000000000 ____D C:\A Bootable USB
2019-09-06 09:37 - 2017-04-18 09:31 - 000000000 ____D C:\Users\Vojta\Documents\Poznámkové bloky aplikace OneNote
2019-09-06 09:37 - 2016-02-11 21:34 - 000000000 ____D C:\AdwCleaner
2019-09-06 09:37 - 2016-01-11 16:28 - 000000000 ___RD C:\Users\Vojta\Documents\Scanned Documents
2019-09-06 09:37 - 2016-01-09 19:59 - 000000000 ____D C:\Office
2019-09-06 09:37 - 2013-03-01 20:43 - 000000000 ___HD C:\RPKTools
2019-09-06 09:36 - 2016-12-31 19:43 - 000000000 ____D C:\Users\Vojta\.android
2019-09-06 09:36 - 2016-08-29 20:18 - 000000000 ____D C:\Users\Vojta\.oracle_jre_usage
2019-09-06 08:46 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2019-09-05 10:24 - 2017-09-07 15:59 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-09-04 10:17 - 2016-12-07 13:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-09-01 09:04 - 2016-01-07 18:43 - 000000000 ____D C:\Windows\system32\Macromed
2019-08-30 14:58 - 2016-01-07 15:51 - 000000000 ____D C:\Users\Vojta
2019-08-30 14:57 - 2016-12-15 12:50 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-08-30 13:55 - 2017-12-22 22:28 - 000000270 __RSH C:\ProgramData\ntuser.pol
2019-08-22 12:06 - 2018-11-15 20:01 - 000001988 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-22 12:06 - 2018-11-15 20:01 - 000001988 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-08-22 11:24 - 2016-01-07 15:51 - 000001082 _____ C:\Users\Vojta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-08-19 09:30 - 2018-08-15 22:12 - 000000000 ____D C:\Windows\rescache
2019-08-17 12:19 - 2016-01-25 14:18 - 000000000 _____ C:\Users\Vojta\AppData\Roaming\FileOut.cns
2019-08-17 12:19 - 2016-01-25 14:18 - 000000000 _____ C:\Users\Vojta\AppData\Roaming\FileIn.cns
2019-08-15 18:58 - 2016-01-29 12:51 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-14 20:39 - 2016-01-07 18:43 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-08-14 20:39 - 2016-01-07 18:43 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-08-14 19:48 - 2011-04-12 03:37 - 000671796 _____ C:\Windows\system32\perfh005.dat
2019-08-14 19:48 - 2011-04-12 03:37 - 000142392 _____ C:\Windows\system32\perfc005.dat
2019-08-14 19:48 - 2010-11-20 23:01 - 001591750 _____ C:\Windows\system32\PerfStringBackup.INI
2019-08-14 19:41 - 2009-07-14 06:33 - 000417792 _____ C:\Windows\system32\FNTCACHE.DAT
2019-08-14 19:31 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-08-14 19:12 - 2016-01-07 20:52 - 000000000 ____D C:\Windows\system32\MRT
2019-08-14 19:06 - 2013-03-01 14:12 - 131096328 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-08-13 13:20 - 2009-07-14 06:52 - 000000000 ____D C:\Program Files\Microsoft Games
2019-08-13 08:25 - 2018-11-28 16:14 - 000000000 ____D C:\SWTOOLS
2019-08-13 08:25 - 2018-01-14 14:13 - 000000000 ____D C:\Users\Bohunka
2019-08-13 08:25 - 2016-11-16 13:17 - 000000000 ____D C:\Nová složka
2019-08-13 08:25 - 2013-03-01 20:43 - 000000000 ___HD C:\Tools
2019-08-13 08:25 - 2010-11-20 22:57 - 000000000 ____D C:\Users\Administrator
2019-08-13 08:19 - 2009-07-14 04:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-08-12 09:22 - 2009-07-14 06:53 - 000032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories ================

2019-08-14 19:45 - 2019-08-15 07:26 - 000000004 _____ () C:\ProgramData\lock.dat
2019-08-14 19:45 - 2019-08-14 19:45 - 000000008 _____ () C:\ProgramData\ts.dat
2016-01-25 14:18 - 2019-08-17 12:19 - 000000000 _____ () C:\Users\Vojta\AppData\Roaming\FileIn.cns
2016-01-25 14:18 - 2019-08-17 12:19 - 000000000 _____ () C:\Users\Vojta\AppData\Roaming\FileOut.cns
2016-02-14 12:53 - 2016-02-14 19:55 - 000038214 _____ () C:\Users\Vojta\AppData\Roaming\Hodnoty oddělené čárkami (DOS).ADR
2016-01-15 11:33 - 2016-11-12 18:06 - 000036995 _____ () C:\Users\Vojta\AppData\Roaming\Hodnoty oddělené čárkami (Windows).ADR
2016-01-15 11:39 - 2016-01-24 17:19 - 000021173 _____ () C:\Users\Vojta\AppData\Roaming\Hodnoty oddělené čárkami (Windows).EML
2018-07-13 12:09 - 2018-07-13 12:09 - 000003584 _____ () C:\Users\Vojta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-21 19:11 - 2019-01-26 14:45 - 000007633 _____ () C:\Users\Vojta\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-08-31 07:31
==================== End of FRST.txt ============================

Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-09-2019
Ran by Vojta (06-09-2019 17:24:36)
Running from C:\Users\Vojta\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2016-01-07 13:51:23)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2091321983-474696320-977629267-500 - Administrator - Disabled)
Guest (S-1-5-21-2091321983-474696320-977629267-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2091321983-474696320-977629267-1006 - Limited - Enabled)
Vojta (S-1-5-21-2091321983-474696320-977629267-1001 - Administrator - Enabled) => C:\Users\Vojta

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0016-0405-0000-0000000FF1CE}_BASICR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001A-0405-0000-0000000FF1CE}_BASICR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001B-0405-0000-0000000FF1CE}_BASICR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-0405-0000-0000000FF1CE}_BASICR_{0B7A4B67-2A38-42B1-9857-662FAB361E08}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-0407-0000-0000000FF1CE}_BASICR_{928D7B99-2BEA-49F9-83B8-20FA57860643}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-041B-0000-0000000FF1CE}_BASICR_{FDF9A959-241A-4662-A8DE-7DED9C22D160}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-006E-0405-0000-0000000FF1CE}_BASICR_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.012.20036 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.238 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.238 - Adobe)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0405-0000-0000000FF1CE}_BASICR_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0405-0000-0000000FF1CE}_BASICR_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
ATI Catalyst Install Manager (HKLM\...\{F8B54C40-8BF5-DB84-81C8-CAE26896DB1C}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0222 - Disc Soft Ltd)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HP Deskjet 3050A J611 series Nápověda (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Support Assistant (HKLM\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM\...\{79CA8D8A-8371-4146-8920-C1405318E65E}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
Image Plugin (HKLM\...\{FDC8065B-80DE-4466-B90B-2581F6D77DFF}) (Version: 3.05.0001 - Snap-on Business Solutions)
Integration Assistant 3 (HKLM\...\{3715EF4B-E9E6-462F-858A-F2E8F1C77170}) (Version: 3.07.0000 - Snap-on Business Solutions, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LaunchEpc (HKLM\...\{9D8650A4-F0F6-48CD-8332-9A03397FDFE5}) (Version: 1.05.0000 - Snap-on Business Solutions, Inc.)
Malwarebytes verze 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Basic 2007 (HKLM\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Train Simulator (HKLM\...\Train Simulator 1.0) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Cleaner (HKLM\...\{A1DC4723-0BB7-4E49-9786-B4E6326B3FF1}) (Version: 2.02.0000 - gazstone.com)
Mozilla Firefox 60.9.0 ESR (x86 cs) (HKLM\...\Mozilla Firefox 60.9.0 ESR (x86 cs)) (Version: 60.9.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.9.0.7183 - Mozilla)
MSTS Patch 1.7.00819 (HKLM\...\{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}) (Version: 1.7.081920 - George)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Roblox Player (HKLM\...\roblox-player) (Version: - Roblox Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
Train Store (Czech Language Pack) (HKLM\...\Train Store (Czech Language Pack)) (Version: - )
Train Store V3.2 (HKLM\...\Train Store V3.2) (Version: - )
Trať Bratislava-Brno-Praha pro MSTS verze BP86.02-T9-12.4.2011 (HKLM\...\Trať Bratislava-Brno-Praha pro MSTS_is1) (Version: - Zbyněk Šemora)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WiperSoft 1.2.1147.32 (HKLM\...\{AB1C8C91-4D8E-4C28-80E7-FD135FB90515}}_is1) (Version: 1.2.1147.32 - WiperSoft)
Základní software zařízení HP Deskjet 3050A J611 series (HKLM\...\{0188AB09-99C9-4396-B565-7EEE0DE76488}) (Version: 25.0.571.0 - Hewlett-Packard Co.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2018-11-28 19:57 - 2018-11-28 19:57 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-2091321983-474696320-977629267-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Vojta\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Deskjet 3050A J611 series (NET) => "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1CK431V005PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NetSoftware => "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{729301BF-3776-475E-91C3-A2FE297DD0CB}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CE861F3A-70B2-4D26-A232-671316178975}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2E907DA2-BD83-4945-9C30-8813D0A12EF2}] => (Allow) svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E3C8E682-A023-477A-9D2E-1C0208FFBCC1}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F9246F05-833C-46E9-8F87-EFE6812BCA40}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E96B0D08-33BA-4FBA-AB5E-21286CFF598D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F5A86084-A933-45BF-B5A3-56B2BC7238DF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{F730AED4-8BD1-488C-990C-2525A29F4F39}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{AE161FF4-D142-4266-BBB1-F8C582DF55D4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6237B069-5D72-49E7-AF1E-0906038ABB7E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{BC3A48F9-E569-43E2-AB00-D11F1FDD149F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

==================== Restore Points =========================

24-08-2019 13:30:24 Windows Update
28-08-2019 12:20:22 Windows Update
01-09-2019 09:06:15 Windows Update
04-09-2019 09:46:24 Windows Update

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/06/2019 05:21:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/06/2019 10:04:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/05/2019 10:25:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/04/2019 10:16:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/04/2019 09:41:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/02/2019 11:28:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/02/2019 11:16:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/02/2019 11:11:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (09/06/2019 05:22:56 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1084 = Tuto službu nelze spustit v nouzovém režimu. při pokusu o spuštění služby VSS s argumenty za účelem spuštění serveru:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (09/06/2019 05:22:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (09/06/2019 05:22:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (09/06/2019 05:22:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (09/06/2019 05:22:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Rozpoznávací modul sběrnice PnP-X IP závisí na službě Hostitel poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (09/06/2019 05:22:24 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1068 = Nepodařilo se zahájit závislou službu nebo skupinu. při pokusu o spuštění služby fdPHost s argumenty za účelem spuštění serveru:
{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (09/06/2019 05:22:24 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1068 = Nepodařilo se zahájit závislou službu nebo skupinu. při pokusu o spuštění služby fdPHost s argumenty za účelem spuštění serveru:
{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (09/06/2019 05:20:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Zprostředkovatel domácích skupin závisí na službě Hostitel poskytovatele rozpoznávání funkce, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

==================== Memory info ===========================

BIOS: LENOVO 2RKT37AUS 01/25/2008
Motherboard: LENOVO LENOVO
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Percentage of memory in use: 53%
Total physical RAM: 3045.3 MB
Available physical RAM: 1412.79 MB
Total Virtual: 3043.67 MB
Available Virtual: 1509.95 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:83.1 GB) (Free:49.92 GB) NTFS
Drive e: (Data) (Fixed) (Total:60.61 GB) (Free:41.53 GB) NTFS

\\?\Volume{b5570759-b543-11e5-9b67-806e6f6e6963}\ (System) (Fixed) (Total:5.33 GB) (Free:0.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 62541143)
Partition 1: (Active) - (Size=5.3 GB) - (Type=27)
Partition 2: (Not Active) - (Size=83.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=60.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#2 Příspěvek od **Conder** » 07 zář 2019 00:58

Ahoj

Logy su vytvorene v nudzovom rezime, funguje aj normalny rezim?

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

Uloz na plochu a ukonci vsetky programy
Spusti AdwCleaner ako spravca
Odsuhlas licencne podmienky
Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
Nechaj zaskrtnute vsetky nalezy
Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
Otvori sa log, jeho obsah sem skopiruj

vasekpetr1 · #3 Příspěvek od **vasekpetr1** » 07 zář 2019 08:24

Ahoj, za normálního provozu mi systém nedovolí soubor spustit, hlásí, že nemám dostatečná práva, přitom jsem jediný uživatel s administrátorskými právy.

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-04-2019
# Database: 2019-09-06.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-07-2019
# Duration: 00:00:06
# OS: Windows 7 Home Premium
# Cleaned: 22
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files\IZPpBbJozjrU2
Deleted C:\Program Files\VIyHCwavsSZPC
Deleted C:\Program Files\WiperSoft
Deleted C:\Program Files\ZRDvywJUeGUn
Deleted C:\Program Files\bDUDIwWNEIE
Deleted C:\Program Files\pGPGVCCgEdIJAbCqPrR
Deleted C:\Program Files\zsTynKNKU
Deleted C:\ProgramData\WIFIService
Deleted C:\ProgramData\rgrCtQIGjQWGqjVB
Deleted C:\Users\Vojta\AppData\Roaming\CoreTempApp
Deleted C:\Users\Vojta\AppData\Roaming\WiperSoft

***** [ Files ] *****

Deleted C:\Users\Vojta\Downloads\WIPERSOFT-INSTALLER.EXE

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\PRQDSAMBDBAYI2
Deleted C:\Windows\System32\Tasks\WIPERSOFT STARTUP

***** [ Registry ] *****

Deleted HKCU\Software\Mozilla\NativeMessagingHosts\ru.mail.go.ext_info_host
Deleted HKCU\Software\SetupCompany
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32675A99-4ABB-4D50-A374-1843628AC1F0}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE279096-C984-41B3-878C-E83D8B1AB9F7}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PRqDsAmBDBAyI2
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WiperSoft Startup
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AB1C8C91-4D8E-4C28-80E7-FD135FB90515}}_is1
Deleted HKLM\Software\WIFIService

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [19146 octets] - [07/09/2019 09:20:10]
AdwCleaner[S00].txt - [3966 octets] - [07/09/2019 09:20:43]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4 Příspěvek od **Conder** » 07 zář 2019 14:30

Pod tym "nedovoli spustit subory" myslis programy ako FRST, AdwCleaner a pod.? Mozes odfotit presnu hlasku? Tiez skus vytvorit novy administratorsky uzivatelsky ucet/profil (vo Windowse) a otestuj, ci to s nim bude fungovat v normalnom rezime.

Nasledne poprosim o obidva nove logy z FRST, idealne z normalneho rezimu.

vasekpetr1 · #5 Příspěvek od **vasekpetr1** » 08 zář 2019 19:24

: Hláška FRST.jpg (26.53 KiB) Zobrazeno 2778 x

Ahoj, hláška viz příloha, pokusil jsm se tedy vytvořit nový uživatelský účet s administrátorskými právy, ale ani ten nepovolí nic nainstalovat, program FRST.exe ani nedovolí přetáhnout ze složky stažených souborů na Plochu. Druhý účet jsem tedy zrušil.
Zkusil jsem bod obnovení z 1.9.2019, ale nepomohlo, problém s nedostatečnými právy přetrvává.

#6 Příspěvek od **Conder** » 08 zář 2019 21:44

Ta hlaska sa objavi aj ked kliknes na nejaky program pravym tlacitkom mysi a kliknes na Spustit ako spravca?

Urob v Malwarebytes uplny sken (moze byt aj v nudzovom rezime)

Stiahni a nainstaluj Malwarebytes (MB/MBAM): https://www.malwarebytes.com/mwb-download/thankyou/
Otvor Malwarebytes a vlavo klikni na "Skenovat"
Klikni na "Vlastne skenovanie" a potom na "Nakonfigurovat skenovanie" (Nastavit sken)
Vpravo oznac vsetky disky v PC a vlavo oznac moznost "Vyhladavat rootkity"
Klikni na Skenovat teraz a pockaj na dokoncenie
Po dokonceni klikni na Exportovat zhrnutie -> Skopirovat do schranky
Skopirovany log vloz do dalsej odpovede
Obrazkovy navod (bohuzial pre starsiu verziu): https://forum.viry.cz/viewtopic.php?f=29&t=144868

vasekpetr1 · #7 Příspěvek od **vasekpetr1** » 09 zář 2019 10:36

Zkusil jsem FRST stáhnout na jiném PC a flashdiskem jej přenést na postižené PC, to šlo a zde jsou výpisy. MBAM bude později, je to na dlouho a jdu na odpolední.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-09-2019
Ran by Vojta (administrator) on VOJTA-PC (LENOVO 6077AM1) (09-09-2019 10:58:57)
Running from C:\Users\Vojta\Desktop
Loaded Profiles: Vojta (Available Profiles: Vojta)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(HP Inc. -> HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel) [File not signed] C:\Program Files\Intel\AMT\LMS.exe
(Intel) [File not signed] C:\Program Files\Intel\AMT\UNS.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14636224 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: D - D:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {018352cb-beac-11e5-8962-001e37364e82} - F:\setup.exe /autorun
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {096b1e7b-148e-11e7-b0a3-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {453d547f-d0e8-11e6-b074-001e37364e82} - G:\setup.exe /autorun
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {644377ec-c209-11e6-b06b-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {64437802-c209-11e6-b06b-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {654210fd-c89e-11e8-b1e3-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {96428a52-0102-11e9-b1c3-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {d77618c3-cf7f-11e6-b01b-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005BD7AB-90E8-40C3-8CB0-38C5C592E1AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-14] (Adobe Inc. -> Adobe)
Task: {06B6E82C-BF64-4B94-B50D-38A921656B6B} - System32\Tasks\uDWJWTXJNtceTmi => rundll32 "C:\Program Files\LaRPJwypU\ftweeM.dll",#1
Task: {32675A99-4ABB-4D50-A374-1843628AC1F0} - System32\Tasks\PRqDsAmBDBAyI2 => C:\Windows\system32\wscript.exe "C:\ProgramData\rgrCtQIGjQWGqjVB\PKBhQUQ.wsf"
Task: {3CBF6EE4-295D-4B7A-8393-AA5372894B96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {4276E4E2-7079-4FC4-A136-D24F702BA089} - System32\Tasks\{9CD2F391-C0A3-40CE-8BD2-AC5F63C35554} => C:\Windows\system32\pcalua.exe -a "E:\Program Files\HD Tune\unins000.exe"
Task: {5079534F-01F8-4001-A965-37176743753F} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [153768 2011-02-15] (Visan Industries -> )
Task: {5D434B00-1A6D-4C43-AF07-29118FFADA96} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_238_Plugin.exe [1457208 2019-08-14] (Adobe Inc. -> Adobe)
Task: {6184A915-3D13-4272-9E9F-5B332A94868B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {625E62E5-8815-4597-9750-89A6777D790D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {84AB67DB-37A6-4CE6-B1A6-7C4907CAD20E} - System32\Tasks\{121242C0-A705-473D-92BC-8B32948373DD} => C:\Windows\system32\pcalua.exe -a C:\Users\Vojta\Downloads\setup(1).exe -d C:\Users\Vojta\Downloads
Task: {8813DA5D-AE04-475E-BB50-D4EAA9AABD0C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [345824 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {9AD64118-7F60-4C0A-A282-54CA2D65E5E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14636224 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BB10A299-B9F6-4F1C-A2C2-5F022977F222} - System32\Tasks\SmartShare => C:\Program Files\LG Software\LG Smart Share\SmartShareStart.exe
Task: {DE279096-C984-41B3-878C-E83D8B1AB9F7} - System32\Tasks\WiperSoft Startup => c:\program files\WiperSoft\WiperSoft.exe [3921008 2019-08-22] (Wiper Software, UAB -> Wiper Software, UAB)
Task: {E1885DD8-5E83-4395-B821-79BDC0FDB036} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {E7758F04-3AE4-4E82-B07E-AF986B46B771} - System32\Tasks\Pošta => C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe [845584 2018-04-11] (Microsoft Corporation -> )
Task: {E982CA0A-BBE8-4649-957A-DFE77D23017F} - System32\Tasks\{99F3F297-D888-453C-97E3-CE55AB99E0E1} => C:\Windows\system32\pcalua.exe -a "E:\Program Files\Microsoft Games\Train Simulator\unins006.exe"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\uDWJWTXJNtceTmi.job => C:\Program Files\LaRPJwypU\ftweeM.dll

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BC2DAF9C-4130-4E26-A4A3-EF85916DF03C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D48461E7-DA8F-4718-8ACD-557293A42A76}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2091321983-474696320-977629267-1001 -> DefaultScope {E6BBF592-8669-4A08-9C75-67EE5631D7BE} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-2091321983-474696320-977629267-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2091321983-474696320-977629267-1001 -> {E6BBF592-8669-4A08-9C75-67EE5631D7BE} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-10] (Oracle America, Inc. -> Oracle Corporation)
DPF: {CAFEEFAC-0018-0000-00101-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_101-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: v28pucrl.default
FF ProfilePath: C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\v28pucrl.default [2019-09-09]
FF Homepage: Mozilla\Firefox\Profiles\v28pucrl.default -> hxxps://www.seznam.cz/
FF HomepageOverride: Mozilla\Firefox\Profiles\v28pucrl.default -> Enabled: _14Members_@download.totalrecipesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\v28pucrl.default -> Enabled: _14Members_@download.totalrecipesearch.com
FF Extension: (SafeGuard) - C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\v28pucrl.default\Extensions\extension@safeguard.ws.xpi [2019-09-07]
FF Extension: (Firefox ESR configurer for OLDJAWS screen reader ) - C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\v28pucrl.default\features\{824b15f1-322e-4475-9343-caf700e59e7d}\jaws-esr@mozilla.org.xpi [2019-09-05] [Legacy]
FF Extension: (Firefox ESR configurer for OLDJAWS screen reader ) - C:\Program Files\Mozilla Firefox\browser\features\jaws-esr@mozilla.org.xpi [2019-09-09] [Legacy] [not signed]
FF Extension: (Google Slides Offline) - C:\Program Files\Mozilla Firefox\browser\features\{1F811EFA-5187-46DC-8F9F-766102E95F2D}.xpi [2019-08-14] [not signed]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_238.dll [2019-08-14] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-11] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-07-24] (Adobe Inc. -> Adobe Systems)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1142464 2016-12-22] (Disc Soft Ltd -> Disc Soft Ltd)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-01-19] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-01-19] (Disc Soft Ltd -> Disc Soft Ltd)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2016-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-09 10:58 - 2019-09-09 10:59 - 000016897 _____ C:\Users\Vojta\Desktop\FRST.txt
2019-09-09 10:58 - 2019-09-09 10:56 - 001450496 _____ (Farbar) C:\Users\Vojta\Desktop\FRST.exe
2019-09-08 19:26 - 2019-09-08 19:26 - 000000000 _____ C:\Users\Vojta\Downloads\FRST.exe.q0kcpm6.partial
2019-09-08 19:09 - 2019-09-08 19:50 - 000000000 ____D C:\Users\tata
2019-09-08 14:41 - 2019-09-08 14:41 - 000000000 _____ C:\Users\Vojta\Desktop\zzzzzzzzzz.txt
2019-09-07 14:47 - 2019-09-08 21:00 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\uTorrent Web
2019-09-07 14:45 - 2019-09-07 14:45 - 000018030 _____ C:\Users\Vojta\Downloads\[CzT]Airport_CEO_v_0_23_0_0_2017_.torrent
2019-09-07 12:45 - 2019-09-07 12:45 - 000006471 _____ C:\Users\Vojta\Downloads\[CzT]Papers_Please_v1_1_65_2013_CZ_.torrent
2019-09-07 09:18 - 2019-09-07 09:18 - 007622344 _____ (Malwarebytes) C:\Users\Vojta\Desktop\adwcleaner_7.4.1.exe
2019-09-06 17:22 - 2019-09-09 10:58 - 000000000 ____D C:\FRST
2019-09-06 17:13 - 2019-09-06 17:13 - 000000000 ___HD C:\Windows\PIF
2019-08-30 14:56 - 2019-08-30 14:56 - 000000214 _____ C:\Windows\ntbtlog.txt
2019-08-30 13:56 - 2019-08-30 13:56 - 000000000 ____D C:\Program Files\JARRUgEbUkUn
2019-08-30 13:55 - 2019-09-08 20:06 - 000000278 _____ C:\Windows\Tasks\uDWJWTXJNtceTmi.job
2019-08-23 16:06 - 2019-08-23 16:06 - 000467680 _____ C:\Users\Vojta\Documents\Objednávka Dmychadla a náhradní díly.mht
2019-08-22 15:31 - 2019-09-08 21:00 - 000000000 ____D C:\Program Files\WiperSoft
2019-08-22 15:30 - 2019-08-22 15:30 - 002427504 _____ (Wiper Software, UAB) C:\Users\Vojta\Downloads\WiperSoft-installer.exe
2019-08-18 11:30 - 2019-08-18 11:30 - 000000000 ____D C:\Users\Vojta\AppData\LocalLow\xHLLMjruyIoAv
2019-08-17 17:48 - 2019-08-17 17:51 - 399801000 _____ C:\Users\Vojta\Downloads\Airport.CEO.v32.7.3.rar
2019-08-17 09:38 - 2019-08-17 11:04 - 000000160 _____ C:\Users\Vojta\AppData\LocalLow\rbxcsettings.rbx
2019-08-14 19:45 - 2019-08-15 07:26 - 000000004 _____ C:\ProgramData\lock.dat
2019-08-14 19:45 - 2019-08-14 19:45 - 000000008 _____ C:\ProgramData\ts.dat
2019-08-14 19:45 - 2019-08-14 19:45 - 000000004 _____ C:\ProgramData\irw.atsd
2019-08-14 07:34 - 2019-08-05 23:55 - 000348800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-08-14 07:34 - 2019-08-04 03:21 - 020291584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-08-14 07:34 - 2019-08-04 03:15 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-08-14 07:34 - 2019-08-04 03:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-08-14 07:34 - 2019-08-04 03:04 - 000496128 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-08-14 07:34 - 2019-08-04 03:03 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-08-14 07:34 - 2019-08-04 03:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-08-14 07:34 - 2019-08-04 03:03 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-08-14 07:34 - 2019-08-04 03:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-08-14 07:34 - 2019-08-04 03:00 - 002301952 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-08-14 07:34 - 2019-08-04 02:57 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-08-14 07:34 - 2019-08-04 02:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-08-14 07:34 - 2019-08-04 02:55 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-08-14 07:34 - 2019-08-04 02:54 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-08-14 07:34 - 2019-08-04 02:54 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-08-14 07:34 - 2019-08-04 02:54 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-08-14 07:34 - 2019-08-04 02:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-08-14 07:34 - 2019-08-04 02:48 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-08-14 07:34 - 2019-08-04 02:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-08-14 07:34 - 2019-08-04 02:41 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-08-14 07:34 - 2019-08-04 02:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-08-14 07:34 - 2019-08-04 02:40 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-08-14 07:34 - 2019-08-04 02:38 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-08-14 07:34 - 2019-08-04 02:37 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-08-14 07:34 - 2019-08-04 02:36 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-08-14 07:34 - 2019-08-04 02:35 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-08-14 07:34 - 2019-08-04 02:32 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-08-14 07:34 - 2019-08-04 02:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-08-14 07:34 - 2019-08-04 02:28 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-08-14 07:34 - 2019-08-04 02:28 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-08-14 07:34 - 2019-08-04 02:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-08-14 07:34 - 2019-08-04 02:27 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-08-14 07:34 - 2019-08-04 02:23 - 013791744 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-08-14 07:34 - 2019-08-04 02:09 - 004387840 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-08-14 07:34 - 2019-08-04 02:06 - 001331200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-08-14 07:34 - 2019-08-04 02:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-08-14 07:34 - 2019-07-30 04:19 - 004058848 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2019-08-14 07:34 - 2019-07-30 04:19 - 003965664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-08-14 07:34 - 2019-07-30 04:19 - 000191200 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2019-08-14 07:34 - 2019-07-30 04:19 - 000191200 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-08-14 07:34 - 2019-07-30 04:19 - 000137952 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2019-08-14 07:34 - 2019-07-30 04:19 - 000137440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-08-14 07:34 - 2019-07-30 04:19 - 000068832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-08-14 07:34 - 2019-07-30 04:17 - 001315904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 001425920 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 001072640 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000583680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000555520 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000261632 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 03:54 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-08-14 07:34 - 2019-07-30 03:53 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-08-14 07:34 - 2019-07-30 03:53 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-08-14 07:34 - 2019-07-30 03:53 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-08-14 07:34 - 2019-07-30 03:53 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-08-14 07:34 - 2019-07-30 03:53 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-08-14 07:34 - 2019-07-30 03:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-08-14 07:34 - 2019-07-30 03:51 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-08-14 07:34 - 2019-07-30 03:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-08-14 07:34 - 2019-07-30 03:50 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-08-14 07:34 - 2019-07-30 03:48 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-08-14 07:34 - 2019-07-30 03:48 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-08-14 07:34 - 2019-07-30 03:48 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-08-14 07:34 - 2019-07-30 03:48 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-08-14 07:34 - 2019-07-30 03:48 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-08-14 07:34 - 2019-07-30 03:48 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-08-14 07:34 - 2019-07-30 03:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-08-14 07:34 - 2019-07-30 03:47 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-08-14 07:34 - 2019-07-30 03:47 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-08-14 07:34 - 2019-07-30 03:47 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2019-08-14 07:34 - 2019-07-30 03:47 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-08-14 07:34 - 2019-07-30 03:47 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-08-14 07:34 - 2019-07-30 03:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-08-14 07:34 - 2019-07-30 03:47 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-08-14 07:34 - 2019-07-30 03:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-08-14 07:34 - 2019-07-30 03:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-08-14 07:34 - 2019-07-30 03:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 03:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 03:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-08-14 07:34 - 2019-07-30 03:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-08-14 07:34 - 2019-07-24 04:34 - 002752000 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-08-14 07:34 - 2019-07-19 05:34 - 002406912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-08-14 07:34 - 2019-07-13 10:38 - 000242400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2019-08-14 07:34 - 2019-07-13 10:37 - 001312992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-08-14 07:34 - 2019-07-13 10:37 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-08-14 07:34 - 2019-07-13 10:37 - 000189152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-08-14 07:34 - 2019-07-13 10:34 - 001391616 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000836608 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000335360 _____ (Microsoft Corporation) C:\Windows\system32\P2PGraph.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000180736 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000162816 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\ssdpapi.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000256512 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\Groupinghc.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-08-14 07:34 - 2019-07-13 10:22 - 000353280 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2019-08-14 07:34 - 2019-07-13 10:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2019-08-14 07:34 - 2019-07-13 10:22 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll
2019-08-14 07:34 - 2019-07-13 10:15 - 006135808 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-08-14 07:34 - 2019-07-13 10:13 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcmonitor.dll
2019-08-14 07:34 - 2019-07-13 10:07 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-08-14 07:34 - 2019-07-04 03:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-08-13 13:01 - 2019-08-13 13:07 - 667153328 _____ C:\Users\Vojta\Downloads\microsoft-flight-simulator-x.exe
2019-08-13 09:15 - 2019-08-13 09:21 - 399801429 _____ C:\Users\Vojta\Downloads\Airport.CEO.v32.7.3.rar.rar
2019-08-13 08:25 - 2019-08-13 08:25 - 000001109 _____ C:\Users\Vojta\_readme.txt
2019-08-13 08:25 - 2019-08-13 08:25 - 000001109 _____ C:\Users\Bohunka\_readme.txt
2019-08-13 08:25 - 2019-08-13 08:25 - 000001109 _____ C:\Users\Administrator\_readme.txt
2019-08-13 08:25 - 2019-08-13 08:25 - 000001109 _____ C:\_readme.txt
2019-08-13 08:22 - 2019-09-08 21:00 - 000000000 ____D C:\ProgramData\rgrCtQIGjQWGqjVB
2019-08-13 08:21 - 2019-09-08 21:00 - 000000000 ____D C:\Program Files\bDUDIwWNEIE
2019-08-13 08:21 - 2019-08-30 14:58 - 000000270 __RSH C:\Users\Vojta\ntuser.pol
2019-08-13 08:20 - 2019-08-13 08:20 - 000000000 ____D C:\Users\Vojta\AppData\Local\da568ce5-de21-4c03-9f67-820714b28a41
2019-08-13 08:20 - 2019-08-13 08:20 - 000000000 ____D C:\SystemID
2019-08-13 08:20 - 2019-08-13 08:20 - 000000000 ____D C:\ProgramData\Lamia
2019-08-13 08:19 - 2019-09-08 21:00 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\CoreTempApp
2019-08-13 08:19 - 2019-08-22 11:29 - 000000000 ____D C:\Users\Vojta\AppData\Local\Mail.Ru
2019-08-13 08:19 - 2019-08-13 08:26 - 000000000 ____D C:\Users\Vojta\AppData\Local\d4ce6a02-0d6a-4429-b795-8bda16a60e8b
2019-08-13 08:19 - 2019-08-13 08:20 - 000000000 ____D C:\ProgramData\Mail.Ru
2019-08-13 08:15 - 2019-08-22 11:29 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\uTorrent
2019-08-12 16:26 - 2019-09-08 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2019-08-12 16:26 - 2019-08-12 16:26 - 000000000 ____D C:\ProgramData\Roblox
2019-08-12 16:25 - 2019-08-12 16:25 - 000000000 ____D C:\Program Files\Roblox

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-09 10:59 - 2017-04-20 18:09 - 000000000 ____D C:\Users\Vojta\AppData\LocalLow\Mozilla
2019-09-09 10:52 - 2017-09-07 15:59 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-09-09 10:52 - 2016-12-07 13:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-09-08 21:00 - 2019-07-16 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gazstone.com
2019-09-08 21:00 - 2018-12-23 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-09-08 21:00 - 2018-11-15 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-09-08 21:00 - 2017-12-22 22:50 - 000000000 ____D C:\A Bootable USB
2019-09-08 21:00 - 2016-08-29 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-09-08 21:00 - 2016-02-11 21:34 - 000000000 ____D C:\AdwCleaner
2019-09-08 21:00 - 2016-01-09 19:59 - 000000000 ____D C:\Office
2019-09-08 21:00 - 2016-01-07 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2019-09-08 21:00 - 2016-01-07 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-09-08 21:00 - 2016-01-07 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-09-08 21:00 - 2013-03-01 13:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-09-08 21:00 - 2013-03-01 11:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-09-08 21:00 - 2013-03-01 11:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2019-09-08 21:00 - 2011-04-12 03:46 - 000000000 ___RD C:\Users\Public\Recorded TV
2019-09-08 21:00 - 2009-07-14 06:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-09-08 21:00 - 2009-07-14 04:37 - 000000000 __RHD C:\Users\Public\Libraries
2019-09-08 21:00 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\registration
2019-09-08 21:00 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2019-09-08 20:16 - 2016-01-07 18:43 - 000000000 ____D C:\Windows\system32\Macromed
2019-09-08 20:14 - 2009-07-14 06:34 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-08 20:14 - 2009-07-14 06:34 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-08 20:08 - 2016-01-07 19:03 - 000000000 ____D C:\Users\Vojta\AppData\Local\Mozilla
2019-09-08 20:06 - 2016-01-07 15:51 - 000000000 ____D C:\Users\Vojta
2019-09-08 20:06 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-07 18:58 - 2016-01-25 14:18 - 000000000 _____ C:\Users\Vojta\AppData\Roaming\FileOut.cns
2019-09-07 18:58 - 2016-01-25 14:18 - 000000000 _____ C:\Users\Vojta\AppData\Roaming\FileIn.cns
2019-09-06 09:37 - 2017-04-18 09:31 - 000000000 ____D C:\Users\Vojta\Documents\Poznámkové bloky aplikace OneNote
2019-09-06 09:36 - 2016-12-31 19:43 - 000000000 ____D C:\Users\Vojta\.android
2019-09-06 09:36 - 2016-08-29 20:18 - 000000000 ____D C:\Users\Vojta\.oracle_jre_usage
2019-09-01 09:01 - 2016-01-07 21:04 - 000000256 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2019-08-30 14:57 - 2016-12-15 12:50 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-08-30 13:55 - 2017-12-22 22:28 - 000000270 __RSH C:\ProgramData\ntuser.pol
2019-08-22 12:06 - 2018-11-15 20:01 - 000001988 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-22 11:24 - 2016-01-07 15:51 - 000001082 _____ C:\Users\Vojta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-08-19 09:30 - 2018-08-15 22:12 - 000000000 ____D C:\Windows\rescache
2019-08-15 18:58 - 2016-01-29 12:51 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-14 20:39 - 2016-01-07 18:43 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-08-14 20:39 - 2016-01-07 18:43 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-08-14 19:48 - 2011-04-12 03:37 - 000671796 _____ C:\Windows\system32\perfh005.dat
2019-08-14 19:48 - 2011-04-12 03:37 - 000142392 _____ C:\Windows\system32\perfc005.dat
2019-08-14 19:48 - 2010-11-20 23:01 - 001591750 _____ C:\Windows\system32\PerfStringBackup.INI
2019-08-14 19:41 - 2009-07-14 06:33 - 000417792 _____ C:\Windows\system32\FNTCACHE.DAT
2019-08-14 19:31 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-08-14 19:12 - 2016-01-07 20:52 - 000000000 ____D C:\Windows\system32\MRT
2019-08-14 19:06 - 2013-03-01 14:12 - 131096328 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-08-13 13:20 - 2009-07-14 06:52 - 000000000 ____D C:\Program Files\Microsoft Games
2019-08-13 08:38 - 2016-01-11 16:28 - 000000000 ___RD C:\Users\Vojta\Documents\Scanned Documents
2019-08-13 08:36 - 2013-03-01 20:43 - 000000000 ___HD C:\RPKTools
2019-08-13 08:25 - 2018-11-28 16:14 - 000000000 ____D C:\SWTOOLS
2019-08-13 08:25 - 2018-01-14 14:13 - 000000000 ____D C:\Users\Bohunka
2019-08-13 08:25 - 2016-11-16 13:17 - 000000000 ____D C:\Nová složka
2019-08-13 08:25 - 2013-03-01 20:43 - 000000000 ___HD C:\Tools
2019-08-13 08:25 - 2010-11-20 22:57 - 000000000 ____D C:\Users\Administrator
2019-08-13 08:19 - 2009-07-14 04:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-08-12 09:22 - 2009-07-14 06:53 - 000032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories ================

2019-08-14 19:45 - 2019-08-15 07:26 - 000000004 _____ () C:\ProgramData\lock.dat
2019-08-14 19:45 - 2019-08-14 19:45 - 000000008 _____ () C:\ProgramData\ts.dat
2016-01-25 14:18 - 2019-09-07 18:58 - 000000000 _____ () C:\Users\Vojta\AppData\Roaming\FileIn.cns
2016-01-25 14:18 - 2019-09-07 18:58 - 000000000 _____ () C:\Users\Vojta\AppData\Roaming\FileOut.cns
2016-02-14 12:53 - 2016-02-14 19:55 - 000038214 _____ () C:\Users\Vojta\AppData\Roaming\Hodnoty oddělené čárkami (DOS).ADR
2016-01-15 11:33 - 2016-11-12 18:06 - 000036995 _____ () C:\Users\Vojta\AppData\Roaming\Hodnoty oddělené čárkami (Windows).ADR
2016-01-15 11:39 - 2016-01-24 17:19 - 000021173 _____ () C:\Users\Vojta\AppData\Roaming\Hodnoty oddělené čárkami (Windows).EML
2018-07-13 12:09 - 2018-07-13 12:09 - 000003584 _____ () C:\Users\Vojta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-21 19:11 - 2019-01-26 14:45 - 000007633 _____ () C:\Users\Vojta\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-08-31 07:31
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-09-2019
Ran by Vojta (09-09-2019 11:00:50)
Running from C:\Users\Vojta\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2016-01-07 13:51:23)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2091321983-474696320-977629267-500 - Administrator - Disabled)
Guest (S-1-5-21-2091321983-474696320-977629267-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2091321983-474696320-977629267-1006 - Limited - Enabled)
Vojta (S-1-5-21-2091321983-474696320-977629267-1001 - Administrator - Enabled) => C:\Users\Vojta

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0016-0405-0000-0000000FF1CE}_BASICR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001A-0405-0000-0000000FF1CE}_BASICR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001B-0405-0000-0000000FF1CE}_BASICR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-0405-0000-0000000FF1CE}_BASICR_{0B7A4B67-2A38-42B1-9857-662FAB361E08}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-0407-0000-0000000FF1CE}_BASICR_{928D7B99-2BEA-49F9-83B8-20FA57860643}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-041B-0000-0000000FF1CE}_BASICR_{FDF9A959-241A-4662-A8DE-7DED9C22D160}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-006E-0405-0000-0000000FF1CE}_BASICR_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.012.20036 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.238 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.238 - Adobe)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0405-0000-0000000FF1CE}_BASICR_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0405-0000-0000000FF1CE}_BASICR_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
ATI Catalyst Install Manager (HKLM\...\{F8B54C40-8BF5-DB84-81C8-CAE26896DB1C}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0222 - Disc Soft Ltd)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HP Deskjet 3050A J611 series Nápověda (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Support Assistant (HKLM\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM\...\{79CA8D8A-8371-4146-8920-C1405318E65E}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
Image Plugin (HKLM\...\{FDC8065B-80DE-4466-B90B-2581F6D77DFF}) (Version: 3.05.0001 - Snap-on Business Solutions)
Integration Assistant 3 (HKLM\...\{3715EF4B-E9E6-462F-858A-F2E8F1C77170}) (Version: 3.07.0000 - Snap-on Business Solutions, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LaunchEpc (HKLM\...\{9D8650A4-F0F6-48CD-8332-9A03397FDFE5}) (Version: 1.05.0000 - Snap-on Business Solutions, Inc.)
Malwarebytes verze 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Basic 2007 (HKLM\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Train Simulator (HKLM\...\Train Simulator 1.0) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Cleaner (HKLM\...\{A1DC4723-0BB7-4E49-9786-B4E6326B3FF1}) (Version: 2.02.0000 - gazstone.com)
Mozilla Firefox 60.9.0 ESR (x86 cs) (HKLM\...\Mozilla Firefox 60.9.0 ESR (x86 cs)) (Version: 60.9.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.9.0.7183 - Mozilla)
MSTS Patch 1.7.00819 (HKLM\...\{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}) (Version: 1.7.081920 - George)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Roblox Player (HKLM\...\roblox-player) (Version: - Roblox Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
Train Store (Czech Language Pack) (HKLM\...\Train Store (Czech Language Pack)) (Version: - )
Train Store V3.2 (HKLM\...\Train Store V3.2) (Version: - )
Trať Bratislava-Brno-Praha pro MSTS verze BP86.02-T9-12.4.2011 (HKLM\...\Trať Bratislava-Brno-Praha pro MSTS_is1) (Version: - Zbyněk Šemora)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WiperSoft 1.2.1147.32 (HKLM\...\{AB1C8C91-4D8E-4C28-80E7-FD135FB90515}}_is1) (Version: 1.2.1147.32 - WiperSoft)
Základní software zařízení HP Deskjet 3050A J611 series (HKLM\...\{0188AB09-99C9-4396-B565-7EEE0DE76488}) (Version: 25.0.571.0 - Hewlett-Packard Co.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2018-11-28 19:57 - 2018-11-28 19:57 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-2091321983-474696320-977629267-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Vojta\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Deskjet 3050A J611 series (NET) => "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1CK431V005PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NetSoftware => "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{729301BF-3776-475E-91C3-A2FE297DD0CB}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CE861F3A-70B2-4D26-A232-671316178975}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2E907DA2-BD83-4945-9C30-8813D0A12EF2}] => (Allow) svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E3C8E682-A023-477A-9D2E-1C0208FFBCC1}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F9246F05-833C-46E9-8F87-EFE6812BCA40}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E96B0D08-33BA-4FBA-AB5E-21286CFF598D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F5A86084-A933-45BF-B5A3-56B2BC7238DF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{F730AED4-8BD1-488C-990C-2525A29F4F39}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{AE161FF4-D142-4266-BBB1-F8C582DF55D4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6237B069-5D72-49E7-AF1E-0906038ABB7E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{BC3A48F9-E569-43E2-AB00-D11F1FDD149F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

==================== Restore Points =========================

01-09-2019 09:06:15 Windows Update
04-09-2019 09:46:24 Windows Update
07-09-2019 12:27:13 Windows Update
08-09-2019 20:12:55 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/08/2019 08:08:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/08/2019 07:50:45 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: Vojta-PC)
Description: Systém Windows nemůže odstranit adresář profilů <C:\Users\tata>. Může to být způsobeno tím, že soubory v tomto adresáři jsou používány jiným programem.

PODROBNOSTI – Adresář není prázdný.

Error: (09/08/2019 07:50:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/08/2019 07:11:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/08/2019 07:10:05 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (2852) WindowsMail0: Zálohování bylo ukončeno, protože bylo zastaveno klientem nebo protože se nezdařilo připojení ke klientovi.

Error: (09/07/2019 12:24:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/07/2019 09:24:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/06/2019 06:54:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (09/09/2019 10:58:12 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error: (09/09/2019 10:58:11 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error: (09/09/2019 10:58:10 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error: (09/08/2019 08:43:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {995C996E-D918-4A8C-A302-45719A6F4EA7} se v daném časovém limitu neregistroval u služby DCOM.

Error: (09/08/2019 08:16:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (09/08/2019 08:16:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (09/08/2019 08:16:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (09/08/2019 08:07:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

==================== Memory info ===========================

BIOS: LENOVO 2RKT37AUS 01/25/2008
Motherboard: LENOVO LENOVO
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Percentage of memory in use: 58%
Total physical RAM: 3045.3 MB
Available physical RAM: 1262.59 MB
Total Virtual: 3043.67 MB
Available Virtual: 1263.16 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:83.1 GB) (Free:49.29 GB) NTFS
Drive e: (Data) (Fixed) (Total:60.61 GB) (Free:41.53 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:14.53 GB) (Free:4.44 GB) FAT32

\\?\Volume{b5570759-b543-11e5-9b67-806e6f6e6963}\ (System) (Fixed) (Total:5.33 GB) (Free:0.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 62541143)
Partition 1: (Active) - (Size=5.3 GB) - (Type=27)
Partition 2: (Not Active) - (Size=83.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=60.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0C)

==================== End of Addition.txt ============================

#8 Příspěvek od **Conder** » 09 zář 2019 18:31

OK, pockame na log z MBAM. Nalezy mozes zmazat (ak si nebudes isty, ze niektory subor je urcite cisty a potrebny).

vasekpetr1 · #9 Příspěvek od **vasekpetr1** » 09 zář 2019 21:23

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 09.09.19
Čas skenování: 11:07
Logovací soubor: 45f29d62-d2e1-11e9-8f9f-001e37364e82.json

-Informace o softwaru-
Verze: 3.8.3.2965
Verze komponentů: 1.0.613
Aktualizovat verzi balíku komponent: 1.0.12381
Licence: Bezplatný

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x86
Systém souborů: NTFS
Uživatel: Vojta-PC\Vojta

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 222450
Zjištěné hrozby: 15
Hrozby umístěné do karantény: 0
Uplynulý čas: 2 hod, 12 min, 50 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 6
Adware.Neoreklami.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PRqDsAmBDBAyI2, Žádná uživatelská akce, [14582], [526590],1.0.12381
Adware.Neoreklami.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{32675A99-4ABB-4D50-A374-1843628AC1F0}, Žádná uživatelská akce, [14582], [526590],1.0.12381
Adware.Neoreklami.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{32675A99-4ABB-4D50-A374-1843628AC1F0}, Žádná uživatelská akce, [14582], [526590],1.0.12381
Adware.Neoreklami.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PRqDsAmBDBAyI2, Žádná uživatelská akce, [850], [-1],0.0.0
Adware.Neoreklami.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32675A99-4ABB-4D50-A374-1843628AC1F0}, Žádná uživatelská akce, [850], [-1],0.0.0
Adware.Neoreklami.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32675A99-4ABB-4D50-A374-1843628AC1F0}, Žádná uživatelská akce, [850], [-1],0.0.0

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 3
Adware.Neoreklami, C:\Program Files\bDUDIwWNEIE\files, Žádná uživatelská akce, [992], [714787],1.0.12381
Adware.Neoreklami, C:\Program Files\bDUDIwWNEIE, Žádná uživatelská akce, [992], [714787],1.0.12381
Adware.Neoreklami.TskLnk, C:\ProgramData\rgrCtQIGjQWGqjVB, Žádná uživatelská akce, [850], [714788],1.0.12381

Soubor: 6
Adware.Neoreklami.Generic, C:\WINDOWS\SYSTEM32\TASKS\PRqDsAmBDBAyI2, Žádná uživatelská akce, [14582], [526590],1.0.12381
Adware.Neoreklami.TskLnk, C:\PROGRAMDATA\RGRCTQIGJQWGQJVB\PKBHQUQ.WSF, Žádná uživatelská akce, [850], [714788],1.0.12381
Adware.Neoreklami.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\PRqDsAmBDBAyI2, Žádná uživatelská akce, [850], [-1],0.0.0
Adware.Neoreklami, C:\Program Files\bDUDIwWNEIE\files\Kernel.js, Žádná uživatelská akce, [992], [714787],1.0.12381
Adware.Neoreklami, C:\Program Files\bDUDIwWNEIE\icon16.ico, Žádná uživatelská akce, [992], [714787],1.0.12381
Adware.Neoreklami, C:\Program Files\bDUDIwWNEIE\Yguip.dll, Žádná uživatelská akce, [992], [714787],1.0.12381

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

#10 Příspěvek od **Conder** » 10 zář 2019 19:52

Tieto nalezy daj zmazat.

Stiahni TDSSKiller: http://www.bleepingcomputer.com/download/tdsskiller/

Uloz na plochu a spusti ako spravca
Potvrd licencne podmienky
Klikni na Change parameters a zaskrtni "Loaded modules"
Potvrd restart PC
Po restartovani klikni na "Start Scan"
V pripade nalezu vyber u vsetkych nalezov "Skip" a klikni na "Continue"
Klikni na "Report" (vpravo hore) a tento log sem skopiruj

vasekpetr1 · #11 Příspěvek od **vasekpetr1** » 11 zář 2019 06:59

soubor má příliš mnoho znaků:

#12 Příspěvek od **Conder** » 11 zář 2019 15:58

Poprosim o obidva nove logy z FRST.

Ta hlaska o nedostatocnych pravach sa stale vyskytuje?

vasekpetr1 · #13 Příspěvek od **vasekpetr1** » 11 zář 2019 17:09

Hláška se už při stahování a instalaci TDSSKiller neobjevila, ani při MBAM.

FRST až večer nebo ráno, jsem mimo PC.

vasekpetr1 · #14 Příspěvek od **vasekpetr1** » 11 zář 2019 22:24

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-09-2019
Ran by Vojta (administrator) on VOJTA-PC (LENOVO 6077AM1) (11-09-2019 23:18:13)
Running from C:\Users\Vojta\Desktop
Loaded Profiles: Vojta (Available Profiles: Vojta)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(HP Inc. -> HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel) [File not signed] C:\Program Files\Intel\AMT\LMS.exe
(Intel) [File not signed] C:\Program Files\Intel\AMT\UNS.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14636224 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: D - D:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {018352cb-beac-11e5-8962-001e37364e82} - F:\setup.exe /autorun
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {096b1e7b-148e-11e7-b0a3-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {453d547f-d0e8-11e6-b074-001e37364e82} - G:\setup.exe /autorun
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {644377ec-c209-11e6-b06b-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {64437802-c209-11e6-b06b-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {654210fd-c89e-11e8-b1e3-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {96428a52-0102-11e9-b1c3-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {d77618c3-cf7f-11e6-b01b-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005BD7AB-90E8-40C3-8CB0-38C5C592E1AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-11] (Adobe Inc. -> Adobe)
Task: {3CBF6EE4-295D-4B7A-8393-AA5372894B96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {4276E4E2-7079-4FC4-A136-D24F702BA089} - System32\Tasks\{9CD2F391-C0A3-40CE-8BD2-AC5F63C35554} => C:\Windows\system32\pcalua.exe -a "E:\Program Files\HD Tune\unins000.exe"
Task: {5079534F-01F8-4001-A965-37176743753F} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [153768 2011-02-15] (Visan Industries -> )
Task: {5D434B00-1A6D-4C43-AF07-29118FFADA96} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [1457720 2019-09-11] (Adobe Inc. -> Adobe)
Task: {6184A915-3D13-4272-9E9F-5B332A94868B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {625E62E5-8815-4597-9750-89A6777D790D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {84AB67DB-37A6-4CE6-B1A6-7C4907CAD20E} - System32\Tasks\{121242C0-A705-473D-92BC-8B32948373DD} => C:\Windows\system32\pcalua.exe -a C:\Users\Vojta\Downloads\setup(1).exe -d C:\Users\Vojta\Downloads
Task: {89F044DD-4595-4260-8FDA-0EBAB1B746BD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [345824 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {9AD64118-7F60-4C0A-A282-54CA2D65E5E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14636224 2018-12-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BB10A299-B9F6-4F1C-A2C2-5F022977F222} - System32\Tasks\SmartShare => C:\Program Files\LG Software\LG Smart Share\SmartShareStart.exe
Task: {E1885DD8-5E83-4395-B821-79BDC0FDB036} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {E7758F04-3AE4-4E82-B07E-AF986B46B771} - System32\Tasks\Pošta => C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe [845584 2018-04-11] (Microsoft Corporation -> )
Task: {E982CA0A-BBE8-4649-957A-DFE77D23017F} - System32\Tasks\{99F3F297-D888-453C-97E3-CE55AB99E0E1} => C:\Windows\system32\pcalua.exe -a "E:\Program Files\Microsoft Games\Train Simulator\unins006.exe"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BC2DAF9C-4130-4E26-A4A3-EF85916DF03C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D48461E7-DA8F-4718-8ACD-557293A42A76}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2091321983-474696320-977629267-1001 -> DefaultScope {E6BBF592-8669-4A08-9C75-67EE5631D7BE} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-2091321983-474696320-977629267-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2091321983-474696320-977629267-1001 -> {E6BBF592-8669-4A08-9C75-67EE5631D7BE} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-10] (Oracle America, Inc. -> Oracle Corporation)
DPF: {CAFEEFAC-0018-0000-00101-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_101-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: v28pucrl.default
FF ProfilePath: C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\v28pucrl.default [2019-09-11]
FF Homepage: Mozilla\Firefox\Profiles\v28pucrl.default -> hxxps://www.seznam.cz/
FF HomepageOverride: Mozilla\Firefox\Profiles\v28pucrl.default -> Enabled: _14Members_@download.totalrecipesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\v28pucrl.default -> Enabled: _14Members_@download.totalrecipesearch.com
FF Extension: (SafeGuard) - C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\v28pucrl.default\Extensions\extension@safeguard.ws.xpi [2019-09-07]
FF Extension: (Firefox ESR configurer for OLDJAWS screen reader ) - C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\v28pucrl.default\features\{e8ff60ec-8904-42a4-b855-6a13e850f05d}\jaws-esr@mozilla.org.xpi [2019-09-10] [Legacy]
FF Extension: (Firefox ESR configurer for OLDJAWS screen reader ) - C:\Program Files\Mozilla Firefox\browser\features\jaws-esr@mozilla.org.xpi [2019-09-09] [Legacy] [not signed]
FF Extension: (Google Slides Offline) - C:\Program Files\Mozilla Firefox\browser\features\{1F811EFA-5187-46DC-8F9F-766102E95F2D}.xpi [2019-08-14] [not signed]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-11] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-07-24] (Adobe Inc. -> Adobe Systems)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1142464 2016-12-22] (Disc Soft Ltd -> Disc Soft Ltd)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5394136 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-01-19] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-01-19] (Disc Soft Ltd -> Disc Soft Ltd)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2016-11-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-11 23:18 - 2019-09-11 23:20 - 000015998 _____ C:\Users\Vojta\Desktop\FRST.txt
2019-09-11 08:04 - 2019-08-29 04:56 - 003966904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-09-11 08:04 - 2019-08-29 04:56 - 000191416 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2019-09-11 08:04 - 2019-08-29 04:56 - 000191416 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-09-11 08:04 - 2019-08-29 04:56 - 000068832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-09-11 08:04 - 2019-08-29 04:55 - 004061112 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2019-09-11 08:04 - 2019-08-29 04:55 - 001315912 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-09-11 08:04 - 2019-08-29 04:55 - 000138168 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2019-09-11 08:04 - 2019-08-29 04:55 - 000137440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-09-11 08:04 - 2019-08-29 04:52 - 001072640 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000836608 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000555520 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000261632 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:52 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:27 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-09-11 08:04 - 2019-08-29 04:27 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-09-11 08:04 - 2019-08-29 04:27 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-09-11 08:04 - 2019-08-29 04:27 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-09-11 08:04 - 2019-08-29 04:27 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-09-11 08:04 - 2019-08-29 04:27 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-09-11 08:04 - 2019-08-29 04:25 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-09-11 08:04 - 2019-08-29 04:25 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-09-11 08:04 - 2019-08-29 04:24 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-09-11 08:04 - 2019-08-29 04:22 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-09-11 08:04 - 2019-08-29 04:22 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-09-11 08:04 - 2019-08-29 04:22 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-09-11 08:04 - 2019-08-29 04:22 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-09-11 08:04 - 2019-08-29 04:22 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-09-11 08:04 - 2019-08-29 04:22 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-09-11 08:04 - 2019-08-29 04:21 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-09-11 08:04 - 2019-08-29 04:21 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-09-11 08:04 - 2019-08-29 04:21 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-09-11 08:04 - 2019-08-29 04:21 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2019-09-11 08:04 - 2019-08-29 04:21 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-09-11 08:04 - 2019-08-29 04:21 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-09-11 08:04 - 2019-08-29 04:21 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-09-11 08:04 - 2019-08-29 04:21 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-09-11 08:04 - 2019-08-29 04:21 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-09-11 08:04 - 2019-08-29 04:21 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-09-11 08:04 - 2019-08-29 04:21 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:21 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:21 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-09-11 08:04 - 2019-08-29 04:21 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-09-11 08:04 - 2019-08-27 21:59 - 000341896 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-09-11 08:04 - 2019-08-27 05:21 - 020290560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-09-11 08:04 - 2019-08-27 05:15 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-09-11 08:04 - 2019-08-27 05:14 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-09-11 08:04 - 2019-08-27 05:03 - 000496128 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-09-11 08:04 - 2019-08-27 05:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-09-11 08:04 - 2019-08-27 05:02 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-09-11 08:04 - 2019-08-27 05:02 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-09-11 08:04 - 2019-08-27 05:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-09-11 08:04 - 2019-08-27 04:59 - 002301952 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-09-11 08:04 - 2019-08-27 04:56 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-09-11 08:04 - 2019-08-27 04:56 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-09-11 08:04 - 2019-08-27 04:54 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-09-11 08:04 - 2019-08-27 04:53 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-09-11 08:04 - 2019-08-27 04:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-09-11 08:04 - 2019-08-27 04:53 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-09-11 08:04 - 2019-08-27 04:53 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-09-11 08:04 - 2019-08-27 04:47 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-09-11 08:04 - 2019-08-27 04:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-09-11 08:04 - 2019-08-27 04:40 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-09-11 08:04 - 2019-08-27 04:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-09-11 08:04 - 2019-08-27 04:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-09-11 08:04 - 2019-08-27 04:38 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2019-09-11 08:04 - 2019-08-27 04:37 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-09-11 08:04 - 2019-08-27 04:36 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-09-11 08:04 - 2019-08-27 04:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-09-11 08:04 - 2019-08-27 04:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-09-11 08:04 - 2019-08-27 04:30 - 004112384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-09-11 08:04 - 2019-08-27 04:28 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-09-11 08:04 - 2019-08-27 04:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-09-11 08:04 - 2019-08-27 04:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-09-11 08:04 - 2019-08-27 04:27 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-09-11 08:04 - 2019-08-27 04:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-09-11 08:04 - 2019-08-27 04:23 - 013791744 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-09-11 08:04 - 2019-08-27 04:09 - 004387840 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-09-11 08:04 - 2019-08-27 04:06 - 001331712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-09-11 08:04 - 2019-08-27 04:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-09-11 08:04 - 2019-08-23 00:07 - 000530688 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-09-11 08:04 - 2019-08-21 03:59 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-09-11 08:04 - 2019-08-21 03:56 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-09-11 08:04 - 2019-08-21 03:56 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-09-11 08:04 - 2019-08-21 03:56 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-09-11 08:04 - 2019-08-21 01:26 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys
2019-09-11 08:04 - 2019-08-21 01:20 - 002406912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-09-11 08:04 - 2019-08-21 01:19 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-09-11 08:04 - 2019-08-20 04:47 - 001251840 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-09-11 08:04 - 2019-08-15 09:59 - 000583680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-09-11 08:04 - 2019-08-14 19:58 - 000253880 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2019-09-11 08:04 - 2019-08-14 19:54 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2019-09-11 08:04 - 2019-08-14 19:53 - 000253440 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2019-09-11 08:04 - 2019-08-14 06:57 - 000304640 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2019-09-11 08:04 - 2019-08-14 00:17 - 000732600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-09-11 08:04 - 2019-08-14 00:17 - 000221624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2019-09-11 08:04 - 2019-08-14 00:17 - 000137144 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-09-11 08:04 - 2019-08-14 00:13 - 000812032 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-09-11 08:04 - 2019-08-14 00:13 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2019-09-11 08:04 - 2019-08-14 00:13 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-09-11 08:04 - 2019-08-14 00:12 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-09-11 08:04 - 2019-08-14 00:12 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2019-09-11 08:04 - 2019-08-13 04:58 - 001312256 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2019-09-11 08:04 - 2019-08-13 04:58 - 000475648 _____ (Microsoft Corporation) C:\Windows\system32\msxbde40.dll
2019-09-11 08:04 - 2019-08-13 04:58 - 000353280 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2019-09-11 08:04 - 2019-08-13 04:58 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll
2019-09-11 08:04 - 2019-08-13 04:50 - 006135808 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-09-11 08:04 - 2019-08-13 02:56 - 002703360 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-09-11 08:04 - 2019-08-13 02:56 - 001460224 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-09-11 08:04 - 2019-08-13 02:56 - 000617984 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-09-11 08:04 - 2019-08-13 02:56 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-09-11 08:04 - 2019-08-13 02:56 - 000378368 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-09-11 08:04 - 2019-08-13 02:56 - 000366080 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-09-11 08:04 - 2019-08-13 02:56 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-09-11 08:04 - 2019-08-13 02:56 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-09-11 08:02 - 2019-08-16 03:02 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-09-11 08:01 - 2019-09-11 08:01 - 000076632 _____ C:\Users\Vojta\Documents\tdss vp1.rar
2019-09-11 07:59 - 2019-09-11 07:59 - 000237472 _____ C:\Users\Vojta\Documents\tdss vp1.txt
2019-09-11 07:47 - 2019-09-11 07:57 - 000475034 _____ C:\TDSSKiller.3.1.0.28_11.09.2019_07.47.49_log.txt
2019-09-11 07:45 - 2019-09-11 07:46 - 000004684 _____ C:\TDSSKiller.3.1.0.28_11.09.2019_07.45.19_log.txt
2019-09-11 07:44 - 2019-09-11 07:44 - 005054744 _____ (AO Kaspersky Lab) C:\Users\Vojta\Desktop\tdsskiller.exe
2019-09-09 11:04 - 2019-09-09 11:04 - 000002060 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-09-09 11:04 - 2019-09-09 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-09-09 11:04 - 2019-01-08 16:32 - 000128552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-09-09 11:02 - 2019-09-09 11:03 - 064333800 _____ (Malwarebytes ) C:\Users\Vojta\Downloads\mb3-setup-37469.37469-3.8.3.2965-1.0.613-1.0.11270.exe
2019-09-09 10:58 - 2019-09-09 10:56 - 001450496 _____ (Farbar) C:\Users\Vojta\Desktop\FRST.exe
2019-09-08 19:26 - 2019-09-08 19:26 - 000000000 _____ C:\Users\Vojta\Downloads\FRST.exe.q0kcpm6.partial
2019-09-08 19:09 - 2019-09-08 19:50 - 000000000 ____D C:\Users\tata
2019-09-07 14:47 - 2019-09-08 21:00 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\uTorrent Web
2019-09-07 14:45 - 2019-09-07 14:45 - 000018030 _____ C:\Users\Vojta\Downloads\[CzT]Airport_CEO_v_0_23_0_0_2017_.torrent
2019-09-07 12:45 - 2019-09-07 12:45 - 000006471 _____ C:\Users\Vojta\Downloads\[CzT]Papers_Please_v1_1_65_2013_CZ_.torrent
2019-09-07 09:18 - 2019-09-07 09:18 - 007622344 _____ (Malwarebytes) C:\Users\Vojta\Desktop\adwcleaner_7.4.1.exe
2019-09-06 17:22 - 2019-09-11 23:18 - 000000000 ____D C:\FRST
2019-09-06 17:13 - 2019-09-06 17:13 - 000000000 ___HD C:\Windows\PIF
2019-08-30 14:56 - 2019-08-30 14:56 - 000000214 _____ C:\Windows\ntbtlog.txt
2019-08-30 13:56 - 2019-08-30 13:56 - 000000000 ____D C:\Program Files\JARRUgEbUkUn
2019-08-23 16:06 - 2019-08-23 16:06 - 000467680 _____ C:\Users\Vojta\Documents\Objednávka Dmychadla a náhradní díly.mht
2019-08-22 15:31 - 2019-09-08 21:00 - 000000000 ____D C:\Program Files\WiperSoft
2019-08-22 15:30 - 2019-08-22 15:30 - 002427504 _____ (Wiper Software, UAB) C:\Users\Vojta\Downloads\WiperSoft-installer.exe
2019-08-18 11:30 - 2019-08-18 11:30 - 000000000 ____D C:\Users\Vojta\AppData\LocalLow\xHLLMjruyIoAv
2019-08-17 17:48 - 2019-08-17 17:51 - 399801000 _____ C:\Users\Vojta\Downloads\Airport.CEO.v32.7.3.rar
2019-08-17 09:38 - 2019-08-17 11:04 - 000000160 _____ C:\Users\Vojta\AppData\LocalLow\rbxcsettings.rbx
2019-08-14 19:45 - 2019-08-15 07:26 - 000000004 _____ C:\ProgramData\lock.dat
2019-08-14 19:45 - 2019-08-14 19:45 - 000000008 _____ C:\ProgramData\ts.dat
2019-08-14 19:45 - 2019-08-14 19:45 - 000000004 _____ C:\ProgramData\irw.atsd
2019-08-14 07:34 - 2019-07-30 04:16 - 001425920 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-08-14 07:34 - 2019-07-30 04:16 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-08-14 07:34 - 2019-07-30 03:54 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-08-14 07:34 - 2019-07-24 04:34 - 002752000 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-08-14 07:34 - 2019-07-13 10:38 - 000242400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2019-08-14 07:34 - 2019-07-13 10:37 - 001312992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-08-14 07:34 - 2019-07-13 10:37 - 000189152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-08-14 07:34 - 2019-07-13 10:34 - 001391616 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000335360 _____ (Microsoft Corporation) C:\Windows\system32\P2PGraph.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000180736 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000162816 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\ssdpapi.dll
2019-08-14 07:34 - 2019-07-13 10:34 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000256512 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\Groupinghc.dll
2019-08-14 07:34 - 2019-07-13 10:33 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2019-08-14 07:34 - 2019-07-13 10:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2019-08-14 07:34 - 2019-07-13 10:13 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcmonitor.dll
2019-08-14 07:34 - 2019-07-04 03:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-08-13 13:01 - 2019-08-13 13:07 - 667153328 _____ C:\Users\Vojta\Downloads\microsoft-flight-simulator-x.exe
2019-08-13 09:15 - 2019-08-13 09:21 - 399801429 _____ C:\Users\Vojta\Downloads\Airport.CEO.v32.7.3.rar.rar
2019-08-13 08:25 - 2019-08-13 08:25 - 000001109 _____ C:\Users\Vojta\_readme.txt
2019-08-13 08:25 - 2019-08-13 08:25 - 000001109 _____ C:\Users\Bohunka\_readme.txt
2019-08-13 08:25 - 2019-08-13 08:25 - 000001109 _____ C:\Users\Administrator\_readme.txt
2019-08-13 08:25 - 2019-08-13 08:25 - 000001109 _____ C:\_readme.txt
2019-08-13 08:21 - 2019-08-30 14:58 - 000000270 __RSH C:\Users\Vojta\ntuser.pol
2019-08-13 08:20 - 2019-08-13 08:20 - 000000000 ____D C:\Users\Vojta\AppData\Local\da568ce5-de21-4c03-9f67-820714b28a41
2019-08-13 08:20 - 2019-08-13 08:20 - 000000000 ____D C:\SystemID
2019-08-13 08:20 - 2019-08-13 08:20 - 000000000 ____D C:\ProgramData\Lamia
2019-08-13 08:19 - 2019-09-08 21:00 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\CoreTempApp
2019-08-13 08:19 - 2019-08-22 11:29 - 000000000 ____D C:\Users\Vojta\AppData\Local\Mail.Ru
2019-08-13 08:19 - 2019-08-13 08:26 - 000000000 ____D C:\Users\Vojta\AppData\Local\d4ce6a02-0d6a-4429-b795-8bda16a60e8b
2019-08-13 08:19 - 2019-08-13 08:20 - 000000000 ____D C:\ProgramData\Mail.Ru
2019-08-13 08:15 - 2019-08-22 11:29 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\uTorrent
2019-08-12 16:26 - 2019-09-08 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2019-08-12 16:26 - 2019-08-12 16:26 - 000000000 ____D C:\ProgramData\Roblox
2019-08-12 16:25 - 2019-08-12 16:25 - 000000000 ____D C:\Program Files\Roblox

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-11 23:20 - 2011-04-12 03:37 - 000671796 _____ C:\Windows\system32\perfh005.dat
2019-09-11 23:20 - 2011-04-12 03:37 - 000142392 _____ C:\Windows\system32\perfc005.dat
2019-09-11 23:20 - 2010-11-20 23:01 - 001591750 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-11 23:20 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2019-09-11 23:18 - 2017-04-20 18:09 - 000000000 ____D C:\Users\Vojta\AppData\LocalLow\Mozilla
2019-09-11 23:13 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-11 23:13 - 2009-07-14 06:34 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-11 23:13 - 2009-07-14 06:34 - 000021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-11 23:13 - 2009-07-14 06:33 - 000417792 _____ C:\Windows\system32\FNTCACHE.DAT
2019-09-11 23:10 - 2016-01-11 18:46 - 000000000 ___SD C:\Windows\system32\CompatTel
2019-09-11 13:01 - 2016-01-07 21:04 - 000000256 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2019-09-11 09:39 - 2016-01-07 18:43 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-09-11 09:39 - 2016-01-07 18:43 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-09-11 09:39 - 2016-01-07 18:43 - 000000000 ____D C:\Windows\system32\Macromed
2019-09-09 22:28 - 2017-09-07 15:59 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-09-09 11:04 - 2018-11-15 20:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-09-09 10:52 - 2016-12-07 13:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-09-08 21:00 - 2019-07-16 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gazstone.com
2019-09-08 21:00 - 2018-12-23 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-09-08 21:00 - 2017-12-22 22:50 - 000000000 ____D C:\A Bootable USB
2019-09-08 21:00 - 2016-08-29 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-09-08 21:00 - 2016-02-11 21:34 - 000000000 ____D C:\AdwCleaner
2019-09-08 21:00 - 2016-01-09 19:59 - 000000000 ____D C:\Office
2019-09-08 21:00 - 2016-01-07 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2019-09-08 21:00 - 2016-01-07 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-09-08 21:00 - 2016-01-07 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-09-08 21:00 - 2013-03-01 13:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-09-08 21:00 - 2013-03-01 11:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-09-08 21:00 - 2013-03-01 11:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2019-09-08 21:00 - 2011-04-12 03:46 - 000000000 ___RD C:\Users\Public\Recorded TV
2019-09-08 21:00 - 2009-07-14 06:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-09-08 21:00 - 2009-07-14 04:37 - 000000000 __RHD C:\Users\Public\Libraries
2019-09-08 21:00 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\registration
2019-09-08 20:08 - 2016-01-07 19:03 - 000000000 ____D C:\Users\Vojta\AppData\Local\Mozilla
2019-09-08 20:06 - 2016-01-07 15:51 - 000000000 ____D C:\Users\Vojta
2019-09-07 18:58 - 2016-01-25 14:18 - 000000000 _____ C:\Users\Vojta\AppData\Roaming\FileOut.cns
2019-09-07 18:58 - 2016-01-25 14:18 - 000000000 _____ C:\Users\Vojta\AppData\Roaming\FileIn.cns
2019-09-06 09:37 - 2017-04-18 09:31 - 000000000 ____D C:\Users\Vojta\Documents\Poznámkové bloky aplikace OneNote
2019-09-06 09:36 - 2016-12-31 19:43 - 000000000 ____D C:\Users\Vojta\.android
2019-09-06 09:36 - 2016-08-29 20:18 - 000000000 ____D C:\Users\Vojta\.oracle_jre_usage
2019-08-30 14:57 - 2016-12-15 12:50 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-08-30 13:55 - 2017-12-22 22:28 - 000000270 __RSH C:\ProgramData\ntuser.pol
2019-08-22 11:24 - 2016-01-07 15:51 - 000001082 _____ C:\Users\Vojta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-08-19 09:30 - 2018-08-15 22:12 - 000000000 ____D C:\Windows\rescache
2019-08-15 18:58 - 2016-01-29 12:51 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-14 19:31 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-08-14 19:12 - 2016-01-07 20:52 - 000000000 ____D C:\Windows\system32\MRT
2019-08-14 19:06 - 2013-03-01 14:12 - 131096328 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-08-13 13:20 - 2009-07-14 06:52 - 000000000 ____D C:\Program Files\Microsoft Games
2019-08-13 08:38 - 2016-01-11 16:28 - 000000000 ___RD C:\Users\Vojta\Documents\Scanned Documents
2019-08-13 08:36 - 2013-03-01 20:43 - 000000000 ___HD C:\RPKTools
2019-08-13 08:25 - 2018-11-28 16:14 - 000000000 ____D C:\SWTOOLS
2019-08-13 08:25 - 2018-01-14 14:13 - 000000000 ____D C:\Users\Bohunka
2019-08-13 08:25 - 2016-11-16 13:17 - 000000000 ____D C:\Nová složka
2019-08-13 08:25 - 2013-03-01 20:43 - 000000000 ___HD C:\Tools
2019-08-13 08:25 - 2010-11-20 22:57 - 000000000 ____D C:\Users\Administrator
2019-08-13 08:19 - 2009-07-14 04:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-08-12 09:22 - 2009-07-14 06:53 - 000032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories ================

2019-08-14 19:45 - 2019-08-15 07:26 - 000000004 _____ () C:\ProgramData\lock.dat
2019-08-14 19:45 - 2019-08-14 19:45 - 000000008 _____ () C:\ProgramData\ts.dat
2016-01-25 14:18 - 2019-09-07 18:58 - 000000000 _____ () C:\Users\Vojta\AppData\Roaming\FileIn.cns
2016-01-25 14:18 - 2019-09-07 18:58 - 000000000 _____ () C:\Users\Vojta\AppData\Roaming\FileOut.cns
2016-02-14 12:53 - 2016-02-14 19:55 - 000038214 _____ () C:\Users\Vojta\AppData\Roaming\Hodnoty oddělené čárkami (DOS).ADR
2016-01-15 11:33 - 2016-11-12 18:06 - 000036995 _____ () C:\Users\Vojta\AppData\Roaming\Hodnoty oddělené čárkami (Windows).ADR
2016-01-15 11:39 - 2016-01-24 17:19 - 000021173 _____ () C:\Users\Vojta\AppData\Roaming\Hodnoty oddělené čárkami (Windows).EML
2018-07-13 12:09 - 2018-07-13 12:09 - 000003584 _____ () C:\Users\Vojta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-21 19:11 - 2019-01-26 14:45 - 000007633 _____ () C:\Users\Vojta\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-09-10 13:23
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-09-2019
Ran by Vojta (11-09-2019 23:22:29)
Running from C:\Users\Vojta\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2016-01-07 13:51:23)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2091321983-474696320-977629267-500 - Administrator - Disabled)
Guest (S-1-5-21-2091321983-474696320-977629267-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2091321983-474696320-977629267-1006 - Limited - Enabled)
Vojta (S-1-5-21-2091321983-474696320-977629267-1001 - Administrator - Enabled) => C:\Users\Vojta

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0016-0405-0000-0000000FF1CE}_BASICR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001A-0405-0000-0000000FF1CE}_BASICR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001B-0405-0000-0000000FF1CE}_BASICR_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-0405-0000-0000000FF1CE}_BASICR_{0B7A4B67-2A38-42B1-9857-662FAB361E08}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-0407-0000-0000000FF1CE}_BASICR_{928D7B99-2BEA-49F9-83B8-20FA57860643}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-001F-041B-0000-0000000FF1CE}_BASICR_{FDF9A959-241A-4662-A8DE-7DED9C22D160}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-006E-0405-0000-0000000FF1CE}_BASICR_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.012.20036 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.255 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.255 - Adobe)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0405-0000-0000000FF1CE}_BASICR_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0405-0000-0000000FF1CE}_BASICR_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
ATI Catalyst Install Manager (HKLM\...\{F8B54C40-8BF5-DB84-81C8-CAE26896DB1C}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0222 - Disc Soft Ltd)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HP Deskjet 3050A J611 series Nápověda (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Support Assistant (HKLM\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM\...\{79CA8D8A-8371-4146-8920-C1405318E65E}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
Image Plugin (HKLM\...\{FDC8065B-80DE-4466-B90B-2581F6D77DFF}) (Version: 3.05.0001 - Snap-on Business Solutions)
Integration Assistant 3 (HKLM\...\{3715EF4B-E9E6-462F-858A-F2E8F1C77170}) (Version: 3.07.0000 - Snap-on Business Solutions, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LaunchEpc (HKLM\...\{9D8650A4-F0F6-48CD-8332-9A03397FDFE5}) (Version: 1.05.0000 - Snap-on Business Solutions, Inc.)
Malwarebytes verze 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Basic 2007 (HKLM\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Train Simulator (HKLM\...\Train Simulator 1.0) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Cleaner (HKLM\...\{A1DC4723-0BB7-4E49-9786-B4E6326B3FF1}) (Version: 2.02.0000 - gazstone.com)
Mozilla Firefox 60.9.0 ESR (x86 cs) (HKLM\...\Mozilla Firefox 60.9.0 ESR (x86 cs)) (Version: 60.9.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.9.0.7183 - Mozilla)
MSTS Patch 1.7.00819 (HKLM\...\{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}) (Version: 1.7.081920 - George)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Roblox Player (HKLM\...\roblox-player) (Version: - Roblox Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
Train Store (Czech Language Pack) (HKLM\...\Train Store (Czech Language Pack)) (Version: - )
Train Store V3.2 (HKLM\...\Train Store V3.2) (Version: - )
Trať Bratislava-Brno-Praha pro MSTS verze BP86.02-T9-12.4.2011 (HKLM\...\Trať Bratislava-Brno-Praha pro MSTS_is1) (Version: - Zbyněk Šemora)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WiperSoft 1.2.1147.32 (HKLM\...\{AB1C8C91-4D8E-4C28-80E7-FD135FB90515}}_is1) (Version: 1.2.1147.32 - WiperSoft)
Základní software zařízení HP Deskjet 3050A J611 series (HKLM\...\{0188AB09-99C9-4396-B565-7EEE0DE76488}) (Version: 25.0.571.0 - Hewlett-Packard Co.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2018-11-28 19:57 - 2018-11-28 19:57 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67265887.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67265887.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-2091321983-474696320-977629267-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Vojta\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Deskjet 3050A J611 series (NET) => "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1CK431V005PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NetSoftware => "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{729301BF-3776-475E-91C3-A2FE297DD0CB}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CE861F3A-70B2-4D26-A232-671316178975}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2E907DA2-BD83-4945-9C30-8813D0A12EF2}] => (Allow) svchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E3C8E682-A023-477A-9D2E-1C0208FFBCC1}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F9246F05-833C-46E9-8F87-EFE6812BCA40}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E96B0D08-33BA-4FBA-AB5E-21286CFF598D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F5A86084-A933-45BF-B5A3-56B2BC7238DF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{F730AED4-8BD1-488C-990C-2525A29F4F39}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{AE161FF4-D142-4266-BBB1-F8C582DF55D4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6237B069-5D72-49E7-AF1E-0906038ABB7E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{BC3A48F9-E569-43E2-AB00-D11F1FDD149F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

==================== Restore Points =========================

07-09-2019 12:27:13 Windows Update
08-09-2019 20:12:55 Windows Update
11-09-2019 13:07:37 Windows Update
11-09-2019 23:17:02 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/11/2019 11:14:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/11/2019 07:49:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/10/2019 12:57:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/09/2019 10:30:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/08/2019 08:08:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/08/2019 07:50:45 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: Vojta-PC)
Description: Systém Windows nemůže odstranit adresář profilů <C:\Users\tata>. Může to být způsobeno tím, že soubory v tomto adresáři jsou používány jiným programem.

PODROBNOSTI – Adresář není prázdný.

Error: (09/08/2019 07:50:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/08/2019 07:11:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (09/11/2019 11:14:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/11/2019 11:12:08 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (09/11/2019 11:10:06 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (09/11/2019 07:57:53 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (09/11/2019 07:57:53 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (09/11/2019 07:57:49 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (09/11/2019 07:48:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/11/2019 07:47:18 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

==================== Memory info ===========================

BIOS: LENOVO 2RKT37AUS 01/25/2008
Motherboard: LENOVO LENOVO
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
Percentage of memory in use: 68%
Total physical RAM: 3045.3 MB
Available physical RAM: 947.88 MB
Total Virtual: 3043.67 MB
Available Virtual: 1182.28 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:83.1 GB) (Free:48.62 GB) NTFS
Drive e: (Data) (Fixed) (Total:60.61 GB) (Free:41.53 GB) NTFS

\\?\Volume{b5570759-b543-11e5-9b67-806e6f6e6963}\ (System) (Fixed) (Total:5.33 GB) (Free:0.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 62541143)
Partition 1: (Active) - (Size=5.3 GB) - (Type=27)
Partition 2: (Not Active) - (Size=83.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=60.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#15 Příspěvek od **Conder** » 12 zář 2019 18:40

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
CMD: type "C:\ProgramData\lock.dat"
CMD: type "C:\ProgramData\ts.dat"
ExportKey: HKLM\System\CurrentControlSet\Services\67265887.sys

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: D - D:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {018352cb-beac-11e5-8962-001e37364e82} - F:\setup.exe /autorun
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {096b1e7b-148e-11e7-b0a3-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {453d547f-d0e8-11e6-b074-001e37364e82} - G:\setup.exe /autorun
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {644377ec-c209-11e6-b06b-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {64437802-c209-11e6-b06b-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {654210fd-c89e-11e8-b1e3-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {96428a52-0102-11e9-b1c3-001e37364e82} - F:\autorun.exe
HKU\S-1-5-21-2091321983-474696320-977629267-1001\...\MountPoints2: {d77618c3-cf7f-11e6-b01b-806e6f6e6963} - F:\autorun.exe
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Task: {4276E4E2-7079-4FC4-A136-D24F702BA089} - System32\Tasks\{9CD2F391-C0A3-40CE-8BD2-AC5F63C35554} => C:\Windows\system32\pcalua.exe -a "E:\Program Files\HD Tune\unins000.exe"
Task: {84AB67DB-37A6-4CE6-B1A6-7C4907CAD20E} - System32\Tasks\{121242C0-A705-473D-92BC-8B32948373DD} => C:\Windows\system32\pcalua.exe -a C:\Users\Vojta\Downloads\setup(1).exe -d C:\Users\Vojta\Downloads
Task: {E982CA0A-BBE8-4649-957A-DFE77D23017F} - System32\Tasks\{99F3F297-D888-453C-97E3-CE55AB99E0E1} => C:\Windows\system32\pcalua.exe -a "E:\Program Files\Microsoft Games\Train Simulator\unins006.exe"
SearchScopes: HKU\S-1-5-21-2091321983-474696320-977629267-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF HomepageOverride: Mozilla\Firefox\Profiles\v28pucrl.default -> Enabled: _14Members_@download.totalrecipesearch.com
FF NewTabOverride: Mozilla\Firefox\Profiles\v28pucrl.default -> Enabled: _14Members_@download.totalrecipesearch.com
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X]
2019-08-14 19:45 - 2019-08-15 07:26 - 000000004 _____ () C:\ProgramData\lock.dat
2019-08-14 19:45 - 2019-08-14 19:45 - 000000008 _____ () C:\ProgramData\ts.dat
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67265887.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67265887.sys => ""="Driver"

Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

VIRY.CZ

Kontrola logu po útoku ransomware .coharos

Kontrola logu po útoku ransomware .coharos

Re: Kontrola logu po útoku ransomware .coharos

Re: Kontrola logu po útoku ransomware .coharos

Re: Kontrola logu po útoku ransomware .coharos

Re: Kontrola logu po útoku ransomware .coharos

Re: Kontrola logu po útoku ransomware .coharos

Re: Kontrola logu po útoku ransomware .coharos

Re: Kontrola logu po útoku ransomware .coharos

Re: Kontrola logu po útoku ransomware .coharos

Re: Kontrola logu po útoku ransomware .coharos

Re: Kontrola logu po útoku ransomware .coharos

Re: Kontrola logu po útoku ransomware .coharos

Re: Kontrola logu po útoku ransomware .coharos

Re: Kontrola logu po útoku ransomware .coharos

Re: Kontrola logu po útoku ransomware .coharos