podezření na troského koně prosím pomoc
- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-11-2019 01
Ran by Veronika (administrator) on VERONIKA-PC (LENOVO 20023) (27-11-2019 21:51:25)
Running from C:\Users\Veronika\Desktop
Loaded Profiles: Veronika (Available Profiles: Veronika)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
( ) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-ERJ8V.tmp\MoocBook.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\1nky1jwt45z\kv2tv5dpdjl.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\4mkesqzbvjd\5vszy2zupf4.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\4tdsyg1xuak\3tiaxndvusa.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\51n0j51ornz\ntbdsdu1fct.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\530lw4d4wou\5t5k5g1ofvz.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\bco2mddg4r1\i15zv3jcti1.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\bd2kuduw0nr\2n3ibfg1ec5.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\bzysrq1tlc1\a1h5k0jauph.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\eatapus41nh\3fkmhanidm5.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\fpf4lzxkryn\4qg3muv2uaa.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\lfhmwh0wtzs\xm20ix1nee4.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\lvtdtvv4jvk\ntnum1b1rzf.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\sngjdbtb5ds\h0kvbbqacex.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\tuv3jiac4dt\p2dt5oljwnw.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\u24yc2snotw\smcgaai3a2x.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\vr45qzmhjlh\zcktoyfadwf.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\xggzgvlsfut\r0khvgfjtem.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\xyh4gkr1jsl\pq3al0mevo0.exe
( ) [File not signed] C:\Users\Veronika\AppData\Roaming\zexwy2g5ogk\ki3wnlvozzk.exe
() [File not signed] C:\Program Files (x86)\MachinerData\inLJ3nrTK3AKJA75.exe
() [File not signed] C:\Program Files (x86)\MachinerData\main.exe
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-02HL1.tmp\h0kvbbqacex.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-0JFGU.tmp\p2dt5oljwnw.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-1BRU5.tmp\xm20ix1nee4.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-3REG3.tmp\ntbdsdu1fct.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-4MHR9.tmp\ntnum1b1rzf.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-5UHTJ.tmp\pq3al0mevo0.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-893SD.tmp\2n3ibfg1ec5.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-8GE4O.tmp\smcgaai3a2x.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-9LKEQ.tmp\a1h5k0jauph.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-BKIEI.tmp\3tiaxndvusa.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-DUTK1.tmp\3fkmhanidm5.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-G9204.tmp\kv2tv5dpdjl.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-HPTAU.tmp\5t5k5g1ofvz.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-I01BH.tmp\r0khvgfjtem.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-KCVFS.tmp\i15zv3jcti1.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-MPV2U.tmp\5vszy2zupf4.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-N9PHD.tmp\ki3wnlvozzk.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-QRTVQ.tmp\4qg3muv2uaa.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-S3RHP.tmp\MoocBook.tmp
() [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-TC2DF.tmp\zcktoyfadwf.tmp
(AMS Software) [File not signed] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(AMS Software) [File not signed] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(AMS Software) [File not signed] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(AMS Software) [File not signed] C:\ProgramData\WIFIService\WIFIService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Inc -> Malwarebytes) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [ntpjlwwqkjz] => C:\Program Files (x86)\eCertification\650269432.exe [481280 2019-11-26] (Merit) [File not signed]
HKLM\ DisallowedCertificates: 0A0CF21F2AD2796FCC1309F2993659FC9F4BBFB9 (U)
HKLM\ DisallowedCertificates: 1518752920E9221E1FE1728AACAC536728B37BA7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 1B581436B0ED7536755B8B1C81112509A5AAF6ED (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 328E73F58737F1AB8DB0DA98FECFA17EB7BFAA40 (U)
HKLM\ DisallowedCertificates: 3C92C9274AB6D3DD520B13029A2490C4A1D98BC0 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 4E393AA1586C93E0BC9E7FEBCF7BFB62066DC22A (U)
HKLM\ DisallowedCertificates: 4E564B9FBCE8F496FFF51278CCD14EE17F09A1CE (U)
HKLM\ DisallowedCertificates: 58939B78BC28EF464220127BB754E3D130306988 (U)
HKLM\ DisallowedCertificates: 5AACB6A43D9D806E6963937BE702B7A43C1978AE (U)
HKLM\ DisallowedCertificates: 5DE56B2BAAA995F447949B869356528F91230A49 (U)
HKLM\ DisallowedCertificates: 7450C07722C75E711EF24209A22F0C5C6A5BEC4E (U)
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 78C55D604474B534EB2B565CAD312FC7D71FE9DE (U)
HKLM\ DisallowedCertificates: 816BE9397F66D1A26EFA04035BCA3BB9E3779740 (U)
HKLM\ DisallowedCertificates: 8887AF2636E0D3B763AC4D56729218AF89653CA4 (U)
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 8B6DD299C6E4092040E98EB773F3818DF50B038D (U)
HKLM\ DisallowedCertificates: 8DC9FE53D5F1D7D558EBE131E922730780D88865 (U)
HKLM\ DisallowedCertificates: 9A32249E9A6B9CF5C36B0749C81613524D37C594 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: AA8399A239AE1785200917D32C21F6B662477BE4 (U)
HKLM\ DisallowedCertificates: AEEA60E86C66327BFBB8492C33122687AB2B5D91 (U)
HKLM\ DisallowedCertificates: B7E607E1FB8943C634580F621788C01C962E8280 (U)
HKLM\ DisallowedCertificates: BDEEFEC5F002E281B2292A8C72EACA468CBF9952 (U)
HKLM\ DisallowedCertificates: BE894F99B870DA5FCA623F7F4A85D3970A46CDE1 (U)
HKLM\ DisallowedCertificates: BF9254919794C1075EA027889C5D304F1121C653 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: D70D7D00CA12E1B3E20F3BF7534DEB2C2E7C2404 (U)
HKLM\ DisallowedCertificates: DBFAD9D59A6A07DCEB004DBE2DC246B547249E86 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: E27AA5FFDCA62A60E435292A243D0C6D43DCC513 (U)
HKLM\ DisallowedCertificates: E4A0C1054F8025DD88EE5053094A9A61661AE123 (U)
HKLM\ DisallowedCertificates: F75019695C0504E3ABEFEDCD8FBE500DA08EC8FA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [83524968 2019-11-12] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [9760501] => C:\Users\Veronika\AppData\Local\Temp\is-ERJ8V.tmp\MoocBook.exe [4761857 2019-11-26] ( ) [File not signed] <==== ATTENTION
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4841868] => C:\Users\Veronika\AppData\Roaming\1nky1jwt45z\kv2tv5dpdjl.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [5584817] => C:\Users\Veronika\AppData\Roaming\sngjdbtb5ds\h0kvbbqacex.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [590287] => C:\Users\Veronika\AppData\Roaming\bzysrq1tlc1\a1h5k0jauph.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [5665255] => C:\Users\Veronika\AppData\Roaming\lfhmwh0wtzs\xm20ix1nee4.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [7297948] => C:\Users\Veronika\AppData\Roaming\4mkesqzbvjd\5vszy2zupf4.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [2842562] => C:\Users\Veronika\AppData\Roaming\vr45qzmhjlh\zcktoyfadwf.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [8146983] => C:\Users\Veronika\AppData\Roaming\530lw4d4wou\5t5k5g1ofvz.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [2651579] => C:\Users\Veronika\AppData\Roaming\51n0j51ornz\ntbdsdu1fct.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [3207748] => C:\Users\Veronika\AppData\Roaming\eatapus41nh\3fkmhanidm5.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4302746] => C:\Users\Veronika\AppData\Roaming\tuv3jiac4dt\p2dt5oljwnw.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4312007] => C:\Users\Veronika\AppData\Roaming\fpf4lzxkryn\4qg3muv2uaa.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [2875838] => C:\Users\Veronika\AppData\Roaming\lvtdtvv4jvk\ntnum1b1rzf.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [3234451] => C:\Users\Veronika\AppData\Roaming\bd2kuduw0nr\2n3ibfg1ec5.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [454306] => C:\Users\Veronika\AppData\Roaming\u24yc2snotw\smcgaai3a2x.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [8750413] => C:\Users\Veronika\AppData\Roaming\bco2mddg4r1\i15zv3jcti1.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [4316658] => C:\Users\Veronika\AppData\Roaming\zexwy2g5ogk\ki3wnlvozzk.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [287421] => C:\Users\Veronika\AppData\Roaming\4tdsyg1xuak\3tiaxndvusa.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [9157455] => C:\Users\Veronika\AppData\Roaming\xyh4gkr1jsl\pq3al0mevo0.exe [4761857 2019-11-26] ( ) [File not signed]
HKU\S-1-5-21-966870082-2284507984-435399636-1001\...\Run: [1573082] => C:\Users\Veronika\AppData\Roaming\xggzgvlsfut\r0khvgfjtem.exe [4503502 2019-11-27] ( ) [File not signed]
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\Installer\chrmstp.exe [2019-11-25] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {087FE49D-89E7-4FE8-95AB-598229594171} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [4292608 2019-11-26] (AMS Software) [File not signed]
Task: {09198B41-0F32-466B-BE7C-FE258EDBEF8E} - System32\Tasks\{E19CFB28-FF11-41CE-971E-28CFC0AB2947} => C:\Windows\system32\pcalua.exe -a C:\Users\Veronika\AppData\Local\Temp\Uninstall.exe -d C:\Users\Veronika\AppData\Local\Temp <==== ATTENTION
Task: {211DADC8-BA36-437A-8D5E-A7A46BD89132} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {3465FA29-1DF6-49BB-9B9E-BF9F4587E571} - System32\Tasks\Games\UpdateCheck_S-1-5-21-966870082-2284507984-435399636-1001 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {34787DC9-FE1A-4C13-AA57-E2F46EB66EDF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [4292608 2019-11-26] (AMS Software) [File not signed]
Task: {4826603D-CD07-41A2-B5B1-63593DC685E8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {74368A99-76D6-46DF-8CF3-5DC86705E409} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {9423663B-BB96-41A8-BBB2-C077893A92ED} - System32\Tasks\gXlzblTuor => C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\gXlzblTuor\gXlzblTuor.dll",gXlzblTuor <==== ATTENTION
Task: {A08CA1F1-EDF7-475D-B42F-E43C3C153425} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {ADE9E4EB-B17E-452E-A6DC-1D0F270D70A3} - System32\Tasks\SlimDrivers Scan => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [29877336 2018-07-09] (Slimware Utilities Holdings, Inc. -> SlimWare Utilities, Inc.)
Task: {EBFC38AE-BF5B-4ABE-BBFD-E3F91EC0CFD8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {FA9A9017-F87C-41D2-A392-4235B0E01DA1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\SlimDrivers Scan.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{0750AF29-670A-49B3-87A6-18EF5ACF4A94}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{C30AADCB-172C-4238-836F-0A5EB4CAD793}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Internet Explorer:
==================
HKU\S-1-5-21-966870082-2284507984-435399636-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/cs-cz/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-07-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-15] (Google Inc -> Google LLC)
Chrome:
=======
CHR Profile: C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default [2019-11-27]
CHR Extension: (Prezentace) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-21]
CHR Extension: (Dokumenty) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-21]
CHR Extension: (Disk Google) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-21]
CHR Extension: (YouTube) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-21]
CHR Extension: (Tabulky) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-13]
CHR Extension: (Gmail) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-21]
CHR Extension: (Chrome Media Router) - C:\Users\Veronika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-31]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [4292608 2019-11-26] (AMS Software) [File not signed]
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [4292608 2019-11-26] (AMS Software) [File not signed]
R2 Main Service; C:\Program Files (x86)\MachinerData\inLJ3nrTK3AKJA75.exe [2846208 2019-11-26] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-27] (Malwarebytes Inc -> Malwarebytes) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 WIFIService; C:\ProgramData\WIFIService\WIFIService.exe [4292608 2019-11-26] (AMS Software) [File not signed] <==== ATTENTION
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [53800 2018-11-21] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13920 2019-11-25] (SlimWare Utilities Inc. -> )
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [197376 2009-10-16] (Microsoft Windows Hardware Compatibility Publisher -> SMI)
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\13.3.20238.213\QMUdisk64.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\13.3.20238.213\softaal64.sys [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\13.3.20238.213\TsNetHlpX64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-27 21:51 - 2019-11-27 21:53 - 000025735 _____ C:\Users\Veronika\Desktop\FRST.txt
2019-11-27 21:50 - 2019-11-27 21:50 - 000007369 _____ C:\Users\Veronika\Downloads\Addition.txt
2019-11-27 21:32 - 2019-11-27 21:52 - 000000000 ____D C:\FRST
2019-11-27 21:32 - 2019-11-27 21:50 - 000039037 _____ C:\Users\Veronika\Downloads\FRST.txt
2019-11-27 21:30 - 2019-11-27 21:31 - 002262016 _____ (Farbar) C:\Users\Veronika\Desktop\FRST64.exe
2019-11-27 21:27 - 2019-11-27 21:27 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-11-27 21:27 - 2019-11-27 21:27 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-11-27 21:27 - 2019-11-27 21:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-11-27 21:25 - 2019-11-27 21:24 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-11-27 21:24 - 2019-11-27 21:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-11-27 21:22 - 2019-11-27 21:22 - 000000000 ____D C:\Program Files\Malwarebytes
2019-11-27 21:21 - 2019-11-27 21:22 - 001883976 _____ (Malwarebytes) C:\Users\Veronika\Downloads\MBSetup.exe
2019-11-27 21:21 - 2019-11-27 21:22 - 001883976 _____ (Malwarebytes) C:\Users\Veronika\Downloads\MBSetup (1).exe
2019-11-27 18:54 - 2019-11-27 21:55 - 000000004 _____ C:\ProgramData\rc.dat
2019-11-27 18:53 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\IPJFH4JKHZ
2019-11-27 18:53 - 2019-11-27 19:03 - 000000016 _____ C:\ProgramData\irw.atsd
2019-11-27 18:53 - 2019-11-27 18:53 - 000000008 _____ C:\ProgramData\ts.dat
2019-11-27 18:53 - 2019-11-27 18:53 - 000000004 _____ C:\ProgramData\lock.dat
2019-11-27 18:53 - 2019-11-27 18:53 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\xggzgvlsfut
2019-11-26 15:25 - 2019-11-26 15:25 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\xyh4gkr1jsl
2019-11-26 15:15 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\JUIQYG9EOD
2019-11-26 15:15 - 2019-11-26 15:15 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\4tdsyg1xuak
2019-11-26 15:04 - 2019-11-26 15:05 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\zexwy2g5ogk
2019-11-26 14:53 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\Y8AEA5ZTBW
2019-11-26 14:53 - 2019-11-26 14:53 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\bco2mddg4r1
2019-11-26 14:42 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\D1O9U7J0B1
2019-11-26 14:42 - 2019-11-26 14:42 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\u24yc2snotw
2019-11-26 14:32 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\YQU2UKK1V9
2019-11-26 14:32 - 2019-11-26 14:32 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\bd2kuduw0nr
2019-11-26 14:23 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\EFPFJ7GM61
2019-11-26 14:22 - 2019-11-26 14:23 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\lvtdtvv4jvk
2019-11-26 14:10 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\ZT9NCEXCAJ
2019-11-26 14:00 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\QJ3CEGZCB0
2019-11-26 14:00 - 2019-11-26 14:00 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\fpf4lzxkryn
2019-11-26 13:49 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\K4RUKIW5PV
2019-11-26 13:49 - 2019-11-26 13:49 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\tuv3jiac4dt
2019-11-26 13:37 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\F5N3PJ8KIB
2019-11-26 13:37 - 2019-11-26 13:37 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\eatapus41nh
2019-11-26 13:27 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\RL9BDDHZUZ
2019-11-26 13:27 - 2019-11-26 13:27 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\51n0j51ornz
2019-11-26 13:16 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\2WZXD4F86N
2019-11-26 13:16 - 2019-11-26 13:16 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\530lw4d4wou
2019-11-26 13:07 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\L40ZKRHTMW
2019-11-26 13:07 - 2019-11-26 13:07 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\vr45qzmhjlh
2019-11-26 12:56 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\LEMOQ9SXAM
2019-11-26 12:56 - 2019-11-26 12:56 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\4mkesqzbvjd
2019-11-26 12:50 - 2019-11-26 12:50 - 000000000 ____D C:\ProgramData\WIFIService
2019-11-26 12:46 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\7IIVQBB6DF
2019-11-26 12:46 - 2019-11-26 12:46 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\lfhmwh0wtzs
2019-11-26 12:44 - 2019-11-26 12:44 - 000003186 _____ C:\Windows\system32\Tasks\{E19CFB28-FF11-41CE-971E-28CFC0AB2947}
2019-11-26 12:36 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\WN6Z5WTRQJ
2019-11-26 12:36 - 2019-11-26 12:36 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\bzysrq1tlc1
2019-11-26 12:31 - 2019-11-26 12:31 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\sngjdbtb5ds
2019-11-26 12:28 - 2019-11-26 12:31 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\DRPSu
2019-11-26 12:22 - 2019-11-27 21:55 - 000016712 _____ C:\Windows\system32\Tasks\gXlzblTuor
2019-11-26 12:22 - 2019-11-27 18:52 - 000000422 __RSH C:\ProgramData\ntuser.pol
2019-11-26 12:22 - 2019-11-26 12:22 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\ScreenToGif
2019-11-26 12:22 - 2019-09-19 17:16 - 000000000 ____D C:\Program Files (x86)\gXlzblTuor
2019-11-26 12:21 - 2019-11-27 21:01 - 000000000 ____D C:\Program Files\2RSAIQOU2X
2019-11-26 12:21 - 2019-11-26 12:21 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\1nky1jwt45z
2019-11-26 12:20 - 2019-11-26 12:20 - 000000000 ____D C:\Program Files (x86)\MachinerData
2019-11-26 12:19 - 2019-11-26 12:22 - 000000000 ____D C:\Program Files (x86)\eCertification
2019-11-26 12:18 - 2019-11-26 12:18 - 005916484 _____ C:\Users\Veronika\Downloads\driver-autocom-cdp-usb_bd2e186.zip
2019-11-26 12:15 - 2019-11-26 12:15 - 013082576 _____ (TweakBit ) C:\Users\Veronika\Downloads\autocom_cdp_usb.exe
2019-11-26 12:06 - 2019-11-26 12:06 - 000050566 _____ C:\Users\Veronika\AppData\Roaming\yuhbgv.exe
2019-11-26 09:58 - 2019-11-26 09:58 - 000001306 _____ C:\Users\Public\Desktop\Skype.lnk
2019-11-26 09:58 - 2019-11-26 09:58 - 000001306 _____ C:\ProgramData\Desktop\Skype.lnk
2019-11-26 09:58 - 2019-11-26 09:58 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\Skype
2019-11-26 09:58 - 2019-11-26 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-11-25 18:49 - 2019-11-25 18:49 - 000000000 ____D C:\Program Files (x86)\Company
2019-11-25 18:39 - 2019-11-26 12:06 - 000511600 _____ (Michael P. Mehl <michael.mehl@web.de>) C:\Users\Veronika\AppData\Roaming\brtvecet4re.exe
2019-11-25 18:33 - 2019-11-25 18:33 - 001997312 _____ C:\Users\Veronika\AppData\Roaming\4gtrecwr3t4g.exe
2019-11-25 18:33 - 2019-11-25 18:33 - 000000000 ____D C:\Program Files (x86)\Opura
2019-11-25 18:30 - 2019-11-26 12:04 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\ActiveX
2019-11-25 18:29 - 2019-11-25 18:29 - 000000000 ____D C:\ProgramData\LamiaR
2019-11-25 07:42 - 2019-11-25 13:16 - 000000000 __SHD C:\Users\Veronika\wc
2019-11-25 07:42 - 2019-11-25 07:42 - 000000000 __SHD C:\Users\Veronika\AppData\Roaming\wyUpdate AU
2019-11-15 14:23 - 2019-11-27 21:06 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2019-11-15 14:23 - 2019-11-15 14:23 - 000002820 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2019-11-15 14:23 - 2019-11-15 14:23 - 000000000 ____D C:\Program Files\CCleaner
2019-11-15 14:11 - 2019-11-15 14:11 - 000000000 ____D C:\Users\Veronika\AppData\Local\CEF
2019-11-15 13:51 - 2019-11-15 13:51 - 000000000 ____D C:\Program Files\Common Files\Tencent
2019-11-15 13:50 - 2019-11-15 13:50 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\QMLogEx
2019-11-15 13:50 - 2019-11-15 13:50 - 000000000 ____D C:\ProgramData\TXQMPC
2019-11-15 13:49 - 2019-11-15 13:49 - 000000000 ____D C:\Program Files (x86)\Tencent
2019-11-15 13:45 - 2019-11-26 10:40 - 001560632 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-11-15 07:43 - 2019-11-15 14:26 - 000000000 ____D C:\ProgramData\Tencent
2019-11-15 07:43 - 2019-11-15 13:48 - 000633144 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2019-11-15 07:43 - 2019-11-15 13:48 - 000545080 _____ (Microsoft Corporation) C:\Windows\system32\vcamp140.dll
2019-11-15 07:43 - 2019-11-15 13:48 - 000440120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2019-11-15 07:43 - 2019-11-15 13:48 - 000400184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcamp140.dll
2019-11-15 07:43 - 2019-11-15 13:48 - 000395592 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2019-11-15 07:43 - 2019-11-15 13:48 - 000333632 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2019-11-15 07:43 - 2019-11-15 13:48 - 000267592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2019-11-15 07:43 - 2019-11-15 13:48 - 000244032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2019-11-15 07:43 - 2019-11-15 13:48 - 000185144 _____ (Microsoft Corporation) C:\Windows\system32\vcomp140.dll
2019-11-15 07:43 - 2019-11-15 13:48 - 000138560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcomp140.dll
2019-11-15 07:43 - 2019-11-15 13:48 - 000087880 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2019-11-15 07:43 - 2019-11-15 13:48 - 000083792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2019-11-15 07:42 - 2019-11-15 13:55 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\Tencent
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-27 21:52 - 2009-07-14 05:45 - 000014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-27 21:52 - 2009-07-14 05:45 - 000014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-27 21:16 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-11-27 20:10 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2019-11-27 18:52 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-26 12:42 - 2019-08-21 11:02 - 000000000 ____D C:\Program Files\CONEXANT
2019-11-26 12:39 - 2019-08-21 11:26 - 000000000 ____D C:\Windows\Panther
2019-11-26 12:22 - 2009-07-14 04:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-11-26 12:08 - 2019-08-21 12:01 - 000000000 ____D C:\Windows\system32\MRT
2019-11-26 12:02 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-11-26 10:52 - 2019-08-21 12:01 - 127230528 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-11-26 10:48 - 2019-08-22 10:56 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-11-26 10:48 - 2009-07-14 03:34 - 000000581 _____ C:\Windows\win.ini
2019-11-26 10:40 - 2009-07-14 16:18 - 000669274 _____ C:\Windows\system32\perfh005.dat
2019-11-26 10:40 - 2009-07-14 16:18 - 000141342 _____ C:\Windows\system32\perfc005.dat
2019-11-26 10:40 - 2009-07-14 06:13 - 001560632 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-26 09:31 - 2019-08-21 12:04 - 000000000 ____D C:\Users\Veronika\Desktop\Honza
2019-11-25 13:09 - 2019-08-21 10:43 - 000013920 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2019-11-25 12:57 - 2009-07-14 06:09 - 000000000 ____D C:\Windows\system32\Tasks\WPD
2019-11-25 08:52 - 2019-08-21 11:11 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-25 08:52 - 2019-08-21 11:11 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-25 08:52 - 2019-08-21 11:11 - 000002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-11-25 07:42 - 2019-08-21 10:34 - 000000000 ____D C:\Users\Veronika
2019-11-25 07:21 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2019-11-20 19:18 - 2019-08-21 10:43 - 000000470 _____ C:\Windows\Tasks\SlimDrivers Scan.job
2019-11-15 16:00 - 2019-09-21 15:00 - 000000000 ____D C:\Users\Veronika\Documents\Stronghold Crusader
2019-11-15 13:37 - 2019-10-27 16:00 - 000000264 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2019-11-15 13:37 - 2019-10-27 16:00 - 000000000 ____D C:\ProgramData\Delphi
2019-11-15 13:36 - 2019-10-27 15:59 - 000000000 ____D C:\Users\Veronika\AppData\Roaming\Delphi
2019-11-15 07:44 - 2019-08-21 11:09 - 000003388 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-15 07:44 - 2019-08-21 11:09 - 000003260 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-15 07:43 - 2019-08-21 11:09 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-15 07:42 - 2019-10-27 16:35 - 000000000 ____D C:\9fcdaa2dcb4d0a4db689afc6cb48e1c8
2019-11-12 22:03 - 2019-08-21 10:52 - 000748816 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-10-31 19:19 - 2019-08-21 12:29 - 000000000 ____D C:\Users\Veronika\Desktop\Verča
==================== Files in the root of some directories ========
2019-11-27 18:53 - 2019-11-27 18:53 - 000000004 _____ () C:\ProgramData\lock.dat
2019-11-27 18:54 - 2019-11-27 21:55 - 000000004 _____ () C:\ProgramData\rc.dat
2019-11-27 18:53 - 2019-11-27 18:53 - 000000008 _____ () C:\ProgramData\ts.dat
2019-11-25 18:33 - 2019-11-25 18:33 - 001997312 _____ () C:\Users\Veronika\AppData\Roaming\4gtrecwr3t4g.exe
2019-11-25 18:39 - 2019-11-26 12:06 - 000511600 _____ (Michael P. Mehl <michael.mehl@web.de>) C:\Users\Veronika\AppData\Roaming\brtvecet4re.exe
2019-11-26 12:06 - 2019-11-26 12:06 - 000050566 _____ () C:\Users\Veronika\AppData\Roaming\yuhbgv.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2019-11-26 11:52
==================== End of FRST.txt ========================
- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2019 01
Ran by Veronika (27-11-2019 21:55:47)
Running from C:\Users\Veronika\Desktop
Windows 7 Professional Service Pack 1 (X64) (2019-08-21 09:34:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-966870082-2284507984-435399636-500 - Administrator - Disabled)
Guest (S-1-5-21-966870082-2284507984-435399636-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-966870082-2284507984-435399636-1002 - Limited - Enabled)
Veronika (S-1-5-21-966870082-2284507984-435399636-1001 - Administrator - Enabled) => C:\Users\Veronika
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
Lenovo EasyCamera (HKLM\...\Lenovo EasyCamera) (Version: 5.8.0.12 - Silicon Motion)
Lenovo EasyCamera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.8.0.12 - Silicon Motion)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.101.714.2016 - Realtek)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Skype verze 8.54 (HKLM-x32\...\Skype_is1) (Version: 8.54 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{6DF079D7-2A57-4710-81B1-064649FF86FC}) (Version: 2.3.2 - Slimware Utilities Holdings, Inc.) Hidden
SlimDrivers (HKLM-x32\...\SlimDrivers) (Version: 2.3.2 - Slimware Utilities Holdings, Inc.)
Stronghold Crusader Extreme HD (HKLM-x32\...\GOGPACKSTRONGHOLDCRUSADERHD_is1) (Version: 2.0.0.6 - GOG.com)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4475564) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CD0EE05F-11E6-46FA-BB7B-D2A28C47A4F3}) (Version: - Microsoft)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2000-01-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-11-26 12:22 - 2019-09-19 17:16 - 003977728 _____ () [File not signed] C:\Program Files (x86)\gXlzblTuor\gXlzblTuor.dll
2019-11-26 09:58 - 2019-11-12 18:26 - 001901568 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2019-11-26 09:58 - 2019-11-12 18:26 - 000115712 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2019-11-26 09:58 - 2019-11-12 18:26 - 004636672 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-02HL1.tmp\h0kvbbqacex.tmp
2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-0HNNE.tmp\itdownload.dll
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-0JFGU.tmp\p2dt5oljwnw.tmp
2019-11-27 18:54 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-0VJJ2.tmp\itdownload.dll
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-1BRU5.tmp\xm20ix1nee4.tmp
2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-2B7HC.tmp\itdownload.dll
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-3REG3.tmp\ntbdsdu1fct.tmp
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-4MHR9.tmp\ntnum1b1rzf.tmp
2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-4SB3F.tmp\itdownload.dll
2019-11-27 18:54 - 2019-11-27 18:54 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-5UHTJ.tmp\pq3al0mevo0.tmp
2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-60RIP.tmp\itdownload.dll
2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-6G5U6.tmp\itdownload.dll
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-893SD.tmp\2n3ibfg1ec5.tmp
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-8GE4O.tmp\smcgaai3a2x.tmp
2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-8Q61A.tmp\itdownload.dll
2019-11-27 18:54 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-9BAMI.tmp\itdownload.dll
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-9LKEQ.tmp\a1h5k0jauph.tmp
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-BKIEI.tmp\3tiaxndvusa.tmp
2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-C3SPV.tmp\itdownload.dll
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-DUTK1.tmp\3fkmhanidm5.tmp
2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-E499G.tmp\itdownload.dll
2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-G02EM.tmp\itdownload.dll
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-G9204.tmp\kv2tv5dpdjl.tmp
2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-GVBHH.tmp\itdownload.dll
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-HPTAU.tmp\5t5k5g1ofvz.tmp
2019-11-27 18:53 - 2019-11-27 18:53 - 000814592 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-I01BH.tmp\r0khvgfjtem.tmp
2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-II5F6.tmp\itdownload.dll
2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-JAB31.tmp\itdownload.dll
2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-JNBP8.tmp\itdownload.dll
2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-K7AGM.tmp\itdownload.dll
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-KCVFS.tmp\i15zv3jcti1.tmp
2019-11-27 18:54 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-KRUOU.tmp\itdownload.dll
2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-M3SAT.tmp\itdownload.dll
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-MPV2U.tmp\5vszy2zupf4.tmp
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-N9PHD.tmp\ki3wnlvozzk.tmp
2019-11-27 18:53 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-PSVVA.tmp\itdownload.dll
2019-11-27 18:54 - 2008-10-15 16:44 - 000205312 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-Q20IF.tmp\itdownload.dll
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-QRTVQ.tmp\4qg3muv2uaa.tmp
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-S3RHP.tmp\MoocBook.tmp
2019-11-27 18:53 - 2019-11-27 18:53 - 001086976 _____ () [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-TC2DF.tmp\zcktoyfadwf.tmp
2019-11-25 08:51 - 2019-11-26 12:19 - 064562672 _____ (Google LLC -> Google LLC) [File not signed] C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\chrome.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-0HNNE.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-0VJJ2.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-2B7HC.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-4SB3F.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-60RIP.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-6G5U6.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-8Q61A.tmp\idp.dll
2019-11-27 18:54 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-9BAMI.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-C3SPV.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-E499G.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-G02EM.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-GVBHH.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-II5F6.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-JAB31.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-JNBP8.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-K7AGM.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-KRUOU.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-M3SAT.tmp\idp.dll
2019-11-27 18:53 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-PSVVA.tmp\idp.dll
2019-11-27 18:54 - 2016-04-17 19:16 - 000221184 _____ (Mitrich Software) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-Q20IF.tmp\idp.dll
2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-0HNNE.tmp\psvince.dll
2019-11-27 18:54 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-0VJJ2.tmp\psvince.dll
2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-2B7HC.tmp\psvince.dll
2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-4SB3F.tmp\psvince.dll
2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-60RIP.tmp\psvince.dll
2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-6G5U6.tmp\psvince.dll
2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-8Q61A.tmp\psvince.dll
2019-11-27 18:54 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-9BAMI.tmp\psvince.dll
2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-C3SPV.tmp\psvince.dll
2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-E499G.tmp\psvince.dll
2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-G02EM.tmp\psvince.dll
2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-GVBHH.tmp\psvince.dll
2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-II5F6.tmp\psvince.dll
2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-JAB31.tmp\psvince.dll
2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-JNBP8.tmp\psvince.dll
2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-K7AGM.tmp\psvince.dll
2019-11-27 18:54 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-KRUOU.tmp\psvince.dll
2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-M3SAT.tmp\psvince.dll
2019-11-27 18:53 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-PSVVA.tmp\psvince.dll
2019-11-27 18:54 - 2017-05-03 11:31 - 000043520 _____ (Vincenzo Giordano) [File not signed] C:\Users\Veronika\AppData\Local\Temp\is-Q20IF.tmp\psvince.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-966870082-2284507984-435399636-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [{E4159AB9-30DA-4C89-B8EF-3D9F88BCE806}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{765AA769-3E5B-4158-B40D-DA5B67E7A886}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{90778EAF-685A-4D92-A006-E6FA459305F9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C5CE2D95-A52F-4005-AFB9-8E5C3FDCD930}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B55B725D-151C-4022-B88F-3D9E63027A5A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6DE0A74D-3525-43F1-9407-D1D6D1333B62}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E6982795-1F07-4AA8-AEE4-9CFEA3D47E9A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DC8ACFA5-68A9-4A40-88C7-B7817A954038}] => (Allow) C:\Windows\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{459F3D1B-AD62-4573-92E1-1F3006647F14}] => (Allow) C:\Users\Veronika\AppData\Local\Temp\DriverPack-20191126122801\tools\aria2c.exe No File
FirewallRules: [{DEDED450-F8BC-4F57-98CE-2F9412E94A01}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{77BF4294-EA79-4C25-ACDA-0E219DE551CF}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
==================== Restore Points =========================
26-09-2019 16:08:22 Windows Update
30-09-2019 09:27:49 Windows Update
13-10-2019 09:07:10 Windows Update
22-10-2019 06:16:41 Windows Update
27-10-2019 15:21:43 Windows Update
31-10-2019 19:38:48 Windows Update
15-11-2019 08:02:19 Windows Update
25-11-2019 11:38:05 Windows Update
26-11-2019 10:24:14 Windows Update
26-11-2019 12:31:20 DriverPack 17.11.13
==================== Faulty Device Manager Devices ============
Name: softaal
Description: softaal
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: softaal
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Autocom CDP+ USB
Description: Autocom CDP+ USB
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: tencent QMUdisk
Description: tencent QMUdisk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: QMUdisk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: TsNetHlpX64.sys
Description: TsNetHlpX64.sys
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tsnethlpx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: ========================
Application errors:
==================
Error: (11/27/2019 09:50:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 25.11.2019.1 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.
ID procesu: 142c
Čas spuštění: 01d5a561c1f47df3
Čas ukončení: 15
Cesta k aplikaci: C:\Users\Veronika\Downloads\FRST64.exe
ID hlášení:
Error: (11/27/2019 09:30:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbam.exe, verze: 4.0.0.448, časové razítko: 0x5dd59030
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.24384, časové razítko: 0x5c6e2180
Kód výjimky: 0xc0000374
Posun chyby: 0x000ce9a3
ID chybujícího procesu: 0x27e8
Čas spuštění chybující aplikace: 0x01d5a5616e96c964
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Cesta k chybujícímu modulu: C:\Windows\SysWOW64\ntdll.dll
ID zprávy: c15f244d-1154-11ea-a5c0-1c7508558ab8
Error: (11/27/2019 09:30:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbam.exe, verze: 4.0.0.448, časové razítko: 0x5dd59030
Název chybujícího modulu: Qt5Core.dll, verze: 5.13.2.0, časové razítko: 0x5dcd60b9
Kód výjimky: 0xc0000005
Posun chyby: 0x001b487e
ID chybujícího procesu: 0x27e8
Čas spuštění chybující aplikace: 0x01d5a5616e96c964
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Cesta k chybujícímu modulu: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
ID zprávy: bb77fa3d-1154-11ea-a5c0-1c7508558ab8
Error: (11/27/2019 09:29:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbam.exe, verze: 4.0.0.448, časové razítko: 0x5dd59030
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.24384, časové razítko: 0x5c6e2180
Kód výjimky: 0xc0000374
Posun chyby: 0x000ce9a3
ID chybujícího procesu: 0x1598
Čas spuštění chybující aplikace: 0x01d5a561261fc4b3
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Cesta k chybujícímu modulu: C:\Windows\SysWOW64\ntdll.dll
ID zprávy: acf85eb4-1154-11ea-a5c0-1c7508558ab8
Error: (11/27/2019 09:29:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbam.exe, verze: 4.0.0.448, časové razítko: 0x5dd59030
Název chybujícího modulu: Qt5Core.dll, verze: 5.13.2.0, časové razítko: 0x5dcd60b9
Kód výjimky: 0xc0000005
Posun chyby: 0x001b487e
ID chybujícího procesu: 0x1598
Čas spuštění chybující aplikace: 0x01d5a561261fc4b3
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Cesta k chybujícímu modulu: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
ID zprávy: 91ea779b-1154-11ea-a5c0-1c7508558ab8
System errors:
=============
==================== Memory info ===========================
BIOS: LENOVO 18CN46WW(V2.55) 05/21/2010
Motherboard: LENOVO NITU1
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 92%
Total physical RAM: 3032.6 MB
Available physical RAM: 215.86 MB
Total Virtual: 6063.34 MB
Available Virtual: 1630.67 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:341.87 GB) NTFS
\\?\Volume{cfbaabf1-c3f5-11e9-b0c6-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B40280FB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================