VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Zničené soubory - vir?

https://forum.viry.cz:443/viewtopic.php?t=155219

Stránka 1 z 2

Zničené soubory - vir?

Napsal: 26 lis 2018 17:03
od LadyKate
Dobrý den,

dostal se mi do notebooku vir, který mi poničil soubory, jde to vrátit zpět?

Přikládám log a děkuji za pomoc.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Kateřina at 2018-11-26 16:57:59
Microsoft Windows 10 Home
System drive C: has 14 GB (25%) free of 58 GB
Total RAM: 1977 MB (6% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:58:32, on 26.11.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\sihost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\taskhostw.exe
C:\Program Files\DriverToolkit\DriverToolkit.exe
C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Live\646950344.exe
C:\WINDOWS\system32\DllHost.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\SkypeApp.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20106.0_x86__8wekyb3d8bbwe\HxTsr.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\System32\cmd.exe
C:\WINDOWS\system32\conhost.exe
C:\Program Files\QV65YO6QOJ\QV65YO6QO.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\SkypeBackgroundHost.exe
C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x86__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x86__8wekyb3d8bbwe\Video.UI.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Windows\3NOD\Lenovokb.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Users\Kateřina\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\WINDOWS\system32\svchost.exe
C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\InstallShield\x32\setup.exe
C:\WINDOWS\system32\conhost.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\WINDOWS\system32\OpenWith.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\WINDOWS\system32\OpenWith.exe
C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\OpenWith.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Users\Kateřina\Desktop\RSIT.exe
C:\Program Files\trend micro\Kateřina.exe
C:\WINDOWS\system32\DllHost.exe
C:\Windows\System32\RuntimeBroker.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo15.msn.com/?pc=LCTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3WaKa_SS8RH5DHpGaVDpv3QYcFJZqOknK-Sph1KharVPuUn1IrQ-ipp0wwWI5d07mc7fJwW1CoH9Kzh7mF8UNzgg_KOA55192KuoUDSzjU8gZpQ2miJHbKs7rkiCNdBYYJtJ1R7loIoM5ooUHYC1qpvwZJXXn&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3WaKa_SS8RH5DHpGaVDpv3QYcFJZqOknK-Sph1KharVPuUn1IrQ-ipp0wwWI5d07mc7fJwW1CoH9Kzh7mF8UNzgg_KOA55192KuoUDSzjU8gZpQ2miJHbKs7rkiCNdBYYJtJ1R7loIoM5ooUHYC1qpvwZJXXn&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3WaKa_SS8RH5DHpGaVDpv3QYcFJZqOknK-Sph1KharVPuUn1IrQ-ipp0wwWI5d07mc7fJwW1CoH9Kzh7mF8UNzgg_KOA55192KuoUDSzjU8gZpQ2miJHbKs7rkiCNdBYYJtJ1R7loIoM5ooUHYC1qpvwZJXXn&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3WaKa_SS8RH5DHpGaVDpv3QYcFJZqOknK-Sph1KharVPuUn1IrQ-ipp0wwWI5d07qteMWHrPQ1GTKb79xkZOYw4EEDWQpViDiD4Mx2eU1xg0xhGSWoPWDWuhm3YUA5B_CO7REkdmIbHXI_IJGbs7GLMbax22t
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3WaKa_SS8RH5DHpGaVDpv3QYcFJZqOknK-Sph1KharVPuUn1IrQ-ipp0wwWI5d07mc7fJwW1CoH9Kzh7mF8UNzgg_KOA55192KuoUDSzjU8gZpQ2miJHbKs7rkiCNdBYYJtJ1R7loIoM5ooUHYC1qpvwZJXXn&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: YoutubeAdBlock - {D1660F2C-BBC4-4D94-A6BA-EB25BC207DA5} - C:\Program Files\loreCZYyGIE\k80xklHJ.dll
O4 - HKLM\..\Run: [SecurityHealth] %ProgramFiles%\Windows Defender\MSASCuiL.exe
O4 - HKLM\..\Run: [3nodkey] C:\Windows\3NOD\LenovoKB.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DptfPolicyLpmServiceHelper] C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\RunOnce: [bd3qvkxw5be] "C:\Program Files\Live\646950344.exe" 1 3.1543243203.5bfc05c3ae1ba
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Kateřina\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Easy Disk Drive Repair] "C:\Program Files\Zeatron Software\Easy Disk Drive Repair\EasyDiskDriveRepair.exe" -quickscan
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [ccleaner] C:\ProgramData\ccleaner.exe -boot
O4 - HKCU\..\Run: [SDfgsdf] C:\ProgramData\ccleaner.exe
O4 - HKCU\..\Run: [3062238] "C:\Users\Kateřina\AppData\Roaming\g0lwckdn14l\gplmsojymf4.exe" /VERYSILENT
O4 - HKCU\..\Run: [4Y8ORBGW5U2MF4A] "C:\Program Files\QV65YO6QOJ\QV65YO6QO.exe"
O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe "C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe" -Embedding
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O4 - Startup: Shortcut to Primary output from Start (Active).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\ProgramData\Quoteex\BioDubhold.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Background Logic Handler (backlh) - Unknown owner - C:\ProgramData\Logic Cramble\set.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BTDevManager - Unknown owner - C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\system32\IntelCpHeciSvc.exe
O23 - Service: CRMSvc - Unknown owner - C:\Users\Kateřina\AppData\Roaming\CRMSvc\CRMSvc.exe
O23 - Service: @oem17.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Intel Corporation - C:\WINDOWS\system32\DptfParticipantProcessorService.exe
O23 - Service: @oem17.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform & Thermal Framework Critical Service Application (DptfPolicyCriticalService) - Intel Corporation - C:\WINDOWS\system32\DptfPolicyCriticalService.exe
O23 - Service: @oem17.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform & Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Intel Corporation - C:\WINDOWS\system32\DptfPolicyLpmService.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Intel Corporation - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service: Innovative Solutions Service Monitor (InnovativeSolutions_monitor) - Unknown owner - C:\Program Files\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files\Wondershare\WAF\2.4.2.223\WsAppService.exe

--
End of file - 12664 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\DriverToolkit Autorun.job - C:\Program Files\DriverToolkit\DriverToolkit.exe --autorun
C:\WINDOWS\tasks\hZpUbaVMqkKgBHw.job - rundll32 "C:\Users\Kateřina\AppData\Local\Temp\wBNYXMUsbXdGxCtef\BhJxTCXQZSRFjvlY\mzZmXAI.dll",#1 /adp IWXV0GYXV0QWXV2BYXV5CWXV3BWXV4CYXV0TXXV1RWXV1LWXV1RXXV8HWXV1IXXV3OXXV3XWXV4 /site_id 756
C:\WINDOWS\tasks\Online Application V2G1.job - C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 69
C:\WINDOWS\tasks\Online Application V2G2.job - C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 70
C:\WINDOWS\tasks\Online Application V2G3.job - C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 71
C:\WINDOWS\tasks\Online Application V2G4.job - C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 60
C:\WINDOWS\tasks\Online Application V2G5.job - C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 61
C:\WINDOWS\tasks\Online Application V2G6.job - C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 62
C:\WINDOWS\tasks\Updater_Online_Application.job - C:\Program Files\Microleaves\Online Application\Online Application Updater.exe /silentall -nofreqcheck

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1660F2C-BBC4-4D94-A6BA-EB25BC207DA5}]
YoutubeAdBlock - C:\Program Files\loreCZYyGIE\k80xklHJ.dll [2018-11-26 556032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-11 486816]
"3nodkey"=C:\Windows\3NOD\LenovoKB.exe [2015-08-12 6416384]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2017-03-22 267064]
"DptfPolicyLpmServiceHelper"=C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [2015-07-29 103528]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2016-10-13 3173840]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2016-05-25 406664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"bd3qvkxw5be"=C:\Program Files\Live\646950344.exe [2018-11-26 796160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Kateřina\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-11-17 1540920]
"Easy Disk Drive Repair"=C:\Program Files\Zeatron Software\Easy Disk Drive Repair\EasyDiskDriveRepair.exe [2015-01-17 483328]
"CCleaner Smart Cleaning"=C:\Program Files\CCleaner\CCleaner.exe [2018-09-10 13797712]
"ccleaner"=C:\ProgramData\ccleaner.exe [2018-11-26 1372160]
"SDfgsdf"=C:\ProgramData\ccleaner.exe [2018-11-26 1372160]
"3062238"=C:\Users\Kateřina\AppData\Roaming\g0lwckdn14l\gplmsojymf4.exe [2018-11-26 553091]
"4Y8ORBGW5U2MF4A"=C:\Program Files\QV65YO6QOJ\QV65YO6QO.exe [2018-11-26 770048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #0"=C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe [2018-04-12 299008]

C:\Users\Kateřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Shortcut to Primary output from Start (Active).lnk - C:\Users\Kateřina\AppData\Roaming\Microsoft\Installer\{B3FF2578-EA9C-4E00-8FA2-3BD365765C6A}\_39FFF477723EF5F16A899A.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\ProgramData\Quoteex\BioDubhold.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"ConsentPromptBehaviorAdmin"=0
"PromptOnSecureDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.cvid"=iccvid.dll
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

4950-06-07 14:05:13 ----N---- C:\WINDOWS\yLAe.exe
4950-06-07 14:05:13 ----N---- C:\Program Files\Common Files\eejei.exe
2018-11-26 16:57:59 ----D---- C:\rsit
2018-11-26 16:57:59 ----D---- C:\Program Files\trend micro
2018-11-26 16:49:49 ----D---- C:\Program Files\vevsoISKgkcDC
2018-11-26 16:49:48 ----D---- C:\ProgramData\pUIfuUUTjzrUMTVB
2018-11-26 16:49:48 ----D---- C:\Program Files\VtuYtIvrjzmOrIBvrWR
2018-11-26 16:49:48 ----D---- C:\Program Files\FVgedVjzKgFU2
2018-11-26 16:49:47 ----D---- C:\Program Files\loreCZYyGIE
2018-11-26 16:49:47 ----D---- C:\Program Files\bbIORqNasDUn
2018-11-26 16:49:46 ----D---- C:\Program Files\DjpYILTWU
2018-11-26 16:47:54 ----SHD---- C:\Config.Msi
2018-11-26 16:46:20 ----D---- C:\Users\Kateřina\AppData\Roaming\bag0dugniqe
2018-11-26 16:46:20 ----D---- C:\Program Files\QV65YO6QOJ
2018-11-26 15:47:33 ----D---- C:\Users\Kateřina\AppData\Roaming\Seznam.cz
2018-11-26 15:45:05 ----A---- C:\Users\Kateřina\AppData\Roaming\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:44:51 ----A---- C:\Program Files\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:44:48 ----A---- C:\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:43:44 ----D---- C:\ProgramData\acff3714-65e5-0
2018-11-26 15:43:44 ----D---- C:\ProgramData\acff3714-4db5-1
2018-11-26 15:41:48 ----D---- C:\ProgramData\68cff4da-5d31-1
2018-11-26 15:41:48 ----D---- C:\ProgramData\68cff4da-3037-0
2018-11-26 15:40:30 ----D---- C:\Users\Kateřina\AppData\Roaming\CRMSvc
2018-11-26 15:40:28 ----D---- C:\Users\Kateřina\AppData\Roaming\g0lwckdn14l
2018-11-26 15:40:26 ----D---- C:\Program Files\DNYFY4FG1D
2018-11-26 15:40:07 ----D---- C:\Program Files\Live
2018-11-26 15:39:30 ----D---- C:\Users\Kateřina\AppData\Roaming\Mozilla
2018-11-26 15:39:14 ----D---- C:\Program Files\Common Files\Subdex
2018-11-26 15:39:13 ----D---- C:\ProgramData\Quoteexs
2018-11-26 15:39:08 ----D---- C:\ProgramData\Logic Cramble
2018-11-26 15:39:00 ----D---- C:\ProgramData\Quoteex
2018-11-26 15:37:44 ----D---- C:\Program Files\Microsoft Silverlight
2018-11-26 15:37:40 ----D---- C:\Users\Kateřina\AppData\Roaming\ComfortSoftware
2018-11-26 15:37:13 ----D---- C:\Program Files\Microleaves
2018-11-26 15:37:11 ----A---- C:\ProgramData\ccleaner.exe
2018-11-26 15:37:04 ----D---- C:\Users\Kateřina\AppData\Roaming\Microleaves
2018-11-26 15:36:59 ----A---- C:\Users\Kateřina\AppData\Roaming\AutoHot.exe
2018-11-26 15:36:33 ----D---- C:\ProgramData\HotCopy
2018-11-25 13:19:09 ----HD---- C:\OneDriveTemp
2018-11-20 11:39:14 ----A---- C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-11-14 15:12:15 ----A---- C:\WINDOWS\system32\audiodg.exe
2018-11-14 15:12:14 ----A---- C:\WINDOWS\system32\mfps.dll
2018-11-14 15:12:14 ----A---- C:\WINDOWS\system32\AudioSes.dll
2018-11-14 15:12:13 ----A---- C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-14 15:12:13 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-14 15:12:13 ----A---- C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-14 15:12:13 ----A---- C:\WINDOWS\system32\audiosrv.dll
2018-11-14 15:12:12 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-14 15:12:11 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-14 15:12:11 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-14 15:12:11 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-14 15:12:10 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-11-14 15:12:10 ----A---- C:\WINDOWS\system32\AudioEng.dll
2018-11-14 15:12:09 ----A---- C:\WINDOWS\system32\mfcore.dll
2018-11-14 15:12:08 ----A---- C:\WINDOWS\system32\wmp.dll
2018-11-14 15:12:00 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-14 15:11:58 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-11-14 15:11:57 ----A---- C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-11-14 15:11:57 ----A---- C:\WINDOWS\system32\rdpudd.dll
2018-11-14 15:11:57 ----A---- C:\WINDOWS\system32\ntdll.dll
2018-11-14 15:11:57 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2018-11-14 15:11:57 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-11-14 15:11:56 ----A---- C:\WINDOWS\system32\user32.dll
2018-11-14 15:11:56 ----A---- C:\WINDOWS\system32\mssvp.dll
2018-11-14 15:11:55 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-11-14 15:11:54 ----A---- C:\WINDOWS\system32\urlmon.dll
2018-11-14 15:11:54 ----A---- C:\WINDOWS\system32\INETRES.dll
2018-11-14 15:11:54 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2018-11-14 15:11:53 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2018-11-14 15:11:52 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-11-14 15:11:51 ----A---- C:\WINDOWS\system32\sppobjs.dll
2018-11-14 15:11:50 ----A---- C:\WINDOWS\system32\sppsvc.exe
2018-11-14 15:11:45 ----A---- C:\WINDOWS\system32\wincorlib.dll
2018-11-14 15:11:43 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-14 15:11:41 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2018-11-14 15:11:41 ----A---- C:\WINDOWS\system32\cdp.dll
2018-11-14 15:11:40 ----A---- C:\WINDOWS\system32\MapsStore.dll
2018-11-14 15:11:40 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2018-11-14 15:11:40 ----A---- C:\WINDOWS\system32\BingMaps.dll
2018-11-14 15:11:39 ----A---- C:\WINDOWS\system32\MapRouter.dll
2018-11-14 15:11:39 ----A---- C:\WINDOWS\system32\MapGeocoder.dll
2018-11-14 15:11:39 ----A---- C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-14 15:11:38 ----A---- C:\WINDOWS\system32\mos.dll
2018-11-14 15:11:37 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-14 15:11:37 ----A---- C:\WINDOWS\system32\TSWorkspace.dll
2018-11-14 15:11:37 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-11-14 15:11:37 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2018-11-14 15:11:36 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-14 15:11:32 ----A---- C:\WINDOWS\system32\d2d1.dll
2018-11-14 15:11:31 ----A---- C:\WINDOWS\system32\vbscript.dll
2018-11-14 15:11:31 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-11-14 15:11:31 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-11-14 15:11:30 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-11-14 15:11:26 ----A---- C:\WINDOWS\system32\ole32.dll
2018-11-14 15:11:25 ----A---- C:\WINDOWS\system32\thumbcache.dll
2018-11-14 15:11:25 ----A---- C:\WINDOWS\system32\rpcss.dll
2018-11-14 15:11:25 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2018-11-14 15:11:25 ----A---- C:\WINDOWS\system32\combase.dll
2018-11-14 15:11:24 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-11-14 15:11:23 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-11-14 15:11:22 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2018-11-14 15:11:22 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-14 15:11:22 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-14 15:11:22 ----A---- C:\WINDOWS\system32\MusNotification.exe
2018-11-14 15:11:21 ----A---- C:\WINDOWS\system32\usocore.dll
2018-11-14 15:11:08 ----A---- C:\WINDOWS\system32\ubpm.dll
2018-11-14 15:11:08 ----A---- C:\WINDOWS\system32\tquery.dll
2018-11-14 15:11:08 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-14 15:11:08 ----A---- C:\WINDOWS\system32\psmsrv.dll
2018-11-14 15:11:08 ----A---- C:\WINDOWS\system32\netprofmsvc.dll
2018-11-14 15:11:07 ----A---- C:\WINDOWS\system32\TextInputFramework.dll
2018-11-14 15:11:07 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2018-11-14 15:11:07 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-14 15:11:07 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2018-11-14 15:11:07 ----A---- C:\WINDOWS\system32\browserbroker.dll
2018-11-14 15:11:07 ----A---- C:\WINDOWS\system32\bisrv.dll
2018-11-14 15:11:06 ----A---- C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-14 15:11:06 ----A---- C:\WINDOWS\system32\mssrch.dll
2018-11-14 15:11:06 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2018-11-14 15:11:06 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-14 15:11:05 ----A---- C:\WINDOWS\system32\twinui.dll
2018-11-14 15:11:05 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-14 15:11:03 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-11-14 15:11:03 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-11-14 15:11:01 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-11-14 15:11:00 ----A---- C:\WINDOWS\system32\drivers\winnat.sys
2018-11-14 15:11:00 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2018-11-14 15:11:00 ----A---- C:\WINDOWS\system32\drivers\storport.sys
2018-11-14 15:10:59 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-11-14 15:10:58 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-14 15:10:57 ----A---- C:\WINDOWS\system32\wcimage.dll
2018-11-14 15:10:57 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2018-11-14 15:10:57 ----A---- C:\WINDOWS\system32\rascustom.dll
2018-11-14 15:10:57 ----A---- C:\WINDOWS\system32\diagtrack.dll
2018-11-14 15:10:55 ----A---- C:\WINDOWS\system32\d3d11.dll
2018-11-14 15:10:54 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2018-11-14 15:10:53 ----A---- C:\WINDOWS\system32\schedsvc.dll
2018-11-14 15:10:52 ----A---- C:\WINDOWS\system32\AcGenral.dll
2018-11-14 15:10:51 ----A---- C:\WINDOWS\system32\schannel.dll
2018-11-14 15:10:51 ----A---- C:\WINDOWS\system32\PhoneService.dll
2018-11-14 15:10:50 ----A---- C:\WINDOWS\system32\localspl.dll
2018-11-14 15:10:50 ----A---- C:\WINDOWS\system32\drivers\WdiWiFi.sys
2018-11-14 15:10:49 ----A---- C:\WINDOWS\system32\wlansvc.dll
2018-11-14 15:10:48 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2018-11-14 15:10:47 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-11-14 15:10:44 ----A---- C:\WINDOWS\system32\winresume.exe
2018-11-14 15:10:44 ----A---- C:\WINDOWS\system32\winload.exe
2018-11-14 15:10:44 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-11-14 15:10:43 ----A---- C:\WINDOWS\system32\msctf.dll
2018-11-14 15:10:42 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-14 15:10:42 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-14 15:10:41 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-11-14 15:10:39 ----A---- C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-14 15:10:39 ----A---- C:\WINDOWS\system32\wevtsvc.dll
2018-11-14 15:10:38 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-14 15:10:38 ----A---- C:\WINDOWS\system32\rasmans.dll
2018-11-14 15:10:38 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2018-11-14 15:10:37 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2018-11-14 15:10:37 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-14 15:10:37 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-14 15:10:35 ----A---- C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-14 15:10:34 ----A---- C:\WINDOWS\system32\shell32.dll
2018-11-14 15:10:31 ----A---- C:\WINDOWS\system32\WinTypes.dll
2018-11-14 15:10:31 ----A---- C:\WINDOWS\system32\StartTileData.dll
2018-11-14 15:10:31 ----A---- C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-14 15:10:30 ----A---- C:\WINDOWS\system32\tdh.dll
2018-11-14 15:10:30 ----A---- C:\WINDOWS\system32\nshwfp.dll
2018-11-14 15:10:30 ----A---- C:\WINDOWS\system32\nltest.exe
2018-11-14 15:10:30 ----A---- C:\WINDOWS\system32\nettrace.dll
2018-11-14 15:10:30 ----A---- C:\WINDOWS\system32\drivers\spaceport.sys
2018-11-14 15:10:29 ----A---- C:\WINDOWS\system32\DWrite.dll
2018-11-14 15:10:29 ----A---- C:\WINDOWS\system32\drivers\ksecdd.sys
2018-11-14 15:10:29 ----A---- C:\WINDOWS\system32\dafBth.dll
2018-11-14 15:10:28 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-14 15:10:28 ----A---- C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-14 15:10:28 ----A---- C:\WINDOWS\system32\msvproc.dll
2018-11-14 15:10:28 ----A---- C:\WINDOWS\system32\coml2.dll
2018-11-14 15:10:27 ----A---- C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-14 15:10:27 ----A---- C:\WINDOWS\system32\FntCache.dll
2018-11-14 15:10:27 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-14 15:10:27 ----A---- C:\WINDOWS\system32\BthAvrcp.dll
2018-11-14 15:10:26 ----A---- C:\WINDOWS\system32\sspicli.dll
2018-11-14 15:10:26 ----A---- C:\WINDOWS\system32\officecsp.dll
2018-11-14 15:10:25 ----A---- C:\WINDOWS\system32\drivers\spacedump.sys
2018-11-14 15:10:25 ----A---- C:\WINDOWS\system32\DAFWSD.dll
2018-11-14 15:10:25 ----A---- C:\WINDOWS\system32\cdprt.dll
2018-11-14 15:10:23 ----A---- C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-14 15:10:23 ----A---- C:\WINDOWS\system32\scecli.dll
2018-11-14 15:10:23 ----A---- C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-14 15:10:23 ----A---- C:\WINDOWS\system32\lsass.exe
2018-11-14 15:10:23 ----A---- C:\WINDOWS\system32\drivers\msrpc.sys
2018-11-14 15:10:22 ----A---- C:\WINDOWS\system32\wwansvc.dll
2018-11-14 15:10:22 ----A---- C:\WINDOWS\system32\wlansec.dll
2018-11-14 15:10:22 ----A---- C:\WINDOWS\system32\wisp.dll
2018-11-14 15:10:22 ----A---- C:\WINDOWS\system32\spacebridge.dll
2018-11-14 15:10:22 ----A---- C:\WINDOWS\system32\scrrun.dll
2018-11-14 15:10:22 ----A---- C:\WINDOWS\system32\ofdeploy.exe
2018-11-14 15:10:22 ----A---- C:\WINDOWS\system32\drivers\vhf.sys
2018-11-14 15:10:21 ----A---- C:\WINDOWS\system32\wlanmsm.dll
2018-11-14 15:10:21 ----A---- C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-14 15:10:21 ----A---- C:\WINDOWS\system32\sspisrv.dll
2018-11-14 15:10:21 ----A---- C:\WINDOWS\system32\seclogon.dll
2018-11-14 15:10:21 ----A---- C:\WINDOWS\system32\osk.exe
2018-11-14 15:10:21 ----A---- C:\WINDOWS\system32\msisip.dll
2018-11-14 15:10:21 ----A---- C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-14 15:10:21 ----A---- C:\WINDOWS\system32\dusmsvc.dll
2018-11-14 15:10:21 ----A---- C:\WINDOWS\system32\dssvc.dll
2018-11-14 15:10:21 ----A---- C:\WINDOWS\system32\cdpusersvc.dll
2018-11-14 15:10:21 ----A---- C:\WINDOWS\system32\cdpsvc.dll
2018-11-14 15:10:21 ----A---- C:\WINDOWS\system32\BTAGService.dll
2018-11-14 15:10:20 ----A---- C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-14 15:10:19 ----A---- C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-14 15:10:19 ----A---- C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-14 15:10:19 ----A---- C:\WINDOWS\system32\tetheringservice.dll
2018-11-14 15:10:19 ----A---- C:\WINDOWS\system32\SMSRouter.dll
2018-11-14 15:10:19 ----A---- C:\WINDOWS\system32\prnntfy.dll
2018-11-14 15:10:19 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-14 15:10:19 ----A---- C:\WINDOWS\system32\drivers\bthhfenum.sys
2018-11-14 15:10:19 ----A---- C:\WINDOWS\system32\dab.dll
2018-11-14 15:10:19 ----A---- C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-14 15:10:18 ----A---- C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-07 22:23:23 ----D---- C:\WINDOWS\system32\InstallShield
2018-11-01 19:41:53 ----D---- C:\WINDOWS\Firmware

======List of files/folders modified in the last 1 month======

2018-11-26 16:58:18 ----D---- C:\WINDOWS\Temp
2018-11-26 16:58:05 ----D---- C:\WINDOWS\Prefetch
2018-11-26 16:57:59 ----RD---- C:\Program Files
2018-11-26 16:56:27 ----D---- C:\WINDOWS\system32\catroot2
2018-11-26 16:55:03 ----D---- C:\WINDOWS\system32\Tasks
2018-11-26 16:53:56 ----D---- C:\WINDOWS\System32
2018-11-26 16:53:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-26 16:53:55 ----D---- C:\WINDOWS\INF
2018-11-26 16:52:51 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-11-26 16:49:48 ----HD---- C:\ProgramData
2018-11-26 16:49:48 ----D---- C:\WINDOWS\Tasks
2018-11-26 16:48:39 ----D---- C:\WINDOWS\system32\GroupPolicy
2018-11-26 16:48:01 ----SHDC---- C:\WINDOWS\Installer
2018-11-26 16:47:13 ----D---- C:\WINDOWS\CbsTemp
2018-11-26 16:46:04 ----D---- C:\WINDOWS\system32\sru
2018-11-26 16:01:05 ----RD---- C:\Users
2018-11-26 15:46:33 ----D---- C:\Users\Kateřina\AppData\Roaming\Wondershare
2018-11-26 15:46:33 ----D---- C:\Users\Kateřina\AppData\Roaming\Webshare
2018-11-26 15:46:33 ----D---- C:\Users\Kateřina\AppData\Roaming\Tomabo
2018-11-26 15:46:33 ----D---- C:\Users\Kateřina\AppData\Roaming\Softland
2018-11-26 15:46:32 ----SD---- C:\Users\Kateřina\AppData\Roaming\Microsoft
2018-11-26 15:46:32 ----D---- C:\Users\Kateřina\AppData\Roaming\SoftCDN
2018-11-26 15:46:32 ----D---- C:\Users\Kateřina\AppData\Roaming\Skype
2018-11-26 15:46:32 ----D---- C:\Users\Kateřina\AppData\Roaming\SDL
2018-11-26 15:46:32 ----D---- C:\Users\Kateřina\AppData\Roaming\PowerISO
2018-11-26 15:46:32 ----D---- C:\Users\Kateřina\AppData\Roaming\Nero
2018-11-26 15:46:22 ----D---- C:\Users\Kateřina\AppData\Roaming\Macromedia
2018-11-26 15:46:22 ----D---- C:\Users\Kateřina\AppData\Roaming\LSC
2018-11-26 15:46:22 ----D---- C:\Users\Kateřina\AppData\Roaming\Lenovo
2018-11-26 15:46:22 ----D---- C:\Users\Kateřina\AppData\Roaming\IE.Coockies
2018-11-26 15:46:19 ----D---- C:\Users\Kateřina\AppData\Roaming\GRETECH
2018-11-26 15:46:19 ----D---- C:\Users\Kateřina\AppData\Roaming\EPSON
2018-11-26 15:46:19 ----D---- C:\Users\Kateřina\AppData\Roaming\Apple Computer
2018-11-26 15:45:05 ----D---- C:\Users\Kateřina\AppData\Roaming\Adobe
2018-11-26 15:44:52 ----HD---- C:\Recovery
2018-11-26 15:44:52 ----ASHD---- C:\UserGuidePDF
2018-11-26 15:44:51 ----HD---- C:\Intel
2018-11-26 15:44:51 ----D---- C:\PerfLogs
2018-11-26 15:44:51 ----D---- C:\Log
2018-11-26 15:44:51 ----AD---- C:\Program Files\Microsoft SQL Server Compact Edition
2018-11-26 15:44:50 ----SHD---- C:\$Recycle.Bin
2018-11-26 15:44:50 ----HD---- C:\$GetCurrent
2018-11-26 15:44:50 ----D---- C:\Drivers
2018-11-26 15:44:48 ----HD---- C:\$AV_ASW
2018-11-26 15:39:14 ----D---- C:\Program Files\Common Files
2018-11-26 15:38:29 ----SD---- C:\ProgramData\Microsoft
2018-11-26 15:19:08 ----D---- C:\WINDOWS\system32\SleepStudy
2018-11-25 13:22:07 ----D---- C:\WINDOWS\AppReadiness
2018-11-25 13:21:28 ----D---- C:\WINDOWS\system32\LogFiles
2018-11-23 19:42:33 ----D---- C:\WINDOWS\Logs
2018-11-23 19:41:28 ----RD---- C:\WINDOWS\Microsoft.NET
2018-11-23 12:29:14 ----HD---- C:\Program Files\WindowsApps
2018-11-21 22:49:51 ----D---- C:\WINDOWS\system32\config
2018-11-21 21:47:40 ----D---- C:\WINDOWS\WinSxS
2018-11-21 17:00:37 ----D---- C:\Program Files\Common Files\microsoft shared
2018-11-21 16:59:10 ----AD---- C:\Program Files\Microsoft Office
2018-11-20 13:48:42 ----RSD---- C:\WINDOWS\assembly
2018-11-17 15:50:14 ----AD---- C:\Program Files\rempl
2018-11-17 00:00:55 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2018-11-15 16:28:39 ----D---- C:\WINDOWS\system32\DriverStore
2018-11-15 16:28:17 ----D---- C:\WINDOWS\system32\drivers
2018-11-14 23:49:55 ----D---- C:\WINDOWS\TextInput
2018-11-14 23:49:54 ----SD---- C:\WINDOWS\system32\F12
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\zu-ZA
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\yo-NG
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\xh-ZA
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\wo-SN
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\tn-ZA
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\ti-ET
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\sk-SK
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\rw-RW
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\nso-ZA
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\migration
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\ig-NG
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\chr-CHER-US
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\en-US
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\drivers\UMDF
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\cs-CZ
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\Boot
2018-11-14 23:49:54 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2018-11-14 23:49:50 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2018-11-14 23:49:50 ----D---- C:\WINDOWS\ShellExperiences
2018-11-14 23:49:49 ----D---- C:\WINDOWS\bcastdvr
2018-11-14 23:49:49 ----D---- C:\WINDOWS\AppPatch
2018-11-14 15:24:00 ----D---- C:\WINDOWS\system32\MRT
2018-11-14 15:23:59 ----D---- C:\WINDOWS\debug
2018-11-14 15:23:50 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-11-13 14:07:54 ----D---- C:\Windows
2018-11-11 15:41:53 ----D---- C:\WINDOWS\Minidump
2018-11-09 16:47:30 ----D---- C:\WINDOWS\system32\NDF
2018-11-06 13:01:22 ----D---- C:\WINDOWS\system32\drivers\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-04-11 44440]
R0 MBI;@oem18.inf,%MBI.SVCDESC%;Intel(R) Sideband Fabric Device Service; C:\WINDOWS\System32\drivers\MBI.sys [2015-06-16 33792]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-11 29696]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-11 49560]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-11 45056]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-11 7680]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2016-05-25 123968]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-07-14 336384]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-04-11 36864]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2018-04-11 65024]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys [2018-04-11 88576]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2018-04-11 66560]
R3 BthMini;@bth.inf,%BTHMINI.SvcDesc%;Bluetooth Radio Driver; C:\WINDOWS\System32\drivers\BTHMINI.sys [2018-04-11 23040]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2018-04-11 100352]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-11 50584]
R3 camera;@oem11.inf,%iacamera.DeviceDesc%;Intel(R) AVStream Camera; C:\WINDOWS\system32\DRIVERS\iacamera32.sys [2015-07-09 697360]
R3 DptfDevDBPT;DptfDevDBPT; C:\WINDOWS\System32\drivers\DptfDevPower.sys [2015-06-23 55816]
R3 DptfDevDisplay;DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [2015-06-23 59392]
R3 DptfDevGen;DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [2015-06-23 85000]
R3 DptfDevProc;DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [2015-06-23 203264]
R3 DptfManager;DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [2015-06-23 467968]
R3 GPIO;@oem7.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\WINDOWS\System32\drivers\iaiogpioe.sys [2015-06-10 34176]
R3 GpioVirtual;@oem6.inf,%Driver_Service.Desc%;GPED Virtual GPIO controller driver; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [2015-06-10 27496]
R3 iaioi2c;@oem4.inf,%Driver_Service.Desc%;I2C Controller Service; C:\WINDOWS\System32\drivers\iaioi2ce.sys [2015-06-18 57360]
R3 iaiouart;@oem19.inf,%iaiouart.SVCDESC%;UART Controller; C:\WINDOWS\System32\drivers\iaiouart.sys [2015-06-10 98560]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2016-11-28 3048928]
R3 IntelBatteryManagement;@oem1.inf,%IntelBatteryManagement.SVCDESC%;Intel(R) Battery Management Service; C:\WINDOWS\System32\drivers\IntelBatteryManagement.sys [2015-07-01 47104]
R3 IntelSST;@oem28.inf,%IntelSST_Audio.SvcDesc%;Intel SST Audio Device (WDM); C:\WINDOWS\system32\drivers\isstrtc.sys [2015-11-11 277264]
R3 iwdbus;@oem25.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-01 35320]
R3 PMIC;@oem23.inf,%Driver_Service.Desc%;Intel(R) Power Management IC Device Service; C:\WINDOWS\System32\drivers\PMIC.sys [2015-06-16 77424]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2018-04-11 150528]
R3 rtii2sac;@oem21.inf,%CodecDevice.SVCDESC%;Realtek I2S Audio Codec Device Driver; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [2015-06-12 208624]
R3 RtkUart;@oem9.inf,%RtkBtUart.SVCDESC%;Realtek Bluetooth UART Bus Driver Service; C:\WINDOWS\System32\drivers\RtkUart.sys [2015-07-20 557312]
R3 RtlWlans;@netrtwlans.inf,%RtlWlans.DeviceDesc.DispName%;Realtek Wireless LAN 802.11n SDIO Network Adapter; C:\WINDOWS\System32\drivers\rtwlans.sys [2018-04-11 6555136]
R3 rtsuvc;@oem20.inf,%rtsuvc.DeviceDesc%;Lenovo EasyCamera; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2016-10-13 1943808]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-11 693144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-11 118680]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-11 103320]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-11 105368]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-11 64408]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-11 71576]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-11 51608]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-11 54680]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-11 32664]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2018-06-15 39840]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-11 13312]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-11 13312]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2018-04-11 74144]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\drivers\BTHport.sys [2018-10-21 865280]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-11 27648]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-11 102400]
S3 DptfDevAmbient;DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [2015-06-23 88584]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-11 17408]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-11 38296]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-11 18944]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-11 28672]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-11 74240]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-11 30208]
S3 intaud_WaveExtensible;@oem2.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2015-12-01 44016]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-11 24064]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-11 92672]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-11 405408]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-11 43424]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-11 122368]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-11 13312]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-11 71168]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-08-13 83984]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-03-17 67384]
R2 backlh;Background Logic Handler; C:\ProgramData\Logic Cramble\set.exe [2018-11-26 3780096]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 390416]
R2 BTDevManager;BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [2015-07-16 147160]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
R2 CDPUserSvc_19cdd;CDPUserSvc_19cdd; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2018-11-16 6082440]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
R2 CRMSvc;CRMSvc; C:\Users\Kateřina\AppData\Roaming\CRMSvc\CRMSvc.exe [2018-11-26 1515520]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
R2 DptfParticipantProcessorService;@oem17.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [2015-07-29 108648]
R2 DptfPolicyCriticalService;@oem17.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform & Thermal Framework Critical Service Application; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [2015-07-29 105576]
R2 DptfPolicyLpmService;@oem17.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform & Thermal Framework Low Power Mode Service Application; C:\WINDOWS\system32\DptfPolicyLpmService.exe [2015-07-29 115816]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2016-11-28 292832]
R2 MicroV2Service;MicroV2Service; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
R2 OneSyncSvc_19cdd;OneSyncSvc_19cdd; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
R2 osrss;@%systemroot%\system32\osrss.dll,-500; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-07-14 625008]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2018-11-08 284464]
R3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
R3 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2018-03-05 43648]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2017-03-22 569656]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
R3 PimIndexMaintenanceSvc_19cdd;PimIndexMaintenanceSvc_19cdd; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
R3 TokenBroker;@%systemroot%\system32\tokenbroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 BcastDVRUserService_19cdd;BcastDVRUserService_19cdd; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 BluetoothUserService_19cdd;BluetoothUserService_19cdd; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\system32\IntelCpHeciSvc.exe [2016-11-28 299488]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 DevicePickerUserSvc_19cdd;DevicePickerUserSvc_19cdd; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 DevicesFlowUserSvc_19cdd;DevicesFlowUserSvc_19cdd; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2018-04-11 68096]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 InnovativeSolutions_monitor;Innovative Solutions Service Monitor; C:\Program Files\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [2018-10-16 1065560]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 LSCWinService;LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2015-07-17 271296]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 MessagingService_19cdd;MessagingService_19cdd; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-10-31 214824]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 PrintWorkflowUserSvc_19cdd;PrintWorkflowUserSvc_19cdd; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-11 871424]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2018-04-11 44520]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-08-01 679424]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\WINDOWS\system32\TieringEngineService.exe [2018-04-11 267264]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2018-04-11 44520]
S4 ssh-agent;OpenSSH Authentication Agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [2018-03-19 353792]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.10 2018-11-26 16:58:44

======MBR======

0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006EE59C04000000000200EEFFFFFF01000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

Adobe Acrobat Reader DC - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AC0F074E4100}
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824298644}
Advanced Uninstaller PRO - Version 12-->"C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{90B7F915-6343-43CE-9DA7-E79E5BAC6673}
Apple Software Update-->MsiExec.exe /I{52D87F32-70E4-4348-8148-C0B9F35B1314}
AX88772C_772B_772A_772 Windows 8.x Drivers-->"C:\Program Files\InstallShield Installation Information\{18B9948C-938D-4AED-9ED7-EADE3BD1876A}\setup.exe" -runfromtemp -l0x0405 -removeonly
AX88772C_772B_772A_772 Windows 8.x Drivers-->MsiExec.exe /I{18B9948C-938D-4AED-9ED7-EADE3BD1876A}
Bonjour-->MsiExec.exe /X{D168AAD0-6686-47C1-B599-CDD4888B9D1A}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
doPDF 7.3 printer-->"C:\Program Files\Softland\doPDF 7\unins000.exe"
DriverToolkit version 8.5.0.0-->"C:\Program Files\DriverToolkit\unins000.exe"
Epson Easy Photo Print 2-->"C:\Program Files\InstallShield Installation Information\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}\setup.exe" -runfromtemp -l0x0405 UNINST -removeonly
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Free YouTube Downloader 4.2.754-->"C:\Program Files\Free YouTube Downloader\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GOMPlayer\Uninstall.exe"
iTunes-->MsiExec.exe /I{2F95FFC4-8624-43AB-8256-AA223555C9B7}
Lenovo Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B266E062-D6C5-485B-B426-51B152B041A6}\setup.exe" -l0x9 -removeonly
Lenovo EasyCamera-->C:\WINDOWS\RtCamU.exe /u /s
Lenovo Solution Center-->MsiExec.exe /X{74C3EF3E-2A0D-470A-9EDC-884D5F85644F}
Microsoft Office Professional Plus 2016 - en-us-->"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=ProplusRetail.16_en-us_x-none culture=en-us version.16=16.0
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Compact 4.0 CSY-->MsiExec.exe /X{E8BEDB28-151D-465C-9BE0-F6EB930A629C}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501-->"C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
MyPC Backup -->C:\Program Files\OLBPre\uninst.exe
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Network Stumbler 0.4.0 (remove only)-->"C:\Program Files\Network Stumbler\uninst.exe"
Office 16 Click-to-Run Extensibility Component-->MsiExec.exe /X{90160000-008C-0000-0000-0000000FF1CE}
Office 16 Click-to-Run Licensing Component-->MsiExec.exe /I{90160000-007E-0000-0000-0000000FF1CE}
Office 16 Click-to-Run Localization Component-->MsiExec.exe /X{90160000-008C-0409-0000-0000000FF1CE}
Online Application-->MsiExec.exe /X{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Podpora aplikací Apple (32bitová)-->MsiExec.exe /I{05E07D23-91E9-4E70-A4CC-EF505088F967}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
REALTEK Bluetooth-->"C:\Program Files\InstallShield Installation Information\{192979A0-37F4-4703-B1BB-62052142CE44}\setup.exe" -runfromtemp -l0x0409 -removeonly
REALTEK Bluetooth-->MsiExec.exe /X{192979A0-37F4-4703-B1BB-62052142CE44}
SafeFinder-->"C:\Program Files\Common Files\Subdex\uninstall.exe" shuz -f "C:\Program Files\Common Files\Subdex\uninstall.dat" -a uninstallme 9FF5C253-F0AC-4F08-8104-1CDB2BF4B543 DeviceId=fc5546aa-39af-2217-268d-44cb81055933 BarcodeId=51198003 ChannelId=003 DistributerName=APSFWakeNet
Update for Windows 10 (KB4023057)-->MsiExec.exe /X{B4E18807-9076-48A8-A1E1-E5FEB7554C77}
UpdateAssistant-->MsiExec.exe /I{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}
User Manuals-->"C:\Program Files\InstallShield Installation Information\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\setup.exe" -runfromtemp -l0x0409 -removeonly
User Manuals-->MsiExec.exe /X{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}
Webshare uploader-->"C:\Program Files\Webshare\uninstall.exe"
Windows 10 Update and Privacy Settings-->MsiExec.exe /X{542CC2C2-ABAF-4604-8723-DA296AF74540}
Windows 10 Update Assistant-->"C:\Windows10Upgrade\Windows10UpgraderApp.exe" /Uninstall
YoutubeAdBlock-->rundll32 "C:\Program Files\bbIORqNasDUn\VprzRLjspJ.dll",#1

======System event log======

Computer Name: LAPTOP-LMBQQVTN
Event Code: 27
Message: Typ spuštění byl 0x0.
Record Number: 5
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20180801111150.037101-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: LAPTOP-LMBQQVTN
Event Code: 20
Message: Poslední stav úspěšného vypnutí byl false. Poslední stav úspěšného spuštění byl true.
Record Number: 4
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20180801111150.036797-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: LAPTOP-LMBQQVTN
Event Code: 12
Message: Operační systém se spustil v systémovém čase ‎2018‎-‎08‎-‎01T11:11:49.487431000Z.
Record Number: 3
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20180801111150.036506-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: LAPTOP-LMBQQVTN
Event Code: 6005
Message: Služba Event Log byla spuštěna.
Record Number: 2
Source Name: EventLog
Time Written: 20180801111312.311278-000
Event Type: Informace
User:

Computer Name: LAPTOP-LMBQQVTN
Event Code: 6009
Message: Microsoft (R) Windows (R) 10.00. 17134 Multiprocessor Free.
Record Number: 1
Source Name: EventLog
Time Written: 20180801111312.311278-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: LAPTOP-LMBQQVTN
Event Code: 916
Message: svchost (1780,G,98) Beta verze funkce EseDiskFlushConsistency je povolená v: ESENT v důsledku nastavení režimu beta verze webu 0x800000.
Record Number: 5
Source Name: ESENT
Time Written: 20180801111314.451791-000
Event Type: Informace
User:

Computer Name: LAPTOP-LMBQQVTN
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 4
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20180801111312.271468-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: LAPTOP-LMBQQVTN
Event Code: 5617
Message: Subsystémy služby WMI (Windows Management Instrumentation) byly úspěšně inicializovány.
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20180801111223.964813-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: LAPTOP-LMBQQVTN
Event Code: 5615
Message: Služba WMI (Windows Management Instrumentation) byla úspěšně spuštěna.
Record Number: 2
Source Name: Microsoft-Windows-WMI
Time Written: 20180801111223.729603-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: LAPTOP-LMBQQVTN
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20180801111312.326902-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: LAPTOP-LMBQQVTN
Event Code: 4798
Message: Bylo vyhodnoceno členství uživatele v místní skupině.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LAPTOP-LMBQQVTN$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Uživatel:
ID zabezpečení: S-1-5-21-3793012919-2705438960-3369879477-1002
Název účtu: kcver
Doména účtu: LAPTOP-LMBQQVTN

Informace o procesu:
ID procesu: 0xcb0
Název procesu: C:\Windows\System32\LogonUI.exe
Record Number: 365249
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20181105223249.487777-000
Event Type: Úspěšný audit
User:

Computer Name: LAPTOP-LMBQQVTN
Event Code: 4798
Message: Bylo vyhodnoceno členství uživatele v místní skupině.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LAPTOP-LMBQQVTN$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Uživatel:
ID zabezpečení: S-1-5-21-3793012919-2705438960-3369879477-1004
Název účtu: Kateřina
Doména účtu: LAPTOP-LMBQQVTN

Informace o procesu:
ID procesu: 0xcb0
Název procesu: C:\Windows\System32\LogonUI.exe
Record Number: 365248
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20181105223249.460607-000
Event Type: Úspěšný audit
User:

Computer Name: LAPTOP-LMBQQVTN
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
SeDelegateSessionUserImpersonatePrivilege
Record Number: 365247
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20181105222529.583460-000
Event Type: Úspěšný audit
User:

Computer Name: LAPTOP-LMBQQVTN
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LAPTOP-LMBQQVTN$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Informace o přihlášení:
Typ přihlášení: 5
Omezený režim správce: -
Virtuální účet: Ne
Token se zvýšeným oprávněním: Ano

Úroveň zosobnění: Zosobnění

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
ID propojeného přihlášení: 0x0
Název účtu v síti: -
Doména účtu v síti: -
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x398
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě: -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (jenom NTLM): -
Délka klíče: 0

Tato událost je vygenerována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole předmětu označují účet v místním systému, který si vyžádal přihlášení. Obvykle se jedná o službu, například serverovou službu, nebo o místní proces, například Winlogon.exe nebo Services.exe.

Pole typu přihlášení označuje druh přihlášení, které proběhlo. Nejčastější typy jsou 2 (interaktivní) a 3 (síťové).

Pole Nové přihlášení označují účet, pro který bylo vytvořeno nové přihlášení, tj. přihlášený účet.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole úrovně zosobnění označuje rozsah, ve kterém může být proces v přihlašovací relaci zosobněn.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují pomocné služby, které se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje dílčí protokol z protokolů NTLM, který byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 365246
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20181105222529.583413-000
Event Type: Úspěšný audit
User:

Computer Name: LAPTOP-LMBQQVTN
Event Code: 4798
Message: Bylo vyhodnoceno členství uživatele v místní skupině.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: LAPTOP-LMBQQVTN$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Uživatel:
ID zabezpečení: S-1-5-21-3793012919-2705438960-3369879477-1002
Název účtu: kcver
Doména účtu: LAPTOP-LMBQQVTN

Informace o procesu:
ID procesu: 0x2214
Název procesu: C:\Windows\System32\LogonUI.exe
Record Number: 365245
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20181105221916.445437-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DriverData"=C:\Windows\System32\Drivers\DriverData
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"configsetroot"=%SystemRoot%\ConfigSetRoot
"asl.log"=Destination=file
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 55 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=3708

-----------------EOF-----------------

Re: Zničené soubory - vir?

Napsal: 26 lis 2018 17:25
od LadyKate
Hodně souborů má zvláštní koncovku a našla jsem tento text:

---= GANDCRAB V5.0.4 =---

***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

*****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

Attention!

All your files, documents, photos, databases and other important files are encrypted and have the extension: .TNVVPFINSS

The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.


The server with your key is in a closed network TOR. You can get there by the following ways:

----------------------------------------------------------------------------------------

| 0. Download Tor browser - https://www.torproject.org/

| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/b4ccf64e46c96c1f
| 4. Follow the instructions on this page

----------------------------------------------------------------------------------------


On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.


ATTENTION!

IN ORDER TO PREVENT DATA DAMAGE:

* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW

---BEGIN GANDCRAB KEY---
lAQAAA/zuyJWvLEEv0ValWc4eyD6/BQ1cy83T1EBj1KHmaep318ZPBw2C7C1lr6tK7kH2aX+xrcu3MeoDVXcSCwSPDEoWNbYIrkybz9tLThstqp0qEX7xtXRRcpnx2YwsJ2JRw2AGGweyTDHOjpa2DNTY+ZRFVWJHt5hSUdcbaJIlFWEVSxKz3xtDXaQyrsjizKUaF3hKllXUC7/0pUFtQsOXMFFMT1a9Myl1vjbUci4Pcy7TcN8iX79HScvy+vliku7RTwKpB2k/3rLEz4TopZEBBFJnz+oVlOGSwMNHGOz3tfSCY6jKS97UReRcepxdtryVM0wRIegeOkzvfLno0No3xHM4Zlr1j8nUWa+mkETKF2dP36hJB6i61nzuQb9Zt9ZupaRNAiq/ctoQyIQdRvorGX2pyoZBMsRSCbhObN+Nii2gUHCwjV3PuJdqgblkMohKGBBfx4YWv3LRQqJ6Kp9RZs3BrILKFahac7+6Q+jP5LAg+260w+7RR3Twb3IpCOltUBLPVWHX1e2CG2vHyXvT81FfT4ieBzqLuSLJu+25/d+Q5oVfGllqTZ3cFtCwBMryWO/UsAlvkv9+HzKVT5gB+3GcobwrRSmyEl1J/HPewTVYdfW4cX3evrKw0Z55alJj2tBQH7DTnMgxh+9KdckkAyWqmBHL4k3e/t8Zyz2dCGKjkNtrPDl6Cpljr2dFeIzflj/UhpDQ4WkXqrx8DNmcgDiLOlv+v/y6PHtp1QB0goGEXGYVbPScmwyVReAAKHoGNgQYdRN22efJ+DzV3hv9gEx+HFCQ8rlUWhgZVK3rOayBa5ZE3f/kvN5GnZURlRwG+M1F7fBYgdM1xMJ/txOwNdatu3PAHVHHOevUVDn7++TeDjPotSHSgRSxB5jW29Sb1l0yQZBqBZzWRt3czSRLEaZWtck4X1zlNiZLA1YYfToqa2sQJe4vjd/m3Bw9LBOs5Uvgzs8Uogd6h4Msp7wtLEWFQqZNGWqTZZDf5o+71Y6IgRJT4Epqwf62ezIJSdmoUI60hLsa0kZhthxspdjev3WEXIwxVvMgd2BcRTxtrQxal9xx6E/+hEyd4tD9Ws3dyN0lA4eZ5IOJgPpwFERzoSWwjgqsFNZHmpnshone6xuBYryFw0fjI8/fn5wS1MlMEskA6Dgjlu7kG9hId043M6iqG/4GhdWZBmg10oicA9iYPGLCm6kB8Ncg7xJVkCIv9HkhvfdQL5mQVccc8074ujb8U58MiIkUmOk89YaFBltedQqH0fxX8nR4XG7xj7b5pRDXvDj/Wzi7DgjQWqcIFnZU0BJJTQgPVljJbYEb+Czeh92fNKQkhlVISMNrORH3pvtiAqoTt/E6W9ZMDTkaDeqrq1HVLDgZ75ja6nGLGnbSBjIlgpos//4Bsh1kk2KmH3hfCrugVM/GhrJlFNnJoboTlz/Elm5j2WmT1wcsYsbD5TsFpJ5t1CXUj1R4qCRQKbEQ6uZ6e/VCF3X0HntxdQIdXsvR/N1ptMfmUhKXQ36ki+GuCprafRf7x1qP1OvmyjB6KEbxbYsHbigrhR2LEIpD//GD8HaAmdOEEZJ7pyPTbF5jupD+b0bQGiTL7n+8efTFZiwYpyjn5gMYL5KoMD7QH3alzbnMZV74BwqWaK760sPu1e111tSrI88hItIwT1NRSR9whjlB7uoibtQDZPRWFrVcIHg+ZMSr3fLWgofizSoUOuzyLWCpXUBReSuRKCXJDANkAZVacN4HUR0MlG47pA9FjbgnZtBSSbmHZvdE1odbdMHrIKo/4aCx7my1R3QuP/Ztj7RNa3Ucvw301im/ojp1O4a6CoI8aaawBUHfCzCZatd+ZNfTs4TQ6PDRtN3fv/BmfKYE5A5FeVuKvdYRpwRFPqv/9il7P6WjY5X4i6tt0lolHuQI0jfpGK48pva+sWhbjbvVj24jYaJRL/16MtqQJ5+oFOFJbT1Gzqw56FQS8bpe3Nc/Po+PpejdBXvfOvym2rzMC81sqbh/owJS+VR2G7bw6DMrBIdqpu/KN+j0GLwFDOMZOyIk2yVS8gLMLZVlD780SiuRVSauum1SzllTnL7DA2X2Dp8MYsNOJRje+GtyDGAZ0bOIF8dglzyRinqYsBReXZw0zDVj9aJDNsUJ7rjriPzKoS+sJJEd6MXdqfFDsiPHVkCwxD1e5D7sb65wBNWKrhsPUqpYzBk0btPWeznWOWSmjzYoZMOYYMYWma7Af7l/r5cyAmiCIWr0Ps=
---END GANDCRAB KEY---

---BEGIN PC DATA---
wfKD6iudumBkmpL8IRr4U42xFFaxOX7t9z1pOqr1yVZvvPaWMR50Ya9d4ZZ6TrJRw3YT7nlWtbfBTG6H8B43BLPzodMn7576bEGxDB3iI5I3883FJv/wmEmoIZAmLq2jx/wG2W3xHJKzioWhaESLApAArrZ7OKCX4bnCbQ0kR3QkbaWWu8CLYZdYTaTPxsIpDo4o25SAVFK0ZCRV7QPKuUDcPCIr2PGMOUP2MIUP7YobLE6TCJxjmt8oRXZ0P7U/BPqT1oFzizb2jfBAGXgul5tnWN0kCFwxQw7bDM4r5X1mSmzFTA+8kbote9j9qeenr7r157hi9bEtkQvBj+L2/z82VesrGpNYZFqFBjHt7xGHEYcb4idN4oS4VKa4Y59yZIzx2X+ikpRITTkqaFO7JNcJp5FuwIEoDRPOnPw+C+4JAKmf1WFig/hrJQ2axARKtg6OZkfpfBE53prLN+ao1wcZOHQQRlyKdDnZ1lXgdX8LmVffnCz1QU9nmLItls+w7XIOVYjpfDf8fAIcJcA3P3tNgH9XQ3XCzaYBEqbtfkjHBdBMOZH4Hp0Oe7/GRc8P4okrV+HupbORzJn9ZnYIh8sz9exIReNtWv/Mbm7W7eJVXslebNR19E9haVKM2uJgzmk=
---END PC DATA---

Re: Zničené soubory - vir?

Napsal: 26 lis 2018 17:38
od Rudy
Zdravím!
Napadl vás Ransomware. My vám můžeme PC vyčistit, avšak soubory nedekryptujeme. K tomu je třeba přímý dálkový přístup do PC a to nemáme právně ošetřeno. Pokud to bude možné, dekryptoví ( za předpokladu, že budou mít k dispozici dekryptovací klíč) zde: https://www.neslape.cz/?utm_campaign=ne ... ium=banner . Chcete-li PC vyčistit, dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

Re: Zničené soubory - vir?

Napsal: 26 lis 2018 18:01
od LadyKate
Co všechno budou potřebovat vědět na té webové stránce, která se týká dekryptování?

Posílám požadovaný LOG pro vyčištění PC:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.11.2018
Ran by Kateřina (administrator) on LAPTOP-LMBQQVTN (26-11-2018 17:57:33)
Running from C:\Users\Kateřina\Desktop
Loaded Profiles: Kateřina (Available Profiles: kcver & Kateřina)
Platform: Microsoft Windows 10 Home Version 1803 17134.407 (X86) Language: Slovenština (Slovensko)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
() C:\Users\Kateřina\AppData\Roaming\CRMSvc\CRMSvc.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.4.2.223\WsAppService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Megaify Software Co., Ltd.) C:\Program Files\DriverToolkit\DriverToolkit.exe
(Innovative Solutions GRUP SRL) C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x86__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(3NOD) C:\Windows\3NOD\Lenovokb.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [486816 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [3nodkey] => C:\Windows\3NOD\LenovoKB.exe [6416384 2015-08-12] (3NOD)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267064 2017-03-22] (Apple Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [103528 2015-07-29] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [406664 2016-05-25] (Power Software Ltd)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\Run: [Easy Disk Drive Repair] => C:\Program Files\Zeatron Software\Easy Disk Drive Repair\EasyDiskDriveRepair.exe [483328 2015-01-17] (Zeatron Software)
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd)
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\Run: [ccleaner] => C:\ProgramData\ccleaner.exe [1372160 2018-11-26] (Brinker International, Inc.) <==== ATTENTION
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\Run: [SDfgsdf] => C:\ProgramData\ccleaner.exe [1372160 2018-11-26] (Brinker International, Inc.) <==== ATTENTION
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe [299008 2018-04-12] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\Quoteex\BioDubhold.dll => C:\ProgramData\Quoteex\BioDubhold.dll [460800 2018-11-26] ()
Startup: C:\Users\Kateřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to Primary output from Start (Active).lnk [2018-10-09]
ShortcutTarget: Shortcut to Primary output from Start (Active).lnk -> C:\Users\Kateřina\AppData\Roaming\Microsoft\Installer\{B3FF2578-EA9C-4E00-8FA2-3BD365765C6A}\_39FFF477723EF5F16A899A.exe ()
GroupPolicy: Restriction - Windows Defender <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{0536420d-6f45-4c03-9f00-769e7f69022c}: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{49ca41ff-aac6-4d4b-96eb-37e9914a09f3}: [DhcpNameServer] 169.254.73.172

Internet Explorer:
==================
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3WaKa_SS8RH5DHpGaVDpv3QYcFJZqOknK-Sph1KharVPuUn1IrQ-ipp0wwWI5d07mc7fJwW1CoH9Kzh7mF8UNzgg_KOA55192KuoUDSzjU8gZpQ2miJHbKs7rkiCNdBYYJtJ1R7loIoM5ooUHYC1qpvwZJXXn&q={searchTerms}
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3WaKa_SS8RH5DHpGaVDpv3QYcFJZqOknK-Sph1KharVPuUn1IrQ-ipp0wwWI5d07qteMWHrPQ1GTKb79xkZOYw4EEDWQpViDiD4Mx2eU1xg0xhGSWoPWDWuhm3YUA5B_CO7REkdmIbHXI_IJGbs7GLMbax22t
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3WaKa_SS8RH5DHpGaVDpv3QYcFJZqOknK-Sph1KharVPuUn1IrQ-ipp0wwWI5d07mc7fJwW1CoH9Kzh7mF8UNzgg_KOA55192KuoUDSzjU8gZpQ2miJHbKs7rkiCNdBYYJtJ1R7loIoM5ooUHYC1qpvwZJXXn&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3793012919-2705438960-3369879477-1004 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3WaKa_SS8RH5DHpGaVDpv3QYcFJZqOknK-Sph1KharVPuUn1IrQ-ipp0wwWI5d07mc7fJwW1CoH9Kzh7mF8UNzgg_KOA55192KuoUDSzjU8gZpQ2miJHbKs7rkiCNdBYYJtJ1R7loIoM5ooUHYC1qpvwZJXXn&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3793012919-2705438960-3369879477-1004 -> {BE5610C5-6AAF-49B2-90C4-CE53570C960C} URL =
SearchScopes: HKU\S-1-5-21-3793012919-2705438960-3369879477-1004 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3WaKa_SS8RH5DHpGaVDpv3QYcFJZqOknK-Sph1KharVPuUn1IrQ-ipp0wwWI5d07mc7fJwW1CoH9Kzh7mF8UNzgg_KOA55192KuoUDSzjU8gZpQ2miJHbKs7rkiCNdBYYJtJ1R7loIoM5ooUHYC1qpvwZJXXn&q={searchTerms}
BHO: YoutubeAdBlock -> {D1660F2C-BBC4-4D94-A6BA-EB25BC207DA5} -> C:\Program Files\loreCZYyGIE\k80xklHJ.dll [2018-11-26] ()
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-15] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-15] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-15] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-10-09] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-10-06] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [147160 2015-07-16] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [6082440 2018-11-16] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [299488 2016-11-28] (Intel Corporation)
R2 CRMSvc; C:\Users\Kateřina\AppData\Roaming\CRMSvc\CRMSvc.exe [1515520 2018-11-26] () [File not signed] <==== ATTENTION
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [108648 2015-07-29] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [105576 2015-07-29] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [115816 2015-07-29] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [292832 2016-11-28] (Intel Corporation)
S3 InnovativeSolutions_monitor; C:\Program Files\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1065560 2018-10-16] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-07-17] (Lenovo)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [353792 2018-03-19] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3358832 2018-10-23] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [91584 2018-10-23] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [66560 2018-04-11] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [23040 2018-04-11] (Microsoft Corporation)
R3 camera; C:\WINDOWS\system32\DRIVERS\iacamera32.sys [697360 2015-07-09] (Intel(R) Corporation)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [88584 2015-06-23] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\System32\drivers\DptfDevPower.sys [55816 2015-06-23] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [59392 2015-06-23] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [85000 2015-06-23] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [203264 2015-06-23] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [467968 2015-06-23] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [34176 2015-06-10] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [27496 2015-06-10] (Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [57360 2015-06-18] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [98560 2015-06-10] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44016 2015-12-01] (Intel Corporation)
R3 IntelBatteryManagement; C:\WINDOWS\System32\drivers\IntelBatteryManagement.sys [47104 2015-07-01] ()
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [277264 2015-11-11] (Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35320 2015-12-01] (Intel Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [33792 2015-06-16] (Intel Corporation)
R1 MpKslbe23642b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4A83D39B-BC1E-468F-87C4-CD969826E4E7}\MpKslbe23642b.sys [49504 2018-11-26] (Microsoft Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [77424 2015-06-16] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [208624 2015-06-12] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [557312 2015-07-20] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\System32\drivers\rtwlans.sys [6555136 2018-04-11] (Realtek Semiconductor Corporation )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [1943808 2016-10-13] (Realtek Semiconductor Corp.)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [123968 2016-05-25] (Power Software Ltd)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [84520 2015-05-27] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [38504 2018-10-23] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [261816 2018-10-23] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [47800 2018-10-23] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [189952 2018-04-11] (Microsoft Corporation)
S1 dlpcsufm; \??\C:\WINDOWS\system32\drivers\dlpcsufm.sys [X]
S1 fkkvzcqd; \??\C:\WINDOWS\system32\drivers\fkkvzcqd.sys [X]
S1 jvlczubs; \??\C:\WINDOWS\system32\drivers\jvlczubs.sys [X]
S1 mlcftapk; \??\C:\WINDOWS\system32\drivers\mlcftapk.sys [X]
S1 ndwfdkhy; \??\C:\WINDOWS\system32\drivers\ndwfdkhy.sys [X]
S1 nmlldtwi; \??\C:\WINDOWS\system32\drivers\nmlldtwi.sys [X]
S1 ptbuioqu; \??\C:\WINDOWS\system32\drivers\ptbuioqu.sys [X]
S1 pyzkxtth; \??\C:\WINDOWS\system32\drivers\pyzkxtth.sys [X]
S1 tjgbhtnu; \??\C:\WINDOWS\system32\drivers\tjgbhtnu.sys [X]
S1 tlbjvsvv; \??\C:\WINDOWS\system32\drivers\tlbjvsvv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-06-07 14:05 - 4950-06-07 14:05 - 000178688 ____N (Microsoft Corporation) C:\WINDOWS\yLAe.exe
2099-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe
2099-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Program Files\Common Files\eejei.exe
2018-11-26 17:57 - 2018-11-26 17:58 - 000017175 _____ C:\Users\Kateřina\Desktop\FRST.txt
2018-11-26 17:56 - 2018-11-26 17:57 - 000000000 ____D C:\FRST
2018-11-26 17:55 - 2018-11-26 17:55 - 001775616 _____ (Farbar) C:\Users\Kateřina\Desktop\FRST.exe
2018-11-26 17:54 - 2018-11-26 17:54 - 000000270 __RSH C:\Users\Kateřina\ntuser.pol
2018-11-26 16:57 - 2018-11-26 16:58 - 000000000 ____D C:\rsit
2018-11-26 16:57 - 2018-11-26 16:58 - 000000000 ____D C:\Program Files\trend micro
2018-11-26 16:57 - 2018-11-26 16:57 - 001107968 _____ C:\Users\Kateřina\Desktop\RSIT.exe
2018-11-26 16:49 - 2018-11-26 16:49 - 000000000 ____D C:\ProgramData\pUIfuUUTjzrUMTVB
2018-11-26 16:49 - 2018-11-26 16:49 - 000000000 ____D C:\Program Files\VtuYtIvrjzmOrIBvrWR
2018-11-26 16:49 - 2018-11-26 16:49 - 000000000 ____D C:\Program Files\vevsoISKgkcDC
2018-11-26 16:49 - 2018-11-26 16:49 - 000000000 ____D C:\Program Files\loreCZYyGIE
2018-11-26 16:49 - 2018-11-26 16:49 - 000000000 ____D C:\Program Files\FVgedVjzKgFU2
2018-11-26 16:49 - 2018-11-26 16:49 - 000000000 ____D C:\Program Files\DjpYILTWU
2018-11-26 16:49 - 2018-11-26 16:49 - 000000000 ____D C:\Program Files\bbIORqNasDUn
2018-11-26 16:48 - 2018-11-26 16:48 - 000000290 __RSH C:\ProgramData\ntuser.pol
2018-11-26 16:46 - 2018-11-26 17:04 - 000000000 ____D C:\Program Files\QV65YO6QOJ
2018-11-26 16:46 - 2018-11-26 16:55 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\bag0dugniqe
2018-11-26 15:47 - 2018-11-26 15:47 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Seznam.cz
2018-11-26 15:46 - 2018-11-26 15:46 - 000008666 _____ C:\Users\Kateřina\Desktop\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Kateřina\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Kateřina\AppData\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Kateřina\AppData\Roaming\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\Downloads\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\Documents\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\Desktop\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\AppData\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\AppData\Roaming\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\AppData\Local\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default.migrated\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default.migrated\Documents\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default.migrated\AppData\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default.migrated\AppData\Local\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\Downloads\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\Documents\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\Desktop\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\AppData\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\AppData\Roaming\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\AppData\Local\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:44 - 2018-11-26 16:45 - 000000594 _____ C:\WINDOWS\Tasks\hZpUbaVMqkKgBHw.job
2018-11-26 15:44 - 2018-11-26 15:44 - 000008666 _____ C:\Users\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:44 - 2018-11-26 15:44 - 000008666 _____ C:\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:44 - 2018-11-26 15:44 - 000008666 _____ C:\Program Files\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:43 - 2018-11-26 15:43 - 000000000 ____D C:\Users\Kateřina\AppData\Local\Chrome
2018-11-26 15:43 - 2018-11-26 15:43 - 000000000 ____D C:\ProgramData\acff3714-65e5-0
2018-11-26 15:43 - 2018-11-26 15:43 - 000000000 ____D C:\ProgramData\acff3714-4db5-1
2018-11-26 15:41 - 2018-11-26 15:41 - 000000000 ____D C:\ProgramData\68cff4da-5d31-1
2018-11-26 15:41 - 2018-11-26 15:41 - 000000000 ____D C:\ProgramData\68cff4da-3037-0
2018-11-26 15:40 - 2018-11-26 17:04 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\g0lwckdn14l
2018-11-26 15:40 - 2018-11-26 17:04 - 000000000 ____D C:\Users\Kateřina\AppData\Local\Maurice
2018-11-26 15:40 - 2018-11-26 17:04 - 000000000 ____D C:\Program Files\Live
2018-11-26 15:40 - 2018-11-26 16:55 - 000000000 ____D C:\Program Files\DNYFY4FG1D
2018-11-26 15:40 - 2018-11-26 15:46 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\CRMSvc
2018-11-26 15:39 - 2018-11-26 17:04 - 000000000 ____D C:\ProgramData\Logic Cramble
2018-11-26 15:39 - 2018-11-26 17:04 - 000000000 ____D C:\Program Files\Common Files\Subdex
2018-11-26 15:39 - 2018-11-26 16:55 - 000000000 ____D C:\ProgramData\Quoteex
2018-11-26 15:39 - 2018-11-26 15:46 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Mozilla
2018-11-26 15:39 - 2018-11-26 15:39 - 001895383 _____ C:\Users\Kateřina\AppData\Local\Inchdax.bin
2018-11-26 15:39 - 2018-11-26 15:39 - 000015606 _____ C:\WINDOWS\system32\findit.xml
2018-11-26 15:39 - 2018-11-26 15:39 - 000000000 ____D C:\ProgramData\Quoteexs
2018-11-26 15:38 - 2018-11-26 15:48 - 000722944 _____ C:\Users\Kateřina\AppData\Local\sham.db
2018-11-26 15:38 - 2018-11-26 15:38 - 007813632 _____ C:\Users\Kateřina\AppData\Local\agent.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 002024239 _____ C:\Users\Kateřina\AppData\Local\QvoTech.tst
2018-11-26 15:38 - 2018-11-26 15:38 - 000278509 _____ C:\Users\Kateřina\AppData\Local\Hotwarm.tst
2018-11-26 15:38 - 2018-11-26 15:38 - 000140800 _____ C:\Users\Kateřina\AppData\Local\installer.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 000126464 _____ C:\Users\Kateřina\AppData\Local\noah.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 000070896 _____ C:\Users\Kateřina\AppData\Local\Config.xml
2018-11-26 15:38 - 2018-11-26 15:38 - 000018432 _____ C:\Users\Kateřina\AppData\Local\Main.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 000016416 _____ C:\Users\Kateřina\AppData\Local\InstallationConfiguration.xml
2018-11-26 15:38 - 2018-11-26 15:38 - 000005568 _____ C:\Users\Kateřina\AppData\Local\md.xml
2018-11-26 15:38 - 2018-11-26 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-11-26 15:38 - 2018-11-26 15:37 - 001995264 _____ C:\Users\Kateřina\AppData\Local\QvoTech.exe
2018-11-26 15:38 - 2018-11-26 15:37 - 001995264 _____ C:\Users\Kateřina\AppData\Local\Hotwarm.exe
2018-11-26 15:37 - 2018-11-26 16:45 - 000000402 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2018-11-26 15:37 - 2018-11-26 16:45 - 000000370 _____ C:\WINDOWS\Tasks\Online Application V2G6.job
2018-11-26 15:37 - 2018-11-26 16:45 - 000000370 _____ C:\WINDOWS\Tasks\Online Application V2G5.job
2018-11-26 15:37 - 2018-11-26 16:45 - 000000370 _____ C:\WINDOWS\Tasks\Online Application V2G4.job
2018-11-26 15:37 - 2018-11-26 16:45 - 000000370 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2018-11-26 15:37 - 2018-11-26 16:45 - 000000370 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2018-11-26 15:37 - 2018-11-26 16:45 - 000000370 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2018-11-26 15:37 - 2018-11-26 15:46 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Microleaves
2018-11-26 15:37 - 2018-11-26 15:46 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\ComfortSoftware
2018-11-26 15:37 - 2018-11-26 15:37 - 000000000 ____D C:\Users\Kateřina\AppData\Local\AdvinstAnalytics
2018-11-26 15:37 - 2018-11-26 15:37 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2018-11-26 15:37 - 2018-11-26 15:37 - 000000000 ____D C:\Program Files\Microleaves
2018-11-26 15:37 - 2018-11-26 15:36 - 001372160 _____ (Brinker International, Inc.) C:\ProgramData\ccleaner.exe
2018-11-26 15:36 - 2018-11-26 17:53 - 000000000 ____D C:\Users\Kateřina\AppData\Local\William
2018-11-26 15:36 - 2018-11-26 15:36 - 000000000 ____D C:\ProgramData\HotCopy
2018-11-26 15:34 - 2018-11-26 15:34 - 004567040 _____ C:\Users\Kateřina\Downloads\Microsoft+Office+2016+Activator+(Updated).iso
2018-11-26 15:25 - 2018-11-26 15:46 - 000000000 ____D C:\Users\Kateřina\Desktop\Microsoft Office Professional Plus 2016 Untouched
2018-11-26 13:49 - 2018-11-26 15:46 - 000240156 _____ C:\Users\Kateřina\Desktop\LOSR210104_01_EN02_CS.doc.tnvvpfinss
2018-11-26 11:59 - 2018-11-26 15:46 - 000380114 _____ C:\Users\Kateřina\Desktop\00_EN_CS_test.zip.tnvvpfinss
2018-11-25 13:19 - 2018-11-26 15:44 - 000000000 ___HD C:\OneDriveTemp
2018-11-20 11:39 - 2018-09-04 23:25 - 001491976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-11-18 17:39 - 2018-11-26 16:59 - 000000000 ____D C:\Users\Kateřina\Desktop\Pro ÚP
2018-11-18 16:33 - 2018-11-26 15:46 - 000000000 ____D C:\Users\Kateřina\Desktop\Do mailu
2018-11-17 15:57 - 2018-11-26 15:46 - 000025701 _____ C:\Users\Kateřina\Desktop\Překlad.docx.tnvvpfinss
2018-11-15 23:56 - 2018-11-15 23:57 - 004841734 _____ C:\Users\Kateřina\Desktop\Zajištěné dluhopisy s pevnou sazbou 2017 (AJ - CZ).zip
2018-11-15 20:54 - 2018-11-26 15:46 - 004120559 _____ C:\Users\Kateřina\Desktop\Blackmore Bond S2.pdf.tnvvpfinss
2018-11-15 20:17 - 2018-11-26 15:46 - 000029824 _____ C:\Users\Kateřina\Desktop\Jak založit e-shop (překlad AJ - CZ).docx.tnvvpfinss
2018-11-14 15:12 - 2018-11-01 05:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-14 15:12 - 2018-11-01 05:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-14 15:12 - 2018-11-01 05:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-14 15:12 - 2018-11-01 05:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-14 15:12 - 2018-11-01 05:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-14 15:12 - 2018-11-01 05:48 - 000502824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-14 15:12 - 2018-11-01 05:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-14 15:12 - 2018-11-01 05:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-14 15:12 - 2018-11-01 05:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-14 15:12 - 2018-11-01 05:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-14 15:12 - 2018-11-01 05:30 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-14 15:12 - 2018-11-01 05:28 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-14 15:12 - 2018-10-21 12:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-14 15:12 - 2018-10-21 12:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-14 15:12 - 2018-10-21 08:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-14 15:12 - 2018-10-21 07:58 - 001172992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-14 15:11 - 2018-11-01 11:10 - 004939408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-14 15:11 - 2018-11-01 11:10 - 001362440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-14 15:11 - 2018-11-01 11:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-14 15:11 - 2018-11-01 11:07 - 000078648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-11-14 15:11 - 2018-11-01 10:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-14 15:11 - 2018-11-01 10:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-14 15:11 - 2018-11-01 10:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-14 15:11 - 2018-11-01 10:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-14 15:11 - 2018-11-01 10:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-14 15:11 - 2018-11-01 05:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-14 15:11 - 2018-11-01 05:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-14 15:11 - 2018-11-01 05:48 - 002351416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-14 15:11 - 2018-11-01 05:48 - 000343056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-14 15:11 - 2018-11-01 05:47 - 006687032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-14 15:11 - 2018-11-01 05:47 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-14 15:11 - 2018-11-01 05:47 - 000817768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-14 15:11 - 2018-11-01 05:47 - 000679840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-14 15:11 - 2018-11-01 05:47 - 000633336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-14 15:11 - 2018-11-01 05:47 - 000220472 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-14 15:11 - 2018-11-01 05:35 - 003255296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-14 15:11 - 2018-11-01 05:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-14 15:11 - 2018-11-01 05:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-14 15:11 - 2018-11-01 05:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-14 15:11 - 2018-11-01 05:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-14 15:11 - 2018-11-01 05:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-14 15:11 - 2018-11-01 05:31 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-14 15:11 - 2018-11-01 05:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-14 15:11 - 2018-11-01 05:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-14 15:11 - 2018-11-01 05:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-14 15:11 - 2018-11-01 05:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-14 15:11 - 2018-11-01 05:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-14 15:11 - 2018-11-01 05:29 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-14 15:11 - 2018-11-01 05:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-14 15:11 - 2018-11-01 05:28 - 000441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 001741312 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-14 15:11 - 2018-11-01 05:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000977408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-14 15:11 - 2018-11-01 05:27 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-14 15:11 - 2018-11-01 05:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-14 15:11 - 2018-11-01 05:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-14 15:11 - 2018-10-21 12:37 - 001530560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-14 15:11 - 2018-10-21 12:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-14 15:11 - 2018-10-21 12:26 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-14 15:11 - 2018-10-21 12:26 - 003458560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-14 15:11 - 2018-10-21 08:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-14 15:11 - 2018-10-21 08:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-14 15:11 - 2018-10-21 08:19 - 002144056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-14 15:11 - 2018-10-21 08:19 - 001618376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-14 15:11 - 2018-10-21 08:19 - 000542520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-14 15:11 - 2018-10-21 08:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-14 15:11 - 2018-10-21 08:19 - 000493368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-14 15:11 - 2018-10-21 08:19 - 000142136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-14 15:11 - 2018-10-21 08:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-14 15:11 - 2018-10-21 08:01 - 000183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-14 15:11 - 2018-10-21 07:58 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-14 15:11 - 2018-10-21 07:58 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-14 15:11 - 2018-10-21 07:56 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-14 15:11 - 2018-10-21 07:56 - 000700928 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-14 15:11 - 2018-10-21 06:42 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-14 15:10 - 2018-11-01 11:07 - 000316248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-14 15:10 - 2018-11-01 10:57 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-14 15:10 - 2018-11-01 10:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-14 15:10 - 2018-11-01 10:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-14 15:10 - 2018-11-01 10:55 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-14 15:10 - 2018-11-01 10:53 - 001459200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-11-14 15:10 - 2018-11-01 10:53 - 001082880 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-14 15:10 - 2018-11-01 06:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-14 15:10 - 2018-11-01 05:53 - 000994480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-14 15:10 - 2018-11-01 05:50 - 004171920 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-14 15:10 - 2018-11-01 05:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-14 15:10 - 2018-11-01 05:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-14 15:10 - 2018-11-01 05:47 - 000197136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-14 15:10 - 2018-11-01 05:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-14 15:10 - 2018-11-01 05:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-14 15:10 - 2018-11-01 05:31 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-14 15:10 - 2018-11-01 05:30 - 002808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-14 15:10 - 2018-11-01 05:30 - 002278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-11-14 15:10 - 2018-11-01 05:30 - 001751552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-14 15:10 - 2018-11-01 05:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-14 15:10 - 2018-11-01 05:30 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-14 15:10 - 2018-11-01 05:28 - 001272832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-14 15:10 - 2018-11-01 05:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-14 15:10 - 2018-11-01 05:27 - 001354240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-14 15:10 - 2018-11-01 05:27 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-14 15:10 - 2018-11-01 05:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-14 15:10 - 2018-11-01 05:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-14 15:10 - 2018-10-21 12:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-14 15:10 - 2018-10-21 12:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-14 15:10 - 2018-10-21 12:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-14 15:10 - 2018-10-21 12:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-14 15:10 - 2018-10-21 12:26 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-14 15:10 - 2018-10-21 12:25 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-14 15:10 - 2018-10-21 12:24 - 000887808 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-14 15:10 - 2018-10-21 12:23 - 000998400 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-14 15:10 - 2018-10-21 12:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-14 15:10 - 2018-10-21 12:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-14 15:10 - 2018-10-21 12:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-14 15:10 - 2018-10-21 12:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-14 15:10 - 2018-10-21 08:39 - 000480272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-14 15:10 - 2018-10-21 08:20 - 000539904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-14 15:10 - 2018-10-21 08:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-14 15:10 - 2018-10-21 08:19 - 001190696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-14 15:10 - 2018-10-21 08:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-14 15:10 - 2018-10-21 08:19 - 000949344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-14 15:10 - 2018-10-21 08:19 - 000831216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-14 15:10 - 2018-10-21 08:18 - 001050488 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-14 15:10 - 2018-10-21 08:18 - 000142736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-14 15:10 - 2018-10-21 08:18 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-14 15:10 - 2018-10-21 08:18 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-14 15:10 - 2018-10-21 08:18 - 000044104 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-14 15:10 - 2018-10-21 08:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-14 15:10 - 2018-10-21 08:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-14 15:10 - 2018-10-21 08:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-14 15:10 - 2018-10-21 08:01 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-14 15:10 - 2018-10-21 08:01 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-14 15:10 - 2018-10-21 08:01 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-14 15:10 - 2018-10-21 08:01 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-14 15:10 - 2018-10-21 08:01 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-14 15:10 - 2018-10-21 07:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-14 15:10 - 2018-10-21 07:59 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-14 15:10 - 2018-10-21 07:59 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 002198528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 001224192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-11-14 15:10 - 2018-10-21 07:58 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-14 15:10 - 2018-10-21 07:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-14 15:10 - 2018-10-21 07:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-14 15:10 - 2018-10-21 07:57 - 002412544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-14 15:10 - 2018-10-21 07:57 - 001588224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-14 15:10 - 2018-10-21 07:57 - 000830976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-14 15:10 - 2018-10-21 07:57 - 000515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-14 15:10 - 2018-10-21 07:57 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-14 15:10 - 2018-10-21 07:56 - 001414144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-14 15:10 - 2018-10-21 07:56 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-09 09:30 - 2018-11-26 15:46 - 000632885 _____ C:\Users\Kateřina\Desktop\Náborový dotazník.docx.tnvvpfinss
2018-11-08 21:45 - 2018-11-26 15:46 - 000054283 _____ C:\Users\Kateřina\Desktop\imageresize.jpg.tnvvpfinss
2018-11-07 22:22 - 2018-11-13 13:10 - 006161408 _____ C:\Users\Kateřina\AppData\Local\dump007.dat
2018-11-04 18:22 - 2018-11-04 18:22 - 000000011 _____ C:\Users\Kateřina\setup12.ini
2018-11-01 19:41 - 2018-11-01 19:41 - 000000000 ____D C:\WINDOWS\Firmware
2018-10-31 18:10 - 2018-10-31 18:10 - 000173094 _____ C:\Users\Kateřina\Desktop\Seznam Email.pdf
2018-10-27 12:43 - 2018-10-27 12:43 - 000317766 _____ C:\Users\Kateřina\Desktop\tablepress.1.9.1.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-26 17:54 - 2018-08-01 12:15 - 000000000 ____D C:\Users\Kateřina
2018-11-26 17:54 - 2018-04-11 21:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-26 17:54 - 2016-10-13 16:37 - 000000000 __SHD C:\Users\Kateřina\IntelGraphicsProfiles
2018-11-26 17:53 - 2018-08-01 12:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-26 17:53 - 2018-08-01 12:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-26 16:53 - 2018-08-01 12:36 - 000718030 _____ C:\WINDOWS\system32\perfh005.dat
2018-11-26 16:53 - 2018-08-01 12:36 - 000145610 _____ C:\WINDOWS\system32\perfc005.dat
2018-11-26 16:53 - 2018-08-01 12:30 - 002650970 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-26 16:53 - 2018-04-11 21:31 - 000000000 ____D C:\WINDOWS\INF
2018-11-26 16:53 - 2017-10-22 17:48 - 000511542 _____ C:\WINDOWS\system32\perfh01B.dat
2018-11-26 16:53 - 2017-10-22 17:48 - 000425462 _____ C:\WINDOWS\system32\perfc01B.dat
2018-11-26 16:48 - 2015-07-10 09:28 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-11-26 16:47 - 2018-04-11 21:25 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-26 16:45 - 2017-05-10 04:52 - 000000384 _____ C:\WINDOWS\Tasks\DriverToolkit Autorun.job
2018-11-26 16:01 - 2018-04-11 13:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-11-26 16:01 - 2016-12-10 16:10 - 000000000 ____D C:\Users\Kateřina\Desktop\recovered
2018-11-26 15:47 - 2017-11-24 18:58 - 000000000 ____D C:\Users\Kateřina\Desktop\Překlady
2018-11-26 15:46 - 2018-10-20 16:34 - 000041153 _____ C:\Users\Kateřina\Desktop\1.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-10-20 13:21 - 000001161 _____ C:\Users\Kateřina\Desktop\odkazy.txt.tnvvpfinss
2018-11-26 15:46 - 2018-10-16 12:42 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\IE.Coockies
2018-11-26 15:46 - 2018-10-09 16:44 - 000001045 _____ C:\Users\Kateřina\Desktop\Microsoft Toolkit By Graphic Evolved.zip.tnvvpfinss
2018-11-26 15:46 - 2018-10-08 17:35 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\PowerISO
2018-11-26 15:46 - 2018-10-08 17:21 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Nero
2018-11-26 15:46 - 2018-09-13 19:26 - 000093390 _____ C:\Users\Kateřina\Desktop\bez názvu.png.tnvvpfinss
2018-11-26 15:46 - 2018-09-12 13:58 - 000133679 _____ C:\Users\Kateřina\Desktop\02.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-09-03 12:29 - 000012130 _____ C:\Users\Kateřina\Desktop\example.xlsx.tnvvpfinss
2018-11-26 15:46 - 2018-09-03 11:55 - 000671193 _____ C:\Users\Kateřina\Desktop\Chapman Gary - Pět jazyků lásky.pdf.tnvvpfinss
2018-11-26 15:46 - 2018-08-08 22:30 - 000434683 _____ C:\Users\Kateřina\Desktop\P6132720.JPG.tnvvpfinss
2018-11-26 15:46 - 2018-08-08 22:30 - 000423860 _____ C:\Users\Kateřina\Desktop\P6132719.JPG.tnvvpfinss
2018-11-26 15:46 - 2018-06-25 17:37 - 000028581 _____ C:\Users\Kateřina\Desktop\CF0618C5-8D9D-4B9C-9AC0-F849BF8B90A1.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-25 17:27 - 000006101 _____ C:\Users\Kateřina\Desktop\222.png.tnvvpfinss
2018-11-26 15:46 - 2018-06-25 17:21 - 000043782 _____ C:\Users\Kateřina\Desktop\11.png.tnvvpfinss
2018-11-26 15:46 - 2018-06-25 15:52 - 000016629 _____ C:\Users\Kateřina\Desktop\imagesQUSH4PEZ.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-25 15:29 - 000014456 _____ C:\Users\Kateřina\Desktop\01.png.tnvvpfinss
2018-11-26 15:46 - 2018-06-21 15:32 - 000037145 _____ C:\Users\Kateřina\Desktop\Consignment no.docx.tnvvpfinss
2018-11-26 15:46 - 2018-06-21 15:28 - 000174646 _____ C:\Users\Kateřina\Desktop\6C6A4557-F45B-4533-B798-BAF0A014CA59.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-21 15:23 - 000067605 _____ C:\Users\Kateřina\Desktop\9EDEC4FF-E92F-4249-B2BC-205D3CD52C50.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-21 15:20 - 000087361 _____ C:\Users\Kateřina\Desktop\3419FD88-1A86-47E2-A6C7-FEF72AFFAFF8.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-19 13:39 - 000083495 _____ C:\Users\Kateřina\Desktop\Doklad č. 19062018.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-16 17:06 - 000027942 _____ C:\Users\Kateřina\Desktop\Překlad webové stránky LitFin.docx.tnvvpfinss
2018-11-26 15:46 - 2018-06-16 16:52 - 000025430 _____ C:\Users\Kateřina\Desktop\LitFin_web text.docx.tnvvpfinss
2018-11-26 15:46 - 2018-06-12 18:31 - 000003259 _____ C:\Users\Kateřina\Desktop\1234.png.tnvvpfinss
2018-11-26 15:46 - 2018-06-12 13:38 - 000193853 _____ C:\Users\Kateřina\Desktop\180147.png.tnvvpfinss
2018-11-26 15:46 - 2018-06-07 18:22 - 000151425 _____ C:\Users\Kateřina\Desktop\15208649-D6DB-45A7-8706-C21E32C24A29.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-05-31 18:44 - 002065935 _____ C:\Users\Kateřina\Desktop\IMG_4593.jpeg.tnvvpfinss
2018-11-26 15:46 - 2018-05-29 18:10 - 000153356 _____ C:\Users\Kateřina\Desktop\7A0227D1-B461-4081-941E-8CD09AC22CE2.jpeg.tnvvpfinss
2018-11-26 15:46 - 2018-05-29 14:23 - 000014125 _____ C:\Users\Kateřina\Desktop\Hledáte přivýdělek z domu a rádi se učíte novým věcem.docx.tnvvpfinss
2018-11-26 15:46 - 2018-05-22 15:41 - 000779021 _____ C:\Users\Kateřina\Desktop\Osobní dotazník, 6.2.2018 - TRANSPONO.pdf.tnvvpfinss
2018-11-26 15:46 - 2018-05-22 09:42 - 000033308 _____ C:\Users\Kateřina\Desktop\Osobní dotazník, 6.2.2018 - TRANSPONO s.r.pdf.tnvvpfinss
2018-11-26 15:46 - 2018-05-20 18:00 - 000019089 _____ C:\Users\Kateřina\Desktop\Překlad termínů výkresové dokumentace.xlsx.tnvvpfinss
2018-11-26 15:46 - 2018-05-18 21:21 - 000000000 ____D C:\Users\Kateřina\Desktop\Hudba
2018-11-26 15:46 - 2018-05-14 17:47 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\SDL
2018-11-26 15:46 - 2017-08-24 19:48 - 000061913 _____ C:\Users\Kateřina\Desktop\Motivační dopis - Cvernová.pdf.tnvvpfinss
2018-11-26 15:46 - 2017-08-01 17:53 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\GRETECH
2018-11-26 15:46 - 2017-08-01 17:45 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\SoftCDN
2018-11-26 15:46 - 2017-05-10 00:47 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Wondershare
2018-11-26 15:46 - 2017-04-05 14:46 - 000000000 ____D C:\Users\Kateřina\Desktop\epson30712eu
2018-11-26 15:46 - 2017-04-05 14:41 - 014123985 _____ C:\Users\Kateřina\Desktop\epson30712eu.zip.tnvvpfinss
2018-11-26 15:46 - 2017-04-05 14:37 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\EPSON
2018-11-26 15:46 - 2017-02-21 17:31 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Tomabo
2018-11-26 15:46 - 2017-01-27 18:42 - 000020020 _____ C:\Users\Kateřina\Desktop\config.bin.tnvvpfinss
2018-11-26 15:46 - 2017-01-06 16:10 - 000000000 ____D C:\Users\Kateřina\Desktop\Iphone 2016-2017
2018-11-26 15:46 - 2016-11-30 19:33 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Webshare
2018-11-26 15:46 - 2016-11-23 14:46 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Softland
2018-11-26 15:46 - 2016-11-21 15:49 - 000000000 ____D C:\Users\Kateřina\Desktop\EU-4208_Windows_driver_v1.1
2018-11-26 15:46 - 2016-11-05 19:02 - 000000000 ___RD C:\Users\Kateřina\Desktop\Média
2018-11-26 15:46 - 2016-10-30 16:03 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Apple Computer
2018-11-26 15:46 - 2016-10-29 17:33 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Lenovo
2018-11-26 15:46 - 2016-10-16 15:50 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Skype
2018-11-26 15:46 - 2016-10-14 20:56 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Macromedia
2018-11-26 15:46 - 2016-10-13 16:47 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\LSC
2018-11-26 15:45 - 2018-01-27 18:33 - 000000000 ___RD C:\Users\Kateřina\3D Objects
2018-11-26 15:45 - 2016-10-13 16:37 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Adobe
2018-11-26 15:45 - 2015-11-29 12:19 - 000000000 __SHD C:\UserGuidePDF
2018-11-26 15:45 - 2015-07-10 07:59 - 000000000 ____D C:\Users\Default.migrated
2018-11-26 15:44 - 2018-06-28 21:03 - 000000612 ___SH C:\bootTel.dat.tnvvpfinss
2018-11-26 15:44 - 2018-05-11 22:04 - 000000000 ___HD C:\$AV_ASW
2018-11-26 15:44 - 2018-04-11 21:36 - 000000000 ____D C:\PerfLogs
2018-11-26 15:44 - 2018-01-23 14:43 - 000000000 ___HD C:\$GetCurrent
2018-11-26 15:44 - 2016-11-30 19:33 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2018-11-26 15:44 - 2016-10-29 20:09 - 000000000 ____D C:\Log
2018-11-26 15:44 - 2015-11-29 13:03 - 000000000 ___HD C:\Intel
2018-11-26 13:50 - 2018-01-26 12:17 - 000000000 ____D C:\Users\Kateřina\AppData\Local\Packages
2018-11-25 13:22 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-25 13:19 - 2016-10-13 16:40 - 000000000 ___RD C:\Users\Kateřina\OneDrive
2018-11-23 12:29 - 2018-04-11 21:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-21 17:00 - 2018-04-11 21:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-11-21 16:59 - 2015-11-29 12:20 - 000000000 ____D C:\Program Files\Microsoft Office
2018-11-18 16:31 - 2016-11-05 19:08 - 000000000 ____D C:\Users\Kateřina\Documents\CV
2018-11-17 16:02 - 2018-08-01 12:15 - 000002407 _____ C:\Users\Kateřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-17 15:50 - 2017-09-29 19:27 - 000000000 ____D C:\Program Files\rempl
2018-11-17 00:00 - 2018-04-11 21:39 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-11-17 00:00 - 2018-04-11 21:39 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-11-15 23:58 - 2018-07-08 19:46 - 000000000 ____D C:\Users\Kateřina\Desktop\Články
2018-11-15 16:29 - 2015-07-16 16:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-15 16:28 - 2018-08-01 12:12 - 000397080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-14 23:49 - 2018-04-11 21:36 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-14 23:49 - 2018-04-11 21:36 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-14 23:49 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-14 23:49 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 23:49 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-14 15:38 - 2016-10-14 22:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-14 15:23 - 2016-10-14 22:19 - 134758520 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-13 13:11 - 2016-10-28 22:34 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-11 15:41 - 2018-08-09 17:12 - 000000000 ____D C:\WINDOWS\Minidump
2018-11-09 16:47 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-10-30 19:25 - 2018-08-01 13:10 - 000000000 ____D C:\Users\Kateřina\AppData\Local\PlaceholderTileLogoFolder

==================== Files in the root of some directories =======

2018-11-26 15:37 - 2018-11-26 15:36 - 001372160 _____ (Brinker International, Inc.) C:\ProgramData\ccleaner.exe
2018-11-26 15:44 - 2018-11-26 15:44 - 000008666 _____ () C:\Program Files\TNVVPFINSS-DECRYPT.txt
4950-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Program Files\Common Files\eejei.exe
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ () C:\Users\Kateřina\AppData\Roaming\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:46 - 2018-11-26 15:46 - 000008666 _____ () C:\Users\Kateřina\AppData\Roaming\Microsoft\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:38 - 2018-11-26 15:38 - 007813632 _____ () C:\Users\Kateřina\AppData\Local\agent.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 000070896 _____ () C:\Users\Kateřina\AppData\Local\Config.xml
4950-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe
2018-11-07 22:22 - 2018-11-13 13:10 - 006161408 _____ () C:\Users\Kateřina\AppData\Local\dump007.dat
2018-11-26 15:38 - 2018-11-26 15:37 - 001995264 _____ () C:\Users\Kateřina\AppData\Local\Hotwarm.exe
2018-11-26 15:38 - 2018-11-26 15:38 - 000278509 _____ () C:\Users\Kateřina\AppData\Local\Hotwarm.tst
2018-11-26 15:39 - 2018-11-26 15:39 - 001895383 _____ () C:\Users\Kateřina\AppData\Local\Inchdax.bin
2018-11-26 15:38 - 2018-11-26 15:38 - 000016416 _____ () C:\Users\Kateřina\AppData\Local\InstallationConfiguration.xml
2018-11-26 15:38 - 2018-11-26 15:38 - 000140800 _____ () C:\Users\Kateřina\AppData\Local\installer.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 000018432 _____ () C:\Users\Kateřina\AppData\Local\Main.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 000005568 _____ () C:\Users\Kateřina\AppData\Local\md.xml
2018-11-26 15:38 - 2018-11-26 15:38 - 000126464 _____ () C:\Users\Kateřina\AppData\Local\noah.dat
2018-11-26 15:38 - 2018-11-26 15:37 - 001995264 _____ () C:\Users\Kateřina\AppData\Local\QvoTech.exe
2018-11-26 15:38 - 2018-11-26 15:38 - 002024239 _____ () C:\Users\Kateřina\AppData\Local\QvoTech.tst
2018-11-26 15:38 - 2018-11-26 15:48 - 000722944 _____ () C:\Users\Kateřina\AppData\Local\sham.db
2018-11-26 15:39 - 2018-11-26 15:39 - 000032038 _____ () C:\Users\Kateřina\AppData\Local\uninstall_temp.ico
2018-10-09 16:24 - 2018-10-09 16:24 - 000000003 _____ () C:\Users\Kateřina\AppData\Local\wbem.ini

Files to move or delete:
====================
C:\ProgramData\ccleaner.exe


Some files in TEMP:
====================
2018-11-26 15:40 - 2018-11-26 15:40 - 000375522 _____ ( ) C:\Users\Kateřina\AppData\Local\Temp\2nr4tgxk4ga.exe
2018-11-26 15:42 - 2018-11-26 15:42 - 002575890 _____ () C:\Users\Kateřina\AppData\Local\Temp\526651886.exe
2018-11-26 15:42 - 2018-11-26 15:42 - 000003072 _____ () C:\Users\Kateřina\AppData\Local\Temp\798460922.exe
2018-11-26 15:43 - 2018-11-26 15:43 - 000101888 _____ () C:\Users\Kateřina\AppData\Local\Temp\Heart.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-01 12:12

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.11.2018
Ran by Kateřina (26-11-2018 18:00:08)
Running from C:\Users\Kateřina\Desktop
Microsoft Windows 10 Home Version 1803 17134.407 (X86) (2018-08-01 11:55:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3793012919-2705438960-3369879477-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3793012919-2705438960-3369879477-503 - Limited - Disabled)
Guest (S-1-5-21-3793012919-2705438960-3369879477-501 - Limited - Disabled)
Kateřina (S-1-5-21-3793012919-2705438960-3369879477-1004 - Administrator - Enabled) => C:\Users\Kateřina
kcver (S-1-5-21-3793012919-2705438960-3369879477-1002 - Administrator - Enabled) => C:\Users\kcver
WDAGUtilityAccount (S-1-5-21-3793012919-2705438960-3369879477-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 12 (HKLM\...\AU11_is1) (Version: 12.24.0.100 - Innovative Solutions)
Apple Mobile Device Support (HKLM\...\{90B7F915-6343-43CE-9DA7-E79E5BAC6673}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
AX88772C_772B_772A_772 Windows 8.x Drivers (HKLM\...\{18B9948C-938D-4AED-9ED7-EADE3BD1876A}) (Version: 3.0.1.0 - ASIX Electronics Corporation) Hidden
AX88772C_772B_772A_772 Windows 8.x Drivers (HKLM\...\InstallShield_{18B9948C-938D-4AED-9ED7-EADE3BD1876A}) (Version: 3.0.1.0 - ASIX Electronics Corporation)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
DriverToolkit version 8.5.0.0 (HKLM\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.5.0.0 - Megaify Software)
Epson Easy Photo Print 2 (HKLM\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Free YouTube Downloader 4.2.754 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
GOM Player (HKLM\...\GOM Player) (Version: 2.3.17.5274 - GOM & Company)
iTunes (HKLM\...\{2F95FFC4-8624-43AB-8256-AA223555C9B7}) (Version: 12.6.0.100 - Apple Inc.)
Lenovo Keyboard Driver (HKLM\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: 1.0.15.0812 - 3NOD)
Lenovo EasyCamera (HKLM\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo Solution Center (HKLM\...\{74C3EF3E-2A0D-470A-9EDC-884D5F85644F}) (Version: 3.0.003.00 - Lenovo)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.11029.20070 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\OneDriveSetup.exe) (Version: 18.222.1104.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 CSY (HKLM\...\{E8BEDB28-151D-465C-9BE0-F6EB930A629C}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\OLBPre) (Version: - MyPC Backup) <==== ATTENTION
Network Stumbler 0.4.0 (remove only) (HKLM\...\Network Stumbler) (Version: - )
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11029.20070 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.11029.20070 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11029.20070 - Microsoft Corporation) Hidden
Online Application (HKLM\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
Podpora aplikací Apple (32bitová) (HKLM\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
PowerISO (HKLM\...\PowerISO) (Version: 6.6 - Power Software Ltd)
REALTEK Bluetooth (HKLM\...\{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.102.50724 - REALTEK Semiconductor Corp.) Hidden
REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.102.50724 - Realtek Semiconductor Corp.)
UpdateAssistant (HKLM\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
User Manuals (HKLM\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden
User Manuals (HKLM\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
Webshare uploader (HKLM\...\WebshareDLC) (Version: - Webshare)
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)
YoutubeAdBlock (HKLM\...\1655C0CA-7AE7-4012-8502-970C8675E5F8) (Version: 2.0.0.699 - Company Inc.) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3793012919-2705438960-3369879477-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Ltd)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-28] (Intel Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15CEBD7E-E29B-4B12-9287-CE1CAEE0209A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-15] (Microsoft Corporation)
Task: {167E3FB4-131E-4233-B715-971F16AB53F6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {24C6AD8D-F43B-4846-B9D2-7DD8483291DF} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {2BEBB3A4-DC76-4A6A-8D7E-016BF51425A5} - System32\Tasks\lRXXZzUHcFPoIKk2 => rundll32 "C:\Program Files\DjpYILTWU\gAOXuu.dll",#1
Task: {302231E7-C058-4190-A0E8-6117E2BAF219} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-17] (Lenovo)
Task: {34484194-5A81-453B-BC67-1E18F65F2376} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {388CA37D-A6F7-42A0-BEEE-3ACD31C2D131} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-11-21] (Microsoft Corporation)
Task: {419D4C1B-61B0-48D8-B59D-FE781B5A8772} - System32\Tasks\DriverToolkit Autorun => C:\Program Files\DriverToolkit\DriverToolkit.exe [2015-07-01] (Megaify Software Co., Ltd.)
Task: {42A961D9-CEFA-4D98-987A-7339498B7611} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-07-17] (Lenovo)
Task: {432D5F75-ADA6-4E11-A331-0162834F02EF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-21] (Microsoft Corporation)
Task: {446DB129-8C88-404C-A5D8-D80235E8C7EE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-10-28] (AVAST Software)
Task: {49B5D7D1-977D-4AA6-8F41-A31922BD138F} - System32\Tasks\LaunchPreSignup => C:\Program Files\OLBPre\OLBPre.exe <==== ATTENTION
Task: {4AE342FE-6AB2-49C1-9ED2-DE6A1C419EA1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-21] (Microsoft Corporation)
Task: {4E31906B-24D5-45F2-BB98-4C77B49670EA} - System32\Tasks\psv_Quotetough => cmd.exe /c regedit.exe /s "C:\ProgramData\Quoteex\Labfresh.reg" & del "C:\ProgramData\Quoteex\Labfresh.reg" & SCHTASKS /Delete /TN "psv_Quotetough" /F <==== ATTENTION
Task: {5A72D693-A3D8-45D7-B3AF-11C822A649F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {5B112B29-99A9-4A59-988B-A1E24AD55773} - System32\Tasks\Online Application V2G3 => C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {5EDCF634-ADA8-4E81-8E9D-E32F52200C45} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {65AFF8AA-FAE6-4DE2-98F8-153C49CF3378} - System32\Tasks\Online Application V2G5 => C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {6DCD6F2A-5C33-4871-B76D-E0CF6A2E2F72} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-07-17] ()
Task: {6EBA0591-32FB-477F-887F-FBE198455D34} - System32\Tasks\ClwhhsndxrpfQ2 => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\pUIfuUUTjzrUMTVB\CkDZCCG.wsf"
Task: {75E6C9CC-0BDB-4CC3-B39A-2FC7DAEE331C} - System32\Tasks\OperaUpdateService => "C:\Program Files\Google\Chrome\Application\chrome.exe" hxxp://marihokew.com/cl/?guid=eeu8qfis0pu76vo55vf5enhiq0yj01eu&prid=1&pid=11_1415_0
Task: {90545C51-9C1E-4351-8560-6F6415C0C2C4} - System32\Tasks\psv_Hotzimit => cmd.exe /c regedit.exe /s "C:\ProgramData\Quoteex\Softtameco.reg" & del "C:\ProgramData\Quoteex\Softtameco.reg" & SCHTASKS /Delete /TN "psv_Hotzimit" /F <==== ATTENTION
Task: {90AA0BCA-EE84-4A3B-BF39-7BAA0100F20B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)
Task: {94FD7541-6D12-462D-B639-48AA2814BF09} - System32\Tasks\{629099A6-F5F9-CA3F-A06D-F695AE4C294A} => C:\Program Files\Common Files\eejei.exe [4950-06-07] (Microsoft Corporation)
Task: {98CA451A-97E7-46B9-AF5D-EDB0598847E8} - System32\Tasks\psv_Blackcore => cmd.exe /c regedit.exe /s "C:\ProgramData\Quoteex\Triodex.reg" & del "C:\ProgramData\Quoteex\Triodex.reg" & SCHTASKS /Delete /TN "psv_Blackcore" /F <==== ATTENTION
Task: {A24A9E96-DF54-4D27-9CCA-2F0BC9E4F29D} - System32\Tasks\hZpUbaVMqkKgBHw => rundll32 "C:\Users\Kateřina\AppData\Local\Temp\wBNYXMUsbXdGxCtef\BhJxTCXQZSRFjvlY\mzZmXAI.dll",#1 /adp IWXV0GYXV0QWXV2BYXV5CWXV3BWXV4CYXV0TXXV1RWXV1LWXV1RXXV8HWXV1IXXV3OXXV3XWXV4 /site_id 756 <==== ATTENTION
Task: {A750A6DC-CA4B-4601-92D3-F16E403BBFF6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-21] (Microsoft Corporation)
Task: {A8297841-005B-4F01-88EE-9C0D3B4607D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-11-21] (Microsoft Corporation)
Task: {AB06E272-F562-4BB8-B21A-294C245DA51F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {AB224C74-AD57-49BB-8DE5-36F634B12460} - System32\Tasks\UninstallMonitor => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [2018-10-16] (Innovative Solutions GRUP SRL)
Task: {AF0DF147-7DFB-4DB2-AEAB-C134D1741B37} - System32\Tasks\Online Application V2G6 => C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {B2198A60-F972-4207-AD76-690EDFC0180E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-07-17] ()
Task: {B5402B2C-A8AC-4597-8EB5-885EB6466B54} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-15] (Microsoft Corporation)
Task: {BDD9E7E6-85E9-4677-88AF-7C39E6B5B17E} - System32\Tasks\ZSFGHAUrEQvZYk => rundll32 "C:\Program Files\FVgedVjzKgFU2\EgWAOOTXtuhuo.dll",#1
Task: {C213EF7B-5958-4F69-B15B-D4F929D4FE7C} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {C2BC506F-6DB7-45F3-B626-513FA4CBC091} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-07-17] (Lenovo)
Task: {C2DA9683-3FB9-4DD6-B424-47217DF7E309} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-21] (Microsoft Corporation)
Task: {C3AF3A08-2366-4B06-8B6D-33A3F47C7F18} - System32\Tasks\Online Application V2G2 => C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {C5FD1B36-0EDF-48F2-89FE-3628E99F624D} - System32\Tasks\psv_Zotzap => cmd.exe /c regedit.exe /s "C:\ProgramData\Quoteex\Homekeytouch.reg" & del "C:\ProgramData\Quoteex\Homekeytouch.reg" & SCHTASKS /Delete /TN "psv_Zotzap" /F <==== ATTENTION
Task: {CB5461D8-35B3-44DC-BD82-68D7EFCE8E99} - System32\Tasks\AupAvUpdate => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe
Task: {D2132D99-61D7-4D45-AABC-3F31A779C69D} - System32\Tasks\Online Application V2G4 => C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {D5998BF7-0837-4FE3-9686-208085986746} - System32\Tasks\cGuRYWMDXAzszcxQS2 => rundll32 "C:\Program Files\VtuYtIvrjzmOrIBvrWR\VxYBjFb.dll",#1
Task: {DECA9C65-CDF4-42F9-ADEF-F06D80F3F041} - System32\Tasks\psv_Latfax => cmd.exe /c regedit.exe /s "C:\ProgramData\Quoteex\Trancof.reg" & del "C:\ProgramData\Quoteex\Trancof.reg" & SCHTASKS /Delete /TN "psv_Latfax" /F <==== ATTENTION
Task: {E1F6E12B-2B6F-4D20-ABFF-033CAE55C88F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {E40EE485-46D2-4BCF-934F-E65DD5314D06} - System32\Tasks\{0EC5EDD6-A8D9-5413-842C-17446B77AED8} => C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe [4950-06-07] (Microsoft Corporation) <==== ATTENTION
Task: {E5DA2C13-F525-4D06-8BC3-CC0441899B58} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)
Task: {E80ED523-54C7-4C27-8893-0006833E0A6C} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback
Task: {EBD81CA9-00FD-44AE-8982-6487A2E67A23} - System32\Tasks\Updater_Online_Application => C:\Program Files\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== ATTENTION
Task: {F5DA4F07-E9BD-430D-AB5D-2AAC16BA635C} - System32\Tasks\TGZZvvZkTeMODbIDdGH2 => rundll32 "C:\Program Files\vevsoISKgkcDC\BRThRFz.dll",#1
Task: {F5DE1001-2AF3-46F2-8BFB-3ABB5CE497AD} - System32\Tasks\Online Application V2G1 => C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION
Task: {F6EF23E3-075E-469E-9D38-0A43DCC6618B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files\DriverToolkit\DriverToolkit.exe
Task: C:\WINDOWS\Tasks\hZpUbaVMqkKgBHw.job => C:\Users\Kateřina\AppData\Local\Temp\wBNYXMUsbXdGxCtef\BhJxTCXQZSRFjvlY\mzZmXAI.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-11 21:29 - 2018-04-11 21:29 - 000364200 _____ () C:\Windows\System32\InputHost.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 000080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 15:09 - 2017-03-16 15:09 - 001041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-29 13:07 - 2015-07-16 22:40 - 000147160 _____ () C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
2018-11-26 15:40 - 2018-11-26 15:40 - 001515520 _____ () C:\Users\Kateřina\AppData\Roaming\CRMSvc\CRMSvc.exe
2017-05-10 04:21 - 2014-02-17 18:13 - 000092984 _____ () C:\Program Files\DriverToolkit\zlibwapi.dll
2018-10-16 18:38 - 2017-05-02 13:13 - 000565827 _____ () C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\sqlite3.dll
2018-10-16 18:38 - 2018-10-16 13:56 - 000010840 _____ () C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\memmgrset.dll
2018-04-11 21:29 - 2018-04-11 21:29 - 000308224 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 21:29 - 2018-04-11 21:29 - 001670656 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-14 15:11 - 2018-11-01 05:28 - 001609216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-10 12:18 - 2018-07-10 12:30 - 001428144 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x86__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-10-04 16:25 - 2018-10-04 16:25 - 000008192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-11-13 13:14 - 2018-11-13 13:14 - 000053248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\ChakraBridge.dll
2018-11-13 13:14 - 2018-11-13 13:15 - 000013312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-11-13 13:14 - 2018-11-13 13:14 - 006827520 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\LibWrapper.dll
2018-11-13 13:14 - 2018-11-13 13:15 - 001930240 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\skypert.dll
2018-11-13 13:14 - 2018-11-13 13:15 - 000159744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2015-11-29 13:05 - 2015-06-09 03:20 - 000045056 _____ () C:\Windows\3NOD\hidhook.dll
2017-03-27 11:21 - 2017-03-27 11:21 - 000080184 _____ () C:\Program Files\iTunes\zlib1.dll
2017-03-27 11:21 - 2017-03-27 11:21 - 001041720 _____ () C:\Program Files\iTunes\libxml2.dll
2018-04-12 21:15 - 2018-09-10 14:32 - 000085320 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Kateřina\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 09:28 - 2015-07-10 09:26 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 10.0.1.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{686A5B0F-72AE-4887-BA1C-7C5538C8EE2E}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{CE4E4021-A8EF-4D73-8D6D-0EDEF241C821}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{9797F135-393E-49F2-8549-E8A23C9BCB19}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{4506DF19-34C4-467F-A305-81241F34E03A}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{B2FB42EF-2792-41CE-BD13-CDAA2FC378AD}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{DC6EC7A9-76AA-4DE7-B37A-99D8BEADE131}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{CFEE2A02-79F0-460A-8D4A-B066C0CBFA58}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{C764E5CB-BE9B-4773-B4EC-0E7F1FA35F36}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{C5E3EA69-45DA-4F21-A67C-8456ED7BB907}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/26/2018 06:00:50 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-LMBQQVTN)
Description: httphttp-2147467263

Error: (11/26/2018 05:59:40 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-LMBQQVTN)
Description: httphttp-2147467263

Error: (11/26/2018 05:56:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ccleaner.exe, verze: 3.13.2.2, časové razítko: 0x5b9ba68f
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x004016c0
ID chybujícího procesu: 0x22c0
Čas spuštění chybující aplikace: 0x01d485a8f69d780c
Cesta k chybující aplikaci: C:\ProgramData\ccleaner.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 7fa412d5-0c3d-448f-89df-011676c4eadb
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/26/2018 05:55:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/26/2018 05:55:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/26/2018 05:54:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/26/2018 05:54:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/26/2018 05:48:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SecHealthUI.exe, verze: 10.0.17134.407, časové razítko: 0x5bda8183
Název chybujícího modulu: SecHealthUIDataModel.dll, verze: 0.0.0.0, časové razítko: 0x5bda8101
Kód výjimky: 0xc0000005
Posun chyby: 0x000c280b
ID chybujícího procesu: 0x2d7c
Čas spuštění chybující aplikace: 0x01d485a7b3a14784
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Cesta k chybujícímu modulu: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
ID zprávy: 08e29a75-16ee-483a-a63f-61016c275bb1
Úplný název chybujícího balíčku: Microsoft.Windows.SecHealthUI_10.0.17134.1_neutral__cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: SecHealthUI


System errors:
=============
Error: (11/26/2018 05:56:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Launch pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Unavailable
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/26/2018 05:56:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Launch pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Unavailable
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/26/2018 05:54:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/26/2018 05:54:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/26/2018 05:53:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN se nepodařilo spustit.

Cesta k modulu: C:\WINDOWS\system32\Rtlihvs.dll
Kód chyby: 126

Error: (11/26/2018 05:53:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (17:35:53, ‎26. ‎11. ‎2018) bylo neočekávané.

Error: (11/26/2018 05:49:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/26/2018 05:15:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2018-11-26 18:00:01.433
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\AppData\Local\Temp\526651886.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Users\Kateřina\Desktop\FRST.exe
Verze podpisu: AV: 1.281.866.0, AS: 1.281.866.0, NIS: 1.281.866.0
Verze modulu: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-26 17:59:41.342
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ludicrouz.O
ID: 2147723196
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\AppData\Local\Hotwarm.exe; file:_C:\Users\Kateřina\AppData\Local\QvoTech.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Users\Kateřina\Desktop\FRST.exe
Verze podpisu: AV: 1.281.866.0, AS: 1.281.866.0, NIS: 1.281.866.0
Verze modulu: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-26 17:59:34.697
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Azden.B!cl
ID: 2147723291
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\AppData\Local\Hotwarm.tst
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Users\Kateřina\Desktop\FRST.exe
Verze podpisu: AV: 1.281.866.0, AS: 1.281.866.0, NIS: 1.281.866.0
Verze modulu: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-26 17:59:33.681
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ludicrouz.O
ID: 2147723196
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\AppData\Local\Hotwarm.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Users\Kateřina\Desktop\FRST.exe
Verze podpisu: AV: 1.281.866.0, AS: 1.281.866.0, NIS: 1.281.866.0
Verze modulu: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-26 17:58:50.107
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/CryptInject
ID: 2147725859
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\AppData\Local\Temp\is-J1FVH.tmp\dwddfu.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.281.866.0, AS: 1.281.866.0, NIS: 1.281.866.0
Verze modulu: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-06 13:11:53.843
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.279.1294.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15400.4
Kód chyby: 0x80240438
Popis chyby :Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

CodeIntegrity:
===================================

Date: 2018-11-26 15:44:58.887
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotCopyPaste\hcph.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-26 15:44:48.304
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotCopyPaste\hcph.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-26 15:44:43.887
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotCopyPaste\hcph.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-26 15:43:13.704
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotCopyPaste\hcph.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-26 15:43:13.642
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotCopyPaste\hcph.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-26 15:43:13.537
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotCopyPaste\hcph.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-26 15:43:13.046
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotCopyPaste\hcph.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-26 15:43:12.914
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotCopyPaste\hcph.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz
Percentage of memory in use: 83%
Total physical RAM: 1977.13 MB
Available physical RAM: 317.28 MB
Total Virtual: 4921.13 MB
Available Virtual: 2410.25 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:56.99 GB) (Free:14.14 GB) NTFS

\\?\Volume{9c76ee76-6bb3-4f5a-993b-b448b6702264}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.67 GB) NTFS
\\?\Volume{e1359a58-b0db-4cbb-9fd5-0160589ee3ed}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 58.2 GB) (Disk ID: 049CE56E)

Partition: GPT.

==================== End of Addition.txt ============================

Re: Zničené soubory - vir?

Napsal: 26 lis 2018 18:08
od Rudy
Budou po vás pravděpodobně požadovat instalaci TeamWieweru (poskytnou) a pak to bude v režii jejich technika. Teď spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Zničené soubory - vir?

Napsal: 26 lis 2018 18:49
od LadyKate
Posílám další požadovaný log:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-19.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-26-2018
# Duration: 00:00:07
# OS: Windows 10 Home
# Cleaned: 152
# Failed: 4


***** [ Services ] *****

Deleted CRMSvc

***** [ Folders ] *****

Deleted C:\Windows\System32\config\systemprofile\AppData\Roaming\CRMSvc
Deleted C:\Users\Kateřina\AppData\Roaming\CRMSvc
Deleted C:\ProgramData\Quoteexs
Deleted C:\ProgramData\Logic Cramble
Deleted C:\Program Files\Microleaves
Deleted C:\Users\Kateřina\AppData\Roaming\Microleaves
Deleted C:\ProgramData\ACFF3714-65E5-0
Deleted C:\ProgramData\ACFF3714-4DB5-1
Deleted C:\ProgramData\68CFF4DA-5D31-1
Deleted C:\ProgramData\68CFF4DA-3037-0
Deleted C:\Program Files\OLBPre
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
Deleted C:\Program Files\DriverToolkit
Deleted C:\Users\Kateřina\AppData\Local\DriverToolkit
Deleted C:\ProgramData\Quoteex
Deleted C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Windows\Temp\Smartbar

***** [ Files ] *****

Deleted C:\Users\Kateřina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
Deleted C:\Users\Public\Desktop\Free YouTube Downloader.lnk
Deleted C:\Users\Kateřina\Desktop\DriverToolkitInstaller.exe
Deleted C:\Users\Public\Desktop\DriverToolkit.lnk
Deleted C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml
Deleted C:\Users\Kateřina\appdata\local\installationconfiguration.xml
Deleted C:\Users\Kateřina\AppData\Local\Main.dat
Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Windows\System32\findit.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\Tasks\Online Application V2G5.job
Deleted C:\Windows\System32\Tasks\Online Application V2G5
Deleted C:\Windows\Tasks\Online Application V2G4.job
Deleted C:\Windows\System32\Tasks\Online Application V2G4
Deleted C:\Windows\Tasks\Online Application V2G6.job
Deleted C:\Windows\System32\Tasks\Online Application V2G6
Deleted C:\Windows\System32\Tasks\PSV_ZOTZAP
Deleted C:\Windows\System32\Tasks\PSV_QUOTETOUGH
Deleted C:\Windows\System32\Tasks\PSV_LATFAX
Deleted C:\Windows\System32\Tasks\PSV_HOTZIMIT
Deleted C:\Windows\System32\Tasks\PSV_BLACKCORE
Deleted C:\Windows\Tasks\DRIVERTOOLKIT AUTORUN.job
Deleted C:\Windows\System32\Tasks\DRIVERTOOLKIT AUTORUN
Deleted C:\Windows\System32\Tasks_Migrated\DRIVERTOOLKIT AUTORUN
Deleted C:\Windows\Tasks\Online Application V2G2.job
Deleted C:\Windows\System32\Tasks\Online Application V2G2
Deleted C:\Windows\Tasks\Online Application V2G3.job
Deleted C:\Windows\System32\Tasks\Online Application V2G3
Deleted C:\Windows\Tasks\Online Application V2G1.job
Deleted C:\Windows\System32\Tasks\Online Application V2G1
Deleted C:\Windows\Tasks\Updater_Online_Application.job
Deleted C:\Windows\System32\Tasks\Updater_Online_Application
Deleted C:\Windows\System32\Tasks\LaunchPreSignup

***** [ Registry ] *****

Deleted HKLM\Software\CRMSvc
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\CRMSvc
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew
Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar
Deleted HKLM\Software\mtQuoteex
Deleted HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs - "C:\ProgramData\Quoteex\BioDubhold.dll"
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1655C0CA-7AE7-4012-8502-970C8675E5F8
Deleted HKLM\Software\Microleaves
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65AFF8AA-FAE6-4DE2-98F8-153C49CF3378}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65AFF8AA-FAE6-4DE2-98F8-153C49CF3378}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2132D99-61D7-4D45-AABC-3F31A779C69D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2132D99-61D7-4D45-AABC-3F31A779C69D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF0DF147-7DFB-4DB2-AEAB-C134D1741B37}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF0DF147-7DFB-4DB2-AEAB-C134D1741B37}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5FD1B36-0EDF-48F2-89FE-3628E99F624D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5FD1B36-0EDF-48F2-89FE-3628E99F624D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Zotzap
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E31906B-24D5-45F2-BB98-4C77B49670EA}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E31906B-24D5-45F2-BB98-4C77B49670EA}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Quotetough
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DECA9C65-CDF4-42F9-ADEF-F06D80F3F041}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DECA9C65-CDF4-42F9-ADEF-F06D80F3F041}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Latfax
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90545C51-9C1E-4351-8560-6F6415C0C2C4}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90545C51-9C1E-4351-8560-6F6415C0C2C4}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Hotzimit
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98CA451A-97E7-46B9-AF5D-EDB0598847E8}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98CA451A-97E7-46B9-AF5D-EDB0598847E8}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Blackcore
Deleted HKCU\Software\FastDataX
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
Deleted HKCU\Software\DriverToolkit
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{419D4C1B-61B0-48D8-B59D-FE781B5A8772}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVERTOOLKIT AUTORUN
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3AF3A08-2366-4B06-8B6D-33A3F47C7F18}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3AF3A08-2366-4B06-8B6D-33A3F47C7F18}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B112B29-99A9-4A59-988B-A1E24AD55773}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B112B29-99A9-4A59-988B-A1E24AD55773}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5DE1001-2AF3-46F2-8BFB-3ABB5CE497AD}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5DE1001-2AF3-46F2-8BFB-3ABB5CE497AD}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\zpovednice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.srovnanicen.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.slunecnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.levneucebnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ceskaklavesnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\srovnanicen.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slunecnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\levneucebnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ceskaklavesnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\alternativnicentrum.webnode.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\zpovednice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.srovnanicen.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.slunecnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.levneucebnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ceskaklavesnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\srovnanicen.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slunecnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\levneucebnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ceskaklavesnice.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\alternativnicentrum.webnode.cz
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\ielnksrch
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBD81CA9-00FD-44AE-8982-6487A2E67A23}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBD81CA9-00FD-44AE-8982-6487A2E67A23}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49B5D7D1-977D-4AA6-8F41-A31922BD138F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49B5D7D1-977D-4AA6-8F41-A31922BD138F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup
Deleted HKCU\Software\One System Care
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\usb-repair.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\usb-flash-drive-data-recovery.en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\netstumbler.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\easy-disk-drive-repair.en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\usb-repair.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\usb-flash-drive-data-recovery.en.softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\netstumbler.en.softonic.com
Not Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\easy-disk-drive-repair.en.softonic.com
Deleted HKLM\Software\Classes\CLSID\{198A2D6D-5D0E-4C79-9416-AA889D7CA7A6}
Deleted HKLM\Software\Classes\MailSearch.Helpers.AutoComplete
Deleted HKLM\Software\Classes\MailSearch.MailSearchBandObject
Deleted HKLM\Software\Classes\MailSearch.Installer
Deleted HKLM\Software\Classes\MailSearch.Attributes.BandObjectAttribute

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [21824 octets] - [26/11/2018 18:46:14]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Zničené soubory - vir?

Napsal: 26 lis 2018 19:18
od Rudy
Teď dejte nové logy FRST+Addition.

Re: Zničené soubory - vir?

Napsal: 26 lis 2018 19:31
od LadyKate
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.11.2018
Ran by Kateřina (administrator) on LAPTOP-LMBQQVTN (26-11-2018 19:25:48)
Running from C:\Users\Kateřina\Desktop
Loaded Profiles: Kateřina (Available Profiles: kcver & Kateřina)
Platform: Microsoft Windows 10 Home Version 1803 17134.407 (X86) Language: Slovenština (Slovensko)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.4.2.223\WsAppService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Innovative Solutions GRUP SRL) C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x86__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(3NOD) C:\Windows\3NOD\Lenovokb.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x86__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [486816 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [3nodkey] => C:\Windows\3NOD\LenovoKB.exe [6416384 2015-08-12] (3NOD)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267064 2017-03-22] (Apple Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [103528 2015-07-29] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [406664 2016-05-25] (Power Software Ltd)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\Run: [Easy Disk Drive Repair] => C:\Program Files\Zeatron Software\Easy Disk Drive Repair\EasyDiskDriveRepair.exe [483328 2015-01-17] (Zeatron Software)
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd)
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\Run: [ccleaner] => C:\ProgramData\ccleaner.exe [1372160 2018-11-26] (Brinker International, Inc.) <==== ATTENTION
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\Run: [SDfgsdf] => C:\ProgramData\ccleaner.exe [1372160 2018-11-26] (Brinker International, Inc.) <==== ATTENTION
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe [299008 2018-04-12] (Microsoft Corporation)
Startup: C:\Users\Kateřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to Primary output from Start (Active).lnk [2018-10-09]
ShortcutTarget: Shortcut to Primary output from Start (Active).lnk -> C:\Users\Kateřina\AppData\Roaming\Microsoft\Installer\{B3FF2578-EA9C-4E00-8FA2-3BD365765C6A}\_39FFF477723EF5F16A899A.exe ()
GroupPolicy: Restriction - Windows Defender <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{0536420d-6f45-4c03-9f00-769e7f69022c}: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{49ca41ff-aac6-4d4b-96eb-37e9914a09f3}: [DhcpNameServer] 169.254.73.172

Internet Explorer:
==================
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3WaKa_SS8RH5DHpGaVDpv3QYcFJZqOknK-Sph1KharVPuUn1IrQ-ipp0wwWI5d07mc7fJwW1CoH9Kzh7mF8UNzgg_KOA55192KuoUDSzjU8gZpQ2miJHbKs7rkiCNdBYYJtJ1R7loIoM5ooUHYC1qpvwZJXXn&q={searchTerms}
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws3WaKa_SS8RH5DHpGaVDpv3QYcFJZqOknK-Sph1KharVPuUn1IrQ-ipp0wwWI5d07qteMWHrPQ1GTKb79xkZOYw4EEDWQpViDiD4Mx2eU1xg0xhGSWoPWDWuhm3YUA5B_CO7REkdmIbHXI_IJGbs7GLMbax22t
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3793012919-2705438960-3369879477-1004 -> {BE5610C5-6AAF-49B2-90C4-CE53570C960C} URL =
BHO: YoutubeAdBlock -> {D1660F2C-BBC4-4D94-A6BA-EB25BC207DA5} -> C:\Program Files\loreCZYyGIE\k80xklHJ.dll [2018-11-26] ()
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-15] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-15] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-15] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-10-09] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-10-06] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [147160 2015-07-16] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [6082440 2018-11-16] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [299488 2016-11-28] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [108648 2015-07-29] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [105576 2015-07-29] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [115816 2015-07-29] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [292832 2016-11-28] (Intel Corporation)
S3 InnovativeSolutions_monitor; C:\Program Files\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1065560 2018-10-16] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-07-17] (Lenovo)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [353792 2018-03-19] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3358832 2018-10-23] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [91584 2018-10-23] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [66560 2018-04-11] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [23040 2018-04-11] (Microsoft Corporation)
R3 camera; C:\WINDOWS\system32\DRIVERS\iacamera32.sys [697360 2015-07-09] (Intel(R) Corporation)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [88584 2015-06-23] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\System32\drivers\DptfDevPower.sys [55816 2015-06-23] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [59392 2015-06-23] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [85000 2015-06-23] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [203264 2015-06-23] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [467968 2015-06-23] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [34176 2015-06-10] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [27496 2015-06-10] (Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [57360 2015-06-18] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [98560 2015-06-10] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44016 2015-12-01] (Intel Corporation)
R3 IntelBatteryManagement; C:\WINDOWS\System32\drivers\IntelBatteryManagement.sys [47104 2015-07-01] ()
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [277264 2015-11-11] (Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35320 2015-12-01] (Intel Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [33792 2015-06-16] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [77424 2015-06-16] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [208624 2015-06-12] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [557312 2015-07-20] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\System32\drivers\rtwlans.sys [6555136 2018-04-11] (Realtek Semiconductor Corporation )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [1943808 2016-10-13] (Realtek Semiconductor Corp.)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [123968 2016-05-25] (Power Software Ltd)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [84520 2015-05-27] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [38504 2018-10-23] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [261816 2018-10-23] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [47800 2018-10-23] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [189952 2018-04-11] (Microsoft Corporation)
S1 dlpcsufm; \??\C:\WINDOWS\system32\drivers\dlpcsufm.sys [X]
S1 fkkvzcqd; \??\C:\WINDOWS\system32\drivers\fkkvzcqd.sys [X]
S1 jvlczubs; \??\C:\WINDOWS\system32\drivers\jvlczubs.sys [X]
S1 mlcftapk; \??\C:\WINDOWS\system32\drivers\mlcftapk.sys [X]
S1 ndwfdkhy; \??\C:\WINDOWS\system32\drivers\ndwfdkhy.sys [X]
S1 nmlldtwi; \??\C:\WINDOWS\system32\drivers\nmlldtwi.sys [X]
S1 ptbuioqu; \??\C:\WINDOWS\system32\drivers\ptbuioqu.sys [X]
S1 pyzkxtth; \??\C:\WINDOWS\system32\drivers\pyzkxtth.sys [X]
S1 tjgbhtnu; \??\C:\WINDOWS\system32\drivers\tjgbhtnu.sys [X]
S1 tlbjvsvv; \??\C:\WINDOWS\system32\drivers\tlbjvsvv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-06-07 14:05 - 4950-06-07 14:05 - 000178688 ____N (Microsoft Corporation) C:\WINDOWS\yLAe.exe
2099-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe
2099-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Program Files\Common Files\eejei.exe
2018-11-26 18:44 - 2018-11-26 18:46 - 000000000 ____D C:\AdwCleaner
2018-11-26 18:44 - 2018-11-26 18:44 - 007592144 _____ (Malwarebytes) C:\Users\Kateřina\Desktop\adwcleaner_7.2.4.0.exe
2018-11-26 18:00 - 2018-11-26 18:01 - 000041377 _____ C:\Users\Kateřina\Desktop\Addition.txt
2018-11-26 17:57 - 2018-11-26 19:26 - 000015522 _____ C:\Users\Kateřina\Desktop\FRST.txt
2018-11-26 17:56 - 2018-11-26 19:25 - 000000000 ____D C:\FRST
2018-11-26 17:55 - 2018-11-26 17:55 - 001775616 _____ (Farbar) C:\Users\Kateřina\Desktop\FRST.exe
2018-11-26 17:54 - 2018-11-26 17:54 - 000000270 __RSH C:\Users\Kateřina\ntuser.pol
2018-11-26 16:57 - 2018-11-26 16:58 - 000000000 ____D C:\rsit
2018-11-26 16:57 - 2018-11-26 16:58 - 000000000 ____D C:\Program Files\trend micro
2018-11-26 16:57 - 2018-11-26 16:57 - 001107968 _____ C:\Users\Kateřina\Desktop\RSIT.exe
2018-11-26 16:49 - 2018-11-26 16:49 - 000000000 ____D C:\ProgramData\pUIfuUUTjzrUMTVB
2018-11-26 16:49 - 2018-11-26 16:49 - 000000000 ____D C:\Program Files\VtuYtIvrjzmOrIBvrWR
2018-11-26 16:49 - 2018-11-26 16:49 - 000000000 ____D C:\Program Files\vevsoISKgkcDC
2018-11-26 16:49 - 2018-11-26 16:49 - 000000000 ____D C:\Program Files\loreCZYyGIE
2018-11-26 16:49 - 2018-11-26 16:49 - 000000000 ____D C:\Program Files\FVgedVjzKgFU2
2018-11-26 16:49 - 2018-11-26 16:49 - 000000000 ____D C:\Program Files\DjpYILTWU
2018-11-26 16:49 - 2018-11-26 16:49 - 000000000 ____D C:\Program Files\bbIORqNasDUn
2018-11-26 16:48 - 2018-11-26 16:48 - 000000290 __RSH C:\ProgramData\ntuser.pol
2018-11-26 16:46 - 2018-11-26 17:04 - 000000000 ____D C:\Program Files\QV65YO6QOJ
2018-11-26 16:46 - 2018-11-26 16:55 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\bag0dugniqe
2018-11-26 15:47 - 2018-11-26 15:47 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Seznam.cz
2018-11-26 15:46 - 2018-11-26 15:46 - 000008666 _____ C:\Users\Kateřina\Desktop\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Kateřina\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Kateřina\AppData\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Kateřina\AppData\Roaming\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\Downloads\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\Documents\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\Desktop\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\AppData\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\AppData\Roaming\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\AppData\Local\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default.migrated\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default.migrated\Documents\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default.migrated\AppData\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default.migrated\AppData\Local\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\Downloads\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\Documents\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\Desktop\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\AppData\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\AppData\Roaming\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\AppData\Local\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:44 - 2018-11-26 16:45 - 000000594 _____ C:\WINDOWS\Tasks\hZpUbaVMqkKgBHw.job
2018-11-26 15:44 - 2018-11-26 15:44 - 000008666 _____ C:\Users\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:44 - 2018-11-26 15:44 - 000008666 _____ C:\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:44 - 2018-11-26 15:44 - 000008666 _____ C:\Program Files\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:43 - 2018-11-26 15:43 - 000000000 ____D C:\Users\Kateřina\AppData\Local\Chrome
2018-11-26 15:40 - 2018-11-26 17:04 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\g0lwckdn14l
2018-11-26 15:40 - 2018-11-26 17:04 - 000000000 ____D C:\Users\Kateřina\AppData\Local\Maurice
2018-11-26 15:40 - 2018-11-26 17:04 - 000000000 ____D C:\Program Files\Live
2018-11-26 15:40 - 2018-11-26 16:55 - 000000000 ____D C:\Program Files\DNYFY4FG1D
2018-11-26 15:39 - 2018-11-26 17:04 - 000000000 ____D C:\Program Files\Common Files\Subdex
2018-11-26 15:39 - 2018-11-26 15:46 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Mozilla
2018-11-26 15:39 - 2018-11-26 15:39 - 001895383 _____ C:\Users\Kateřina\AppData\Local\Inchdax.bin
2018-11-26 15:38 - 2018-11-26 15:48 - 000722944 _____ C:\Users\Kateřina\AppData\Local\sham.db
2018-11-26 15:38 - 2018-11-26 15:38 - 007813632 _____ C:\Users\Kateřina\AppData\Local\agent.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 002024239 _____ C:\Users\Kateřina\AppData\Local\QvoTech.tst
2018-11-26 15:38 - 2018-11-26 15:38 - 000140800 _____ C:\Users\Kateřina\AppData\Local\installer.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 000126464 _____ C:\Users\Kateřina\AppData\Local\noah.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 000070896 _____ C:\Users\Kateřina\AppData\Local\Config.xml
2018-11-26 15:38 - 2018-11-26 15:38 - 000005568 _____ C:\Users\Kateřina\AppData\Local\md.xml
2018-11-26 15:38 - 2018-11-26 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-11-26 15:37 - 2018-11-26 15:46 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\ComfortSoftware
2018-11-26 15:37 - 2018-11-26 15:37 - 000000000 ____D C:\Users\Kateřina\AppData\Local\AdvinstAnalytics
2018-11-26 15:37 - 2018-11-26 15:37 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2018-11-26 15:37 - 2018-11-26 15:36 - 001372160 _____ (Brinker International, Inc.) C:\ProgramData\ccleaner.exe
2018-11-26 15:36 - 2018-11-26 17:53 - 000000000 ____D C:\Users\Kateřina\AppData\Local\William
2018-11-26 15:36 - 2018-11-26 15:36 - 000000000 ____D C:\ProgramData\HotCopy
2018-11-26 15:34 - 2018-11-26 15:34 - 004567040 _____ C:\Users\Kateřina\Downloads\Microsoft+Office+2016+Activator+(Updated).iso
2018-11-26 15:25 - 2018-11-26 15:46 - 000000000 ____D C:\Users\Kateřina\Desktop\Microsoft Office Professional Plus 2016 Untouched
2018-11-26 13:49 - 2018-11-26 15:46 - 000240156 _____ C:\Users\Kateřina\Desktop\LOSR210104_01_EN02_CS.doc.tnvvpfinss
2018-11-26 11:59 - 2018-11-26 15:46 - 000380114 _____ C:\Users\Kateřina\Desktop\00_EN_CS_test.zip.tnvvpfinss
2018-11-25 13:19 - 2018-11-26 15:44 - 000000000 ___HD C:\OneDriveTemp
2018-11-20 11:39 - 2018-09-04 23:25 - 001491976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-11-18 17:39 - 2018-11-26 16:59 - 000000000 ____D C:\Users\Kateřina\Desktop\Pro ÚP
2018-11-18 16:33 - 2018-11-26 15:46 - 000000000 ____D C:\Users\Kateřina\Desktop\Do mailu
2018-11-17 15:57 - 2018-11-26 15:46 - 000025701 _____ C:\Users\Kateřina\Desktop\Překlad.docx.tnvvpfinss
2018-11-15 23:56 - 2018-11-15 23:57 - 004841734 _____ C:\Users\Kateřina\Desktop\Zajištěné dluhopisy s pevnou sazbou 2017 (AJ - CZ).zip
2018-11-15 20:54 - 2018-11-26 15:46 - 004120559 _____ C:\Users\Kateřina\Desktop\Blackmore Bond S2.pdf.tnvvpfinss
2018-11-15 20:17 - 2018-11-26 15:46 - 000029824 _____ C:\Users\Kateřina\Desktop\Jak založit e-shop (překlad AJ - CZ).docx.tnvvpfinss
2018-11-14 15:12 - 2018-11-01 05:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-14 15:12 - 2018-11-01 05:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-14 15:12 - 2018-11-01 05:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-14 15:12 - 2018-11-01 05:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-14 15:12 - 2018-11-01 05:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-14 15:12 - 2018-11-01 05:48 - 000502824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-14 15:12 - 2018-11-01 05:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-14 15:12 - 2018-11-01 05:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-14 15:12 - 2018-11-01 05:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-14 15:12 - 2018-11-01 05:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-14 15:12 - 2018-11-01 05:30 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-14 15:12 - 2018-11-01 05:28 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-14 15:12 - 2018-10-21 12:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-14 15:12 - 2018-10-21 12:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-14 15:12 - 2018-10-21 08:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-14 15:12 - 2018-10-21 07:58 - 001172992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-14 15:11 - 2018-11-01 11:10 - 004939408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-14 15:11 - 2018-11-01 11:10 - 001362440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-14 15:11 - 2018-11-01 11:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-14 15:11 - 2018-11-01 11:07 - 000078648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-11-14 15:11 - 2018-11-01 10:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-14 15:11 - 2018-11-01 10:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-14 15:11 - 2018-11-01 10:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-14 15:11 - 2018-11-01 10:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-14 15:11 - 2018-11-01 10:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-14 15:11 - 2018-11-01 05:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-14 15:11 - 2018-11-01 05:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-14 15:11 - 2018-11-01 05:48 - 002351416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-14 15:11 - 2018-11-01 05:48 - 000343056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-14 15:11 - 2018-11-01 05:47 - 006687032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-14 15:11 - 2018-11-01 05:47 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-14 15:11 - 2018-11-01 05:47 - 000817768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-14 15:11 - 2018-11-01 05:47 - 000679840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-14 15:11 - 2018-11-01 05:47 - 000633336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-14 15:11 - 2018-11-01 05:47 - 000220472 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-14 15:11 - 2018-11-01 05:35 - 003255296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-14 15:11 - 2018-11-01 05:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-14 15:11 - 2018-11-01 05:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-14 15:11 - 2018-11-01 05:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-14 15:11 - 2018-11-01 05:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-14 15:11 - 2018-11-01 05:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-14 15:11 - 2018-11-01 05:31 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-14 15:11 - 2018-11-01 05:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-14 15:11 - 2018-11-01 05:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-14 15:11 - 2018-11-01 05:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-14 15:11 - 2018-11-01 05:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-14 15:11 - 2018-11-01 05:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-14 15:11 - 2018-11-01 05:29 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-14 15:11 - 2018-11-01 05:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-14 15:11 - 2018-11-01 05:28 - 000441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 001741312 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-14 15:11 - 2018-11-01 05:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000977408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-14 15:11 - 2018-11-01 05:27 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-14 15:11 - 2018-11-01 05:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-14 15:11 - 2018-11-01 05:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-14 15:11 - 2018-10-21 12:37 - 001530560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-14 15:11 - 2018-10-21 12:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-14 15:11 - 2018-10-21 12:26 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-14 15:11 - 2018-10-21 12:26 - 003458560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-14 15:11 - 2018-10-21 08:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-14 15:11 - 2018-10-21 08:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-14 15:11 - 2018-10-21 08:19 - 002144056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-14 15:11 - 2018-10-21 08:19 - 001618376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-14 15:11 - 2018-10-21 08:19 - 000542520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-14 15:11 - 2018-10-21 08:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-14 15:11 - 2018-10-21 08:19 - 000493368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-14 15:11 - 2018-10-21 08:19 - 000142136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-14 15:11 - 2018-10-21 08:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-14 15:11 - 2018-10-21 08:01 - 000183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-14 15:11 - 2018-10-21 07:58 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-14 15:11 - 2018-10-21 07:58 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-14 15:11 - 2018-10-21 07:56 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-14 15:11 - 2018-10-21 07:56 - 000700928 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-14 15:11 - 2018-10-21 06:42 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-14 15:10 - 2018-11-01 11:07 - 000316248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-14 15:10 - 2018-11-01 10:57 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-14 15:10 - 2018-11-01 10:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-14 15:10 - 2018-11-01 10:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-14 15:10 - 2018-11-01 10:55 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-14 15:10 - 2018-11-01 10:53 - 001459200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-11-14 15:10 - 2018-11-01 10:53 - 001082880 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-14 15:10 - 2018-11-01 06:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-14 15:10 - 2018-11-01 05:53 - 000994480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-14 15:10 - 2018-11-01 05:50 - 004171920 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-14 15:10 - 2018-11-01 05:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-14 15:10 - 2018-11-01 05:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-14 15:10 - 2018-11-01 05:47 - 000197136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-14 15:10 - 2018-11-01 05:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-14 15:10 - 2018-11-01 05:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-14 15:10 - 2018-11-01 05:31 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-14 15:10 - 2018-11-01 05:30 - 002808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-14 15:10 - 2018-11-01 05:30 - 002278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-11-14 15:10 - 2018-11-01 05:30 - 001751552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-14 15:10 - 2018-11-01 05:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-14 15:10 - 2018-11-01 05:30 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-14 15:10 - 2018-11-01 05:28 - 001272832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-14 15:10 - 2018-11-01 05:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-14 15:10 - 2018-11-01 05:27 - 001354240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-14 15:10 - 2018-11-01 05:27 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-14 15:10 - 2018-11-01 05:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-14 15:10 - 2018-11-01 05:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-14 15:10 - 2018-10-21 12:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-14 15:10 - 2018-10-21 12:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-14 15:10 - 2018-10-21 12:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-14 15:10 - 2018-10-21 12:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-14 15:10 - 2018-10-21 12:26 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-14 15:10 - 2018-10-21 12:25 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-14 15:10 - 2018-10-21 12:24 - 000887808 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-14 15:10 - 2018-10-21 12:23 - 000998400 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-14 15:10 - 2018-10-21 12:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-14 15:10 - 2018-10-21 12:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-14 15:10 - 2018-10-21 12:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-14 15:10 - 2018-10-21 12:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-14 15:10 - 2018-10-21 08:39 - 000480272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-14 15:10 - 2018-10-21 08:20 - 000539904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-14 15:10 - 2018-10-21 08:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-14 15:10 - 2018-10-21 08:19 - 001190696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-14 15:10 - 2018-10-21 08:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-14 15:10 - 2018-10-21 08:19 - 000949344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-14 15:10 - 2018-10-21 08:19 - 000831216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-14 15:10 - 2018-10-21 08:18 - 001050488 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-14 15:10 - 2018-10-21 08:18 - 000142736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-14 15:10 - 2018-10-21 08:18 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-14 15:10 - 2018-10-21 08:18 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-14 15:10 - 2018-10-21 08:18 - 000044104 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-14 15:10 - 2018-10-21 08:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-14 15:10 - 2018-10-21 08:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-14 15:10 - 2018-10-21 08:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-14 15:10 - 2018-10-21 08:01 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-14 15:10 - 2018-10-21 08:01 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-14 15:10 - 2018-10-21 08:01 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-14 15:10 - 2018-10-21 08:01 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-14 15:10 - 2018-10-21 08:01 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-14 15:10 - 2018-10-21 07:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-14 15:10 - 2018-10-21 07:59 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-14 15:10 - 2018-10-21 07:59 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 002198528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 001224192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-11-14 15:10 - 2018-10-21 07:58 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-14 15:10 - 2018-10-21 07:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-14 15:10 - 2018-10-21 07:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-14 15:10 - 2018-10-21 07:57 - 002412544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-14 15:10 - 2018-10-21 07:57 - 001588224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-14 15:10 - 2018-10-21 07:57 - 000830976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-14 15:10 - 2018-10-21 07:57 - 000515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-14 15:10 - 2018-10-21 07:57 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-14 15:10 - 2018-10-21 07:56 - 001414144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-14 15:10 - 2018-10-21 07:56 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-09 09:30 - 2018-11-26 15:46 - 000632885 _____ C:\Users\Kateřina\Desktop\Náborový dotazník.docx.tnvvpfinss
2018-11-08 21:45 - 2018-11-26 15:46 - 000054283 _____ C:\Users\Kateřina\Desktop\imageresize.jpg.tnvvpfinss
2018-11-07 22:22 - 2018-11-13 13:10 - 006161408 _____ C:\Users\Kateřina\AppData\Local\dump007.dat
2018-11-04 18:22 - 2018-11-04 18:22 - 000000011 _____ C:\Users\Kateřina\setup12.ini
2018-11-01 19:41 - 2018-11-01 19:41 - 000000000 ____D C:\WINDOWS\Firmware
2018-10-31 18:10 - 2018-10-31 18:10 - 000173094 _____ C:\Users\Kateřina\Desktop\Seznam Email.pdf
2018-10-27 12:43 - 2018-10-27 12:43 - 000317766 _____ C:\Users\Kateřina\Desktop\tablepress.1.9.1.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-26 19:24 - 2018-08-01 12:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-26 19:15 - 2018-04-11 21:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-26 18:55 - 2018-08-01 12:36 - 000718030 _____ C:\WINDOWS\system32\perfh005.dat
2018-11-26 18:55 - 2018-08-01 12:36 - 000145610 _____ C:\WINDOWS\system32\perfc005.dat
2018-11-26 18:55 - 2018-08-01 12:30 - 002650970 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-26 18:55 - 2018-04-11 21:31 - 000000000 ____D C:\WINDOWS\INF
2018-11-26 18:55 - 2017-10-22 17:48 - 000511542 _____ C:\WINDOWS\system32\perfh01B.dat
2018-11-26 18:55 - 2017-10-22 17:48 - 000425462 _____ C:\WINDOWS\system32\perfc01B.dat
2018-11-26 18:47 - 2018-08-01 12:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-26 18:47 - 2016-10-13 16:37 - 000000000 __SHD C:\Users\Kateřina\IntelGraphicsProfiles
2018-11-26 18:46 - 2018-08-01 12:15 - 000000000 ____D C:\Users\Kateřina
2018-11-26 18:46 - 2018-04-11 13:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-11-26 18:46 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-11-26 16:48 - 2015-07-10 09:28 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-11-26 16:47 - 2018-04-11 21:25 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-26 16:01 - 2016-12-10 16:10 - 000000000 ____D C:\Users\Kateřina\Desktop\recovered
2018-11-26 15:47 - 2017-11-24 18:58 - 000000000 ____D C:\Users\Kateřina\Desktop\Překlady
2018-11-26 15:46 - 2018-10-20 16:34 - 000041153 _____ C:\Users\Kateřina\Desktop\1.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-10-20 13:21 - 000001161 _____ C:\Users\Kateřina\Desktop\odkazy.txt.tnvvpfinss
2018-11-26 15:46 - 2018-10-16 12:42 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\IE.Coockies
2018-11-26 15:46 - 2018-10-09 16:44 - 000001045 _____ C:\Users\Kateřina\Desktop\Microsoft Toolkit By Graphic Evolved.zip.tnvvpfinss
2018-11-26 15:46 - 2018-10-08 17:35 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\PowerISO
2018-11-26 15:46 - 2018-10-08 17:21 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Nero
2018-11-26 15:46 - 2018-09-13 19:26 - 000093390 _____ C:\Users\Kateřina\Desktop\bez názvu.png.tnvvpfinss
2018-11-26 15:46 - 2018-09-12 13:58 - 000133679 _____ C:\Users\Kateřina\Desktop\02.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-09-03 12:29 - 000012130 _____ C:\Users\Kateřina\Desktop\example.xlsx.tnvvpfinss
2018-11-26 15:46 - 2018-09-03 11:55 - 000671193 _____ C:\Users\Kateřina\Desktop\Chapman Gary - Pět jazyků lásky.pdf.tnvvpfinss
2018-11-26 15:46 - 2018-08-08 22:30 - 000434683 _____ C:\Users\Kateřina\Desktop\P6132720.JPG.tnvvpfinss
2018-11-26 15:46 - 2018-08-08 22:30 - 000423860 _____ C:\Users\Kateřina\Desktop\P6132719.JPG.tnvvpfinss
2018-11-26 15:46 - 2018-06-25 17:37 - 000028581 _____ C:\Users\Kateřina\Desktop\CF0618C5-8D9D-4B9C-9AC0-F849BF8B90A1.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-25 17:27 - 000006101 _____ C:\Users\Kateřina\Desktop\222.png.tnvvpfinss
2018-11-26 15:46 - 2018-06-25 17:21 - 000043782 _____ C:\Users\Kateřina\Desktop\11.png.tnvvpfinss
2018-11-26 15:46 - 2018-06-25 15:52 - 000016629 _____ C:\Users\Kateřina\Desktop\imagesQUSH4PEZ.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-25 15:29 - 000014456 _____ C:\Users\Kateřina\Desktop\01.png.tnvvpfinss
2018-11-26 15:46 - 2018-06-21 15:32 - 000037145 _____ C:\Users\Kateřina\Desktop\Consignment no.docx.tnvvpfinss
2018-11-26 15:46 - 2018-06-21 15:28 - 000174646 _____ C:\Users\Kateřina\Desktop\6C6A4557-F45B-4533-B798-BAF0A014CA59.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-21 15:23 - 000067605 _____ C:\Users\Kateřina\Desktop\9EDEC4FF-E92F-4249-B2BC-205D3CD52C50.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-21 15:20 - 000087361 _____ C:\Users\Kateřina\Desktop\3419FD88-1A86-47E2-A6C7-FEF72AFFAFF8.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-19 13:39 - 000083495 _____ C:\Users\Kateřina\Desktop\Doklad č. 19062018.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-16 17:06 - 000027942 _____ C:\Users\Kateřina\Desktop\Překlad webové stránky LitFin.docx.tnvvpfinss
2018-11-26 15:46 - 2018-06-16 16:52 - 000025430 _____ C:\Users\Kateřina\Desktop\LitFin_web text.docx.tnvvpfinss
2018-11-26 15:46 - 2018-06-12 18:31 - 000003259 _____ C:\Users\Kateřina\Desktop\1234.png.tnvvpfinss
2018-11-26 15:46 - 2018-06-12 13:38 - 000193853 _____ C:\Users\Kateřina\Desktop\180147.png.tnvvpfinss
2018-11-26 15:46 - 2018-06-07 18:22 - 000151425 _____ C:\Users\Kateřina\Desktop\15208649-D6DB-45A7-8706-C21E32C24A29.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-05-31 18:44 - 002065935 _____ C:\Users\Kateřina\Desktop\IMG_4593.jpeg.tnvvpfinss
2018-11-26 15:46 - 2018-05-29 18:10 - 000153356 _____ C:\Users\Kateřina\Desktop\7A0227D1-B461-4081-941E-8CD09AC22CE2.jpeg.tnvvpfinss
2018-11-26 15:46 - 2018-05-29 14:23 - 000014125 _____ C:\Users\Kateřina\Desktop\Hledáte přivýdělek z domu a rádi se učíte novým věcem.docx.tnvvpfinss
2018-11-26 15:46 - 2018-05-22 15:41 - 000779021 _____ C:\Users\Kateřina\Desktop\Osobní dotazník, 6.2.2018 - TRANSPONO.pdf.tnvvpfinss
2018-11-26 15:46 - 2018-05-22 09:42 - 000033308 _____ C:\Users\Kateřina\Desktop\Osobní dotazník, 6.2.2018 - TRANSPONO s.r.pdf.tnvvpfinss
2018-11-26 15:46 - 2018-05-20 18:00 - 000019089 _____ C:\Users\Kateřina\Desktop\Překlad termínů výkresové dokumentace.xlsx.tnvvpfinss
2018-11-26 15:46 - 2018-05-18 21:21 - 000000000 ____D C:\Users\Kateřina\Desktop\Hudba
2018-11-26 15:46 - 2018-05-14 17:47 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\SDL
2018-11-26 15:46 - 2017-08-24 19:48 - 000061913 _____ C:\Users\Kateřina\Desktop\Motivační dopis - Cvernová.pdf.tnvvpfinss
2018-11-26 15:46 - 2017-08-01 17:53 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\GRETECH
2018-11-26 15:46 - 2017-08-01 17:45 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\SoftCDN
2018-11-26 15:46 - 2017-05-10 00:47 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Wondershare
2018-11-26 15:46 - 2017-04-05 14:46 - 000000000 ____D C:\Users\Kateřina\Desktop\epson30712eu
2018-11-26 15:46 - 2017-04-05 14:41 - 014123985 _____ C:\Users\Kateřina\Desktop\epson30712eu.zip.tnvvpfinss
2018-11-26 15:46 - 2017-04-05 14:37 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\EPSON
2018-11-26 15:46 - 2017-02-21 17:31 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Tomabo
2018-11-26 15:46 - 2017-01-27 18:42 - 000020020 _____ C:\Users\Kateřina\Desktop\config.bin.tnvvpfinss
2018-11-26 15:46 - 2017-01-06 16:10 - 000000000 ____D C:\Users\Kateřina\Desktop\Iphone 2016-2017
2018-11-26 15:46 - 2016-11-30 19:33 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Webshare
2018-11-26 15:46 - 2016-11-23 14:46 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Softland
2018-11-26 15:46 - 2016-11-21 15:49 - 000000000 ____D C:\Users\Kateřina\Desktop\EU-4208_Windows_driver_v1.1
2018-11-26 15:46 - 2016-11-05 19:02 - 000000000 ___RD C:\Users\Kateřina\Desktop\Média
2018-11-26 15:46 - 2016-10-30 16:03 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Apple Computer
2018-11-26 15:46 - 2016-10-29 17:33 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Lenovo
2018-11-26 15:46 - 2016-10-16 15:50 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Skype
2018-11-26 15:46 - 2016-10-14 20:56 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Macromedia
2018-11-26 15:46 - 2016-10-13 16:47 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\LSC
2018-11-26 15:45 - 2018-01-27 18:33 - 000000000 ___RD C:\Users\Kateřina\3D Objects
2018-11-26 15:45 - 2016-10-13 16:37 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Adobe
2018-11-26 15:45 - 2015-11-29 12:19 - 000000000 __SHD C:\UserGuidePDF
2018-11-26 15:45 - 2015-07-10 07:59 - 000000000 ____D C:\Users\Default.migrated
2018-11-26 15:44 - 2018-06-28 21:03 - 000000612 ___SH C:\bootTel.dat.tnvvpfinss
2018-11-26 15:44 - 2018-05-11 22:04 - 000000000 ___HD C:\$AV_ASW
2018-11-26 15:44 - 2018-04-11 21:36 - 000000000 ____D C:\PerfLogs
2018-11-26 15:44 - 2018-01-23 14:43 - 000000000 ___HD C:\$GetCurrent
2018-11-26 15:44 - 2016-11-30 19:33 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2018-11-26 15:44 - 2016-10-29 20:09 - 000000000 ____D C:\Log
2018-11-26 15:44 - 2015-11-29 13:03 - 000000000 ___HD C:\Intel
2018-11-26 13:50 - 2018-01-26 12:17 - 000000000 ____D C:\Users\Kateřina\AppData\Local\Packages
2018-11-25 13:22 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-25 13:19 - 2016-10-13 16:40 - 000000000 ___RD C:\Users\Kateřina\OneDrive
2018-11-23 12:29 - 2018-04-11 21:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-21 17:00 - 2018-04-11 21:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-11-21 16:59 - 2015-11-29 12:20 - 000000000 ____D C:\Program Files\Microsoft Office
2018-11-18 16:31 - 2016-11-05 19:08 - 000000000 ____D C:\Users\Kateřina\Documents\CV
2018-11-17 16:02 - 2018-08-01 12:15 - 000002407 _____ C:\Users\Kateřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-17 15:50 - 2017-09-29 19:27 - 000000000 ____D C:\Program Files\rempl
2018-11-17 00:00 - 2018-04-11 21:39 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-11-17 00:00 - 2018-04-11 21:39 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-11-15 23:58 - 2018-07-08 19:46 - 000000000 ____D C:\Users\Kateřina\Desktop\Články
2018-11-15 16:29 - 2015-07-16 16:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-15 16:28 - 2018-08-01 12:12 - 000397080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-14 23:49 - 2018-04-11 21:36 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-14 23:49 - 2018-04-11 21:36 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-14 23:49 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-14 23:49 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 23:49 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-14 15:38 - 2016-10-14 22:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-14 15:23 - 2016-10-14 22:19 - 134758520 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-13 13:11 - 2016-10-28 22:34 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-11 15:41 - 2018-08-09 17:12 - 000000000 ____D C:\WINDOWS\Minidump
2018-11-09 16:47 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-10-30 19:25 - 2018-08-01 13:10 - 000000000 ____D C:\Users\Kateřina\AppData\Local\PlaceholderTileLogoFolder

==================== Files in the root of some directories =======

2018-11-26 15:37 - 2018-11-26 15:36 - 001372160 _____ (Brinker International, Inc.) C:\ProgramData\ccleaner.exe
2018-11-26 15:44 - 2018-11-26 15:44 - 000008666 _____ () C:\Program Files\TNVVPFINSS-DECRYPT.txt
4950-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Program Files\Common Files\eejei.exe
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ () C:\Users\Kateřina\AppData\Roaming\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:46 - 2018-11-26 15:46 - 000008666 _____ () C:\Users\Kateřina\AppData\Roaming\Microsoft\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:38 - 2018-11-26 15:38 - 007813632 _____ () C:\Users\Kateřina\AppData\Local\agent.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 000070896 _____ () C:\Users\Kateřina\AppData\Local\Config.xml
4950-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe
2018-11-07 22:22 - 2018-11-13 13:10 - 006161408 _____ () C:\Users\Kateřina\AppData\Local\dump007.dat
2018-11-26 15:39 - 2018-11-26 15:39 - 001895383 _____ () C:\Users\Kateřina\AppData\Local\Inchdax.bin
2018-11-26 15:38 - 2018-11-26 15:38 - 000140800 _____ () C:\Users\Kateřina\AppData\Local\installer.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 000005568 _____ () C:\Users\Kateřina\AppData\Local\md.xml
2018-11-26 15:38 - 2018-11-26 15:38 - 000126464 _____ () C:\Users\Kateřina\AppData\Local\noah.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 002024239 _____ () C:\Users\Kateřina\AppData\Local\QvoTech.tst
2018-11-26 15:38 - 2018-11-26 15:48 - 000722944 _____ () C:\Users\Kateřina\AppData\Local\sham.db
2018-11-26 15:39 - 2018-11-26 15:39 - 000032038 _____ () C:\Users\Kateřina\AppData\Local\uninstall_temp.ico
2018-10-09 16:24 - 2018-10-09 16:24 - 000000003 _____ () C:\Users\Kateřina\AppData\Local\wbem.ini

Files to move or delete:
====================
C:\ProgramData\ccleaner.exe


Some files in TEMP:
====================
2018-11-26 15:40 - 2018-11-26 15:40 - 000375522 _____ ( ) C:\Users\Kateřina\AppData\Local\Temp\2nr4tgxk4ga.exe
2018-11-26 15:42 - 2018-11-26 15:42 - 000003072 _____ () C:\Users\Kateřina\AppData\Local\Temp\798460922.exe
2018-11-26 15:43 - 2018-11-26 15:43 - 000101888 _____ () C:\Users\Kateřina\AppData\Local\Temp\Heart.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-01 12:12

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.11.2018
Ran by Kateřina (26-11-2018 19:27:39)
Running from C:\Users\Kateřina\Desktop
Microsoft Windows 10 Home Version 1803 17134.407 (X86) (2018-08-01 11:55:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3793012919-2705438960-3369879477-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3793012919-2705438960-3369879477-503 - Limited - Disabled)
Guest (S-1-5-21-3793012919-2705438960-3369879477-501 - Limited - Disabled)
Kateřina (S-1-5-21-3793012919-2705438960-3369879477-1004 - Administrator - Enabled) => C:\Users\Kateřina
kcver (S-1-5-21-3793012919-2705438960-3369879477-1002 - Administrator - Enabled) => C:\Users\kcver
WDAGUtilityAccount (S-1-5-21-3793012919-2705438960-3369879477-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 12 (HKLM\...\AU11_is1) (Version: 12.24.0.100 - Innovative Solutions)
Apple Mobile Device Support (HKLM\...\{90B7F915-6343-43CE-9DA7-E79E5BAC6673}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
AX88772C_772B_772A_772 Windows 8.x Drivers (HKLM\...\{18B9948C-938D-4AED-9ED7-EADE3BD1876A}) (Version: 3.0.1.0 - ASIX Electronics Corporation) Hidden
AX88772C_772B_772A_772 Windows 8.x Drivers (HKLM\...\InstallShield_{18B9948C-938D-4AED-9ED7-EADE3BD1876A}) (Version: 3.0.1.0 - ASIX Electronics Corporation)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Epson Easy Photo Print 2 (HKLM\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Free YouTube Downloader 4.2.754 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
GOM Player (HKLM\...\GOM Player) (Version: 2.3.17.5274 - GOM & Company)
iTunes (HKLM\...\{2F95FFC4-8624-43AB-8256-AA223555C9B7}) (Version: 12.6.0.100 - Apple Inc.)
Lenovo Keyboard Driver (HKLM\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: 1.0.15.0812 - 3NOD)
Lenovo EasyCamera (HKLM\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo Solution Center (HKLM\...\{74C3EF3E-2A0D-470A-9EDC-884D5F85644F}) (Version: 3.0.003.00 - Lenovo)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.11029.20070 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\OneDriveSetup.exe) (Version: 18.222.1104.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 CSY (HKLM\...\{E8BEDB28-151D-465C-9BE0-F6EB930A629C}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Network Stumbler 0.4.0 (remove only) (HKLM\...\Network Stumbler) (Version: - )
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11029.20070 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.11029.20070 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11029.20070 - Microsoft Corporation) Hidden
Podpora aplikací Apple (32bitová) (HKLM\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
PowerISO (HKLM\...\PowerISO) (Version: 6.6 - Power Software Ltd)
REALTEK Bluetooth (HKLM\...\{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.102.50724 - REALTEK Semiconductor Corp.) Hidden
REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.102.50724 - Realtek Semiconductor Corp.)
UpdateAssistant (HKLM\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
User Manuals (HKLM\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden
User Manuals (HKLM\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
Webshare uploader (HKLM\...\WebshareDLC) (Version: - Webshare)
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3793012919-2705438960-3369879477-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Ltd)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-28] (Intel Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15CEBD7E-E29B-4B12-9287-CE1CAEE0209A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-15] (Microsoft Corporation)
Task: {167E3FB4-131E-4233-B715-971F16AB53F6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {24C6AD8D-F43B-4846-B9D2-7DD8483291DF} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {2BEBB3A4-DC76-4A6A-8D7E-016BF51425A5} - System32\Tasks\lRXXZzUHcFPoIKk2 => rundll32 "C:\Program Files\DjpYILTWU\gAOXuu.dll",#1
Task: {302231E7-C058-4190-A0E8-6117E2BAF219} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-17] (Lenovo)
Task: {34484194-5A81-453B-BC67-1E18F65F2376} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {388CA37D-A6F7-42A0-BEEE-3ACD31C2D131} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-11-21] (Microsoft Corporation)
Task: {42A961D9-CEFA-4D98-987A-7339498B7611} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-07-17] (Lenovo)
Task: {432D5F75-ADA6-4E11-A331-0162834F02EF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-21] (Microsoft Corporation)
Task: {446DB129-8C88-404C-A5D8-D80235E8C7EE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-10-28] (AVAST Software)
Task: {4AE342FE-6AB2-49C1-9ED2-DE6A1C419EA1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-21] (Microsoft Corporation)
Task: {5A72D693-A3D8-45D7-B3AF-11C822A649F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {5EDCF634-ADA8-4E81-8E9D-E32F52200C45} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {6DCD6F2A-5C33-4871-B76D-E0CF6A2E2F72} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-07-17] ()
Task: {6EBA0591-32FB-477F-887F-FBE198455D34} - System32\Tasks\ClwhhsndxrpfQ2 => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\pUIfuUUTjzrUMTVB\CkDZCCG.wsf"
Task: {75E6C9CC-0BDB-4CC3-B39A-2FC7DAEE331C} - System32\Tasks\OperaUpdateService => "C:\Program Files\Google\Chrome\Application\chrome.exe" hxxp://marihokew.com/cl/?guid=eeu8qfis0pu76vo55vf5enhiq0yj01eu&prid=1&pid=11_1415_0
Task: {90AA0BCA-EE84-4A3B-BF39-7BAA0100F20B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)
Task: {94FD7541-6D12-462D-B639-48AA2814BF09} - System32\Tasks\{629099A6-F5F9-CA3F-A06D-F695AE4C294A} => C:\Program Files\Common Files\eejei.exe [4950-06-07] (Microsoft Corporation)
Task: {A24A9E96-DF54-4D27-9CCA-2F0BC9E4F29D} - System32\Tasks\hZpUbaVMqkKgBHw => rundll32 "C:\Users\Kateřina\AppData\Local\Temp\wBNYXMUsbXdGxCtef\BhJxTCXQZSRFjvlY\mzZmXAI.dll",#1 /adp IWXV0GYXV0QWXV2BYXV5CWXV3BWXV4CYXV0TXXV1RWXV1LWXV1RXXV8HWXV1IXXV3OXXV3XWXV4 /site_id 756 <==== ATTENTION
Task: {A750A6DC-CA4B-4601-92D3-F16E403BBFF6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-21] (Microsoft Corporation)
Task: {A8297841-005B-4F01-88EE-9C0D3B4607D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-11-21] (Microsoft Corporation)
Task: {AB06E272-F562-4BB8-B21A-294C245DA51F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {AB224C74-AD57-49BB-8DE5-36F634B12460} - System32\Tasks\UninstallMonitor => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [2018-10-16] (Innovative Solutions GRUP SRL)
Task: {B2198A60-F972-4207-AD76-690EDFC0180E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-07-17] ()
Task: {B5402B2C-A8AC-4597-8EB5-885EB6466B54} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-15] (Microsoft Corporation)
Task: {BDD9E7E6-85E9-4677-88AF-7C39E6B5B17E} - System32\Tasks\ZSFGHAUrEQvZYk => rundll32 "C:\Program Files\FVgedVjzKgFU2\EgWAOOTXtuhuo.dll",#1
Task: {C213EF7B-5958-4F69-B15B-D4F929D4FE7C} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {C2BC506F-6DB7-45F3-B626-513FA4CBC091} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-07-17] (Lenovo)
Task: {C2DA9683-3FB9-4DD6-B424-47217DF7E309} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-21] (Microsoft Corporation)
Task: {CB5461D8-35B3-44DC-BD82-68D7EFCE8E99} - System32\Tasks\AupAvUpdate => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe
Task: {D5998BF7-0837-4FE3-9686-208085986746} - System32\Tasks\cGuRYWMDXAzszcxQS2 => rundll32 "C:\Program Files\VtuYtIvrjzmOrIBvrWR\VxYBjFb.dll",#1
Task: {E1F6E12B-2B6F-4D20-ABFF-033CAE55C88F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {E40EE485-46D2-4BCF-934F-E65DD5314D06} - System32\Tasks\{0EC5EDD6-A8D9-5413-842C-17446B77AED8} => C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe [4950-06-07] (Microsoft Corporation) <==== ATTENTION
Task: {E5DA2C13-F525-4D06-8BC3-CC0441899B58} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)
Task: {E80ED523-54C7-4C27-8893-0006833E0A6C} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback
Task: {F5DA4F07-E9BD-430D-AB5D-2AAC16BA635C} - System32\Tasks\TGZZvvZkTeMODbIDdGH2 => rundll32 "C:\Program Files\vevsoISKgkcDC\BRThRFz.dll",#1
Task: {F6EF23E3-075E-469E-9D38-0A43DCC6618B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\hZpUbaVMqkKgBHw.job => C:\Users\Kateřina\AppData\Local\Temp\wBNYXMUsbXdGxCtef\BhJxTCXQZSRFjvlY\mzZmXAI.dll <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-10-05 18:18 - 2016-10-05 18:18 - 000080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 15:09 - 2017-03-16 15:09 - 001041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-29 13:07 - 2015-07-16 22:40 - 000147160 _____ () C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
2018-04-11 21:29 - 2018-04-11 21:29 - 000364200 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-10-16 18:38 - 2017-05-02 13:13 - 000565827 _____ () C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\sqlite3.dll
2018-10-16 18:38 - 2018-10-16 13:56 - 000010840 _____ () C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\memmgrset.dll
2018-04-11 21:29 - 2018-04-11 21:29 - 000308224 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 21:29 - 2018-04-11 21:29 - 001670656 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-14 15:11 - 2018-11-01 05:28 - 001609216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-13 13:14 - 2018-11-13 13:15 - 000159744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-11-13 13:14 - 2018-11-13 13:15 - 000013312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-10-04 16:25 - 2018-10-04 16:25 - 000008192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-11-13 13:14 - 2018-11-13 13:14 - 000053248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\ChakraBridge.dll
2018-11-13 13:14 - 2018-11-13 13:14 - 006827520 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\LibWrapper.dll
2018-11-13 13:14 - 2018-11-13 13:15 - 001930240 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\skypert.dll
2018-11-13 13:14 - 2018-11-13 13:14 - 000542208 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-10 12:18 - 2018-07-10 12:30 - 001428144 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x86__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2015-11-29 13:05 - 2015-06-09 03:20 - 000045056 _____ () C:\Windows\3NOD\hidhook.dll
2017-03-27 11:21 - 2017-03-27 11:21 - 000080184 _____ () C:\Program Files\iTunes\zlib1.dll
2017-03-27 11:21 - 2017-03-27 11:21 - 001041720 _____ () C:\Program Files\iTunes\libxml2.dll
2018-04-12 21:15 - 2018-09-10 14:32 - 000085320 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2018-11-06 18:19 - 2018-11-06 18:20 - 000172032 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x86__8wekyb3d8bbwe\WinStore.Preview.dll
2018-11-06 18:19 - 2018-11-06 18:19 - 001847368 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x86__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-11-06 18:19 - 2018-11-06 18:19 - 001366528 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x86__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Kateřina\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 09:28 - 2015-07-10 09:26 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 10.0.1.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{686A5B0F-72AE-4887-BA1C-7C5538C8EE2E}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{CE4E4021-A8EF-4D73-8D6D-0EDEF241C821}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{9797F135-393E-49F2-8549-E8A23C9BCB19}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{4506DF19-34C4-467F-A305-81241F34E03A}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{B2FB42EF-2792-41CE-BD13-CDAA2FC378AD}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{DC6EC7A9-76AA-4DE7-B37A-99D8BEADE131}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{CFEE2A02-79F0-460A-8D4A-B066C0CBFA58}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{C764E5CB-BE9B-4773-B4EC-0E7F1FA35F36}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{C5E3EA69-45DA-4F21-A67C-8456ED7BB907}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/26/2018 06:48:59 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-LMBQQVTN)
Description: httphttp-2147467263

Error: (11/26/2018 06:47:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/26/2018 06:47:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/26/2018 06:44:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/26/2018 06:44:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/26/2018 06:00:50 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-LMBQQVTN)
Description: httphttp-2147467263

Error: (11/26/2018 05:59:40 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-LMBQQVTN)
Description: httphttp-2147467263

Error: (11/26/2018 05:56:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ccleaner.exe, verze: 3.13.2.2, časové razítko: 0x5b9ba68f
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x004016c0
ID chybujícího procesu: 0x22c0
Čas spuštění chybující aplikace: 0x01d485a8f69d780c
Cesta k chybující aplikaci: C:\ProgramData\ccleaner.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 7fa412d5-0c3d-448f-89df-011676c4eadb
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (11/26/2018 06:48:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Launch pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Unavailable
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/26/2018 06:48:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Launch pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Unavailable
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/26/2018 06:47:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/26/2018 06:47:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/26/2018 06:47:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN se nepodařilo spustit.

Cesta k modulu: C:\WINDOWS\system32\Rtlihvs.dll
Kód chyby: 126

Error: (11/26/2018 06:46:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Wondershare Application Framework Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/26/2018 06:46:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Apple Mobile Device byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Reštartovať službu.

Error: (11/26/2018 06:46:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba CRMSvc byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Reštartovať službu.


Windows Defender:
===================================
Date: 2018-11-26 18:59:44.574
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\AppData\Local\Temp\510912750\ic-0.c49ee1ecd0eb6.exe; file:_C:\Users\Kateřina\AppData\Local\Temp\sf2jkh4wxsd\a3.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\CCleaner\CCleaner.exe
Verze podpisu: AV: 1.281.866.0, AS: 1.281.866.0, NIS: 1.281.866.0
Verze modulu: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-26 18:57:21.494
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\AppData\Local\Temp\510912750\ic-0.c49ee1ecd0eb6.exe; file:_C:\Users\Kateřina\AppData\Local\Temp\sf2jkh4wxsd\a3.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\CCleaner\CCleaner.exe
Verze podpisu: AV: 1.281.866.0, AS: 1.281.866.0, NIS: 1.281.866.0
Verze modulu: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-26 18:57:12.068
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuery.B!cl
ID: 2147718514
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\AppData\Local\Temp\bcx2vajzbrw\x1i0xqcqpgz.exe; file:_C:\Users\Kateřina\AppData\Local\Temp\e5spyyqwlqw\xytyyzb5g4u.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\CCleaner\CCleaner.exe
Verze podpisu: AV: 1.281.866.0, AS: 1.281.866.0, NIS: 1.281.866.0
Verze modulu: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-26 18:57:11.884
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuery.B!cl
ID: 2147718514
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\AppData\Local\Temp\bcx2vajzbrw\x1i0xqcqpgz.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\CCleaner\CCleaner.exe
Verze podpisu: AV: 1.281.866.0, AS: 1.281.866.0, NIS: 1.281.866.0
Verze modulu: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-26 18:57:11.623
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\AppData\Local\Temp\510912750\ic-0.c49ee1ecd0eb6.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: LAPTOP-LMBQQVTN\Kateřina
Název procesu: C:\Program Files\CCleaner\CCleaner.exe
Verze podpisu: AV: 1.281.866.0, AS: 1.281.866.0, NIS: 1.281.866.0
Verze modulu: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-06 13:11:53.843
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.279.1294.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15400.4
Kód chyby: 0x80240438
Popis chyby :Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

CodeIntegrity:
===================================

Date: 2018-11-26 15:44:58.887
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotCopyPaste\hcph.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-26 15:44:48.304
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotCopyPaste\hcph.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-26 15:44:43.887
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotCopyPaste\hcph.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-26 15:43:13.704
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotCopyPaste\hcph.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-26 15:43:13.642
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotCopyPaste\hcph.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-26 15:43:13.537
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotCopyPaste\hcph.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-26 15:43:13.046
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotCopyPaste\hcph.dll that did not meet the Microsoft signing level requirements.

Date: 2018-11-26 15:43:12.914
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\HotCopyPaste\hcph.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz
Percentage of memory in use: 79%
Total physical RAM: 1977.13 MB
Available physical RAM: 414.39 MB
Total Virtual: 4921.13 MB
Available Virtual: 2631.46 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:56.99 GB) (Free:14.15 GB) NTFS

\\?\Volume{9c76ee76-6bb3-4f5a-993b-b448b6702264}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.67 GB) NTFS
\\?\Volume{e1359a58-b0db-4cbb-9fd5-0160589ee3ed}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 58.2 GB) (Disk ID: 049CE56E)

Partition: GPT.

==================== End of Addition.txt ============================

Re: Zničené soubory - vir?

Napsal: 26 lis 2018 20:07
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... vwZJXXn&q={searchTerms}
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... 7GLMbax22t
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3793012919-2705438960-3369879477-1004 -> {BE5610C5-6AAF-49B2-90C4-CE53570C960C} URL =
S1 dlpcsufm; \??\C:\WINDOWS\system32\drivers\dlpcsufm.sys [X]
S1 fkkvzcqd; \??\C:\WINDOWS\system32\drivers\fkkvzcqd.sys [X]
S1 jvlczubs; \??\C:\WINDOWS\system32\drivers\jvlczubs.sys [X]
S1 mlcftapk; \??\C:\WINDOWS\system32\drivers\mlcftapk.sys [X]
S1 ndwfdkhy; \??\C:\WINDOWS\system32\drivers\ndwfdkhy.sys [X]
S1 nmlldtwi; \??\C:\WINDOWS\system32\drivers\nmlldtwi.sys [X]
S1 ptbuioqu; \??\C:\WINDOWS\system32\drivers\ptbuioqu.sys [X]
S1 pyzkxtth; \??\C:\WINDOWS\system32\drivers\pyzkxtth.sys [X]
S1 tjgbhtnu; \??\C:\WINDOWS\system32\drivers\tjgbhtnu.sys [X]
S1 tlbjvsvv; \??\C:\WINDOWS\system32\drivers\tlbjvsvv.sys [X]
C:\ProgramData\pUIfuUUTjzrUMTVB
C:\Program Files\VtuYtIvrjzmOrIBvrWR
C:\Program Files\vevsoISKgkcDC
C:\Program Files\loreCZYyGIE
C:\Program Files\FVgedVjzKgFU2
C:\Program Files\DjpYILTWU
C:\Program Files\bbIORqNasDUn
C:\Program Files\QV65YO6QOJ
C:\Users\Kateřina\AppData\Roaming\bag0dugniqe
C:\WINDOWS\Tasks\hZpUbaVMqkKgBHw.job
C:\Program Files\DNYFY4FG1D
C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe
C:\Users\Kateřina\AppData\Local\Temp
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {2BEBB3A4-DC76-4A6A-8D7E-016BF51425A5} - System32\Tasks\lRXXZzUHcFPoIKk2 => rundll32 "C:\Program Files\DjpYILTWU\gAOXuu.dll",#1
Task: {34484194-5A81-453B-BC67-1E18F65F2376} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {6EBA0591-32FB-477F-887F-FBE198455D34} - System32\Tasks\ClwhhsndxrpfQ2 => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\pUIfuUUTjzrUMTVB\CkDZCCG.wsf"
Task: {A24A9E96-DF54-4D27-9CCA-2F0BC9E4F29D} - System32\Tasks\hZpUbaVMqkKgBHw => rundll32 "C:\Users\Kateřina\AppData\Local\Temp\wBNYXMUsbXdGxCtef\BhJxTCXQZSRFjvlY\mzZmXAI.dll",#1 /adp IWXV0GYXV0QWXV2BYXV5CWXV3BWXV4CYXV0TXXV1RWXV1LWXV1RXXV8HWXV1IXXV3OXXV3XWXV4 /site_id 756 <==== ATTENTION
Task: {E40EE485-46D2-4BCF-934F-E65DD5314D06} - System32\Tasks\{0EC5EDD6-A8D9-5413-842C-17446B77AED8} => C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe [4950-06-07] (Microsoft Corporation) <==== ATTENTION
Task: {F5DA4F07-E9BD-430D-AB5D-2AAC16BA635C} - System32\Tasks\TGZZvvZkTeMODbIDdGH2 => rundll32 "C:\Program Files\vevsoISKgkcDC\BRThRFz.dll",#1
Task: C:\WINDOWS\Tasks\hZpUbaVMqkKgBHw.job => C:\Users\Kateřina\AppData\Local\Temp\wBNYXMUsbXdGxCtef\BhJxTCXQZSRFjvlY\mzZmXAI.dll <==== ATTENTION
AlternateDataStreams: C:\Users\Kateřina\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Zničené soubory - vir?

Napsal: 26 lis 2018 22:45
od LadyKate
Fix result of Farbar Recovery Scan Tool (x86) Version: 21.11.2018
Ran by Kateřina (26-11-2018 22:35:06) Run:1
Running from C:\Users\Kateřina\Desktop
Loaded Profiles: Kateřina (Available Profiles: kcver & Kateřina)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CloseProcesses:
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... vwZJXXn&q={searchTerms}
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... 7GLMbax22t
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3793012919-2705438960-3369879477-1004 -> {BE5610C5-6AAF-49B2-90C4-CE53570C960C} URL =
S1 dlpcsufm; \??\C:\WINDOWS\system32\drivers\dlpcsufm.sys [X]
S1 fkkvzcqd; \??\C:\WINDOWS\system32\drivers\fkkvzcqd.sys [X]
S1 jvlczubs; \??\C:\WINDOWS\system32\drivers\jvlczubs.sys [X]
S1 mlcftapk; \??\C:\WINDOWS\system32\drivers\mlcftapk.sys [X]
S1 ndwfdkhy; \??\C:\WINDOWS\system32\drivers\ndwfdkhy.sys [X]
S1 nmlldtwi; \??\C:\WINDOWS\system32\drivers\nmlldtwi.sys [X]
S1 ptbuioqu; \??\C:\WINDOWS\system32\drivers\ptbuioqu.sys [X]
S1 pyzkxtth; \??\C:\WINDOWS\system32\drivers\pyzkxtth.sys [X]
S1 tjgbhtnu; \??\C:\WINDOWS\system32\drivers\tjgbhtnu.sys [X]
S1 tlbjvsvv; \??\C:\WINDOWS\system32\drivers\tlbjvsvv.sys [X]
C:\ProgramData\pUIfuUUTjzrUMTVB
C:\Program Files\VtuYtIvrjzmOrIBvrWR
C:\Program Files\vevsoISKgkcDC
C:\Program Files\loreCZYyGIE
C:\Program Files\FVgedVjzKgFU2
C:\Program Files\DjpYILTWU
C:\Program Files\bbIORqNasDUn
C:\Program Files\QV65YO6QOJ
C:\Users\Kate�ina\AppData\Roaming\bag0dugniqe
C:\WINDOWS\Tasks\hZpUbaVMqkKgBHw.job
C:\Program Files\DNYFY4FG1D
C:\Users\Kate�ina\AppData\Local\ddfckuKVYuTeA.exe
C:\Users\Kate�ina\AppData\Local\Temp
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {2BEBB3A4-DC76-4A6A-8D7E-016BF51425A5} - System32\Tasks\lRXXZzUHcFPoIKk2 => rundll32 "C:\Program Files\DjpYILTWU\gAOXuu.dll",#1
Task: {34484194-5A81-453B-BC67-1E18F65F2376} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {6EBA0591-32FB-477F-887F-FBE198455D34} - System32\Tasks\ClwhhsndxrpfQ2 => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\pUIfuUUTjzrUMTVB\CkDZCCG.wsf"
Task: {A24A9E96-DF54-4D27-9CCA-2F0BC9E4F29D} - System32\Tasks\hZpUbaVMqkKgBHw => rundll32 "C:\Users\Kate�ina\AppData\Local\Temp\wBNYXMUsbXdGxCtef\BhJxTCXQZSRFjvlY\mzZmXAI.dll",#1 /adp IWXV0GYXV0QWXV2BYXV5CWXV3BWXV4CYXV0TXXV1RWXV1LWXV1RXXV8HWXV1IXXV3OXXV3XWXV4 /site_id 756 <==== ATTENTION
Task: {E40EE485-46D2-4BCF-934F-E65DD5314D06} - System32\Tasks\{0EC5EDD6-A8D9-5413-842C-17446B77AED8} => C:\Users\Kate�ina\AppData\Local\ddfckuKVYuTeA.exe [4950-06-07] (Microsoft Corporation) <==== ATTENTION
Task: {F5DA4F07-E9BD-430D-AB5D-2AAC16BA635C} - System32\Tasks\TGZZvvZkTeMODbIDdGH2 => rundll32 "C:\Program Files\vevsoISKgkcDC\BRThRFz.dll",#1
Task: C:\WINDOWS\Tasks\hZpUbaVMqkKgBHw.job => C:\Users\Kate�ina\AppData\Local\Temp\wBNYXMUsbXdGxCtef\BhJxTCXQZSRFjvlY\mzZmXAI.dll <==== ATTENTION
AlternateDataStreams: C:\Users\Kate�ina\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]

EmptyTemp:
End
*****************

Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE5610C5-6AAF-49B2-90C4-CE53570C960C} => removed successfully.
HKLM\Software\Classes\CLSID\{BE5610C5-6AAF-49B2-90C4-CE53570C960C} => not found
HKLM\System\CurrentControlSet\Services\dlpcsufm => removed successfully.
dlpcsufm => service removed successfully.
HKLM\System\CurrentControlSet\Services\fkkvzcqd => removed successfully.
fkkvzcqd => service removed successfully.
HKLM\System\CurrentControlSet\Services\jvlczubs => removed successfully.
jvlczubs => service removed successfully.
HKLM\System\CurrentControlSet\Services\mlcftapk => removed successfully.
mlcftapk => service removed successfully.
HKLM\System\CurrentControlSet\Services\ndwfdkhy => removed successfully.
ndwfdkhy => service removed successfully.
HKLM\System\CurrentControlSet\Services\nmlldtwi => removed successfully.
nmlldtwi => service removed successfully.
HKLM\System\CurrentControlSet\Services\ptbuioqu => removed successfully.
ptbuioqu => service removed successfully.
HKLM\System\CurrentControlSet\Services\pyzkxtth => removed successfully.
pyzkxtth => service removed successfully.
HKLM\System\CurrentControlSet\Services\tjgbhtnu => removed successfully.
tjgbhtnu => service removed successfully.
HKLM\System\CurrentControlSet\Services\tlbjvsvv => removed successfully.
tlbjvsvv => service removed successfully.
C:\ProgramData\pUIfuUUTjzrUMTVB => moved successfully
C:\Program Files\VtuYtIvrjzmOrIBvrWR => moved successfully
C:\Program Files\vevsoISKgkcDC => moved successfully
C:\Program Files\loreCZYyGIE => moved successfully
C:\Program Files\FVgedVjzKgFU2 => moved successfully
C:\Program Files\DjpYILTWU => moved successfully
C:\Program Files\bbIORqNasDUn => moved successfully
C:\Program Files\QV65YO6QOJ => moved successfully
"C:\Users\Kate�ina\AppData\Roaming\bag0dugniqe" => not found
C:\WINDOWS\Tasks\hZpUbaVMqkKgBHw.job => moved successfully
C:\Program Files\DNYFY4FG1D => moved successfully
"C:\Users\Kate�ina\AppData\Local\ddfckuKVYuTeA.exe" => not found
"C:\Users\Kate�ina\AppData\Local\Temp" => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully.
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2BEBB3A4-DC76-4A6A-8D7E-016BF51425A5}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BEBB3A4-DC76-4A6A-8D7E-016BF51425A5}" => removed successfully.
C:\Windows\System32\Tasks\lRXXZzUHcFPoIKk2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\lRXXZzUHcFPoIKk2" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34484194-5A81-453B-BC67-1E18F65F2376}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34484194-5A81-453B-BC67-1E18F65F2376}" => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6EBA0591-32FB-477F-887F-FBE198455D34}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EBA0591-32FB-477F-887F-FBE198455D34}" => removed successfully.
C:\Windows\System32\Tasks\ClwhhsndxrpfQ2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ClwhhsndxrpfQ2" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A24A9E96-DF54-4D27-9CCA-2F0BC9E4F29D}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A24A9E96-DF54-4D27-9CCA-2F0BC9E4F29D}" => removed successfully.
C:\Windows\System32\Tasks\hZpUbaVMqkKgBHw => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hZpUbaVMqkKgBHw" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E40EE485-46D2-4BCF-934F-E65DD5314D06}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E40EE485-46D2-4BCF-934F-E65DD5314D06}" => removed successfully.
C:\Windows\System32\Tasks\{0EC5EDD6-A8D9-5413-842C-17446B77AED8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0EC5EDD6-A8D9-5413-842C-17446B77AED8}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5DA4F07-E9BD-430D-AB5D-2AAC16BA635C}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5DA4F07-E9BD-430D-AB5D-2AAC16BA635C}" => removed successfully.
C:\Windows\System32\Tasks\TGZZvvZkTeMODbIDdGH2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TGZZvvZkTeMODbIDdGH2" => removed successfully.
"C:\WINDOWS\Tasks\hZpUbaVMqkKgBHw.job" => not found
"C:\Users\Kate�ina\OneDrive" => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 301678739 B
Java, Flash, Steam htmlcache => 27805 B
Windows/system/drivers => 3757817 B
Edge => 248293546 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 8666 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 282490 B
kcver => 0 B
Kateřina => 136264677 B

RecycleBin => 0 B
EmptyTemp: => 666.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:38:03 ====

Re: Zničené soubory - vir?

Napsal: 27 lis 2018 10:09
od Rudy
Smazáno. Vzhledem k tomu, že v PC bylo nepředstavitelné množství malwaru. Doporučil bych ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php . Dejte log, předem nic nemažte.

Re: Zničené soubory - vir?

Napsal: 27 lis 2018 13:37
od LadyKate
Zdravím,
vůbec netuším, kde se toho tolik vzalo, notebook používám pouze k online objednávání a překladatelské činnosti, občas vyhledávám různé termíny přes internet.

Přidávám log:

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 27.11.18
Čas skenování: 13:29
Logovací soubor: 0dc279da-f240-11e8-a025-80a5892a900e.json

-Informace o softwaru-
Verze: 3.6.1.2711
Verze komponentů: 1.0.482
Aktualizovat verzi balíku komponent: 1.0.8039
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 17134.407)
CPU: x86
Systém souborů: NTFS
Uživatel: LAPTOP-LMBQQVTN\Kate\u00c5\u0099ina

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 226669
Zjištěné hrozby: 44
Hrozby umístěné do karantény: 0
Uplynulý čas: 6 min, 0 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 16
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\bestavicampaign563, Žádná uživatelská akce, [432], [584322],1.0.8039
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Žádná uživatelská akce, [432], [518478],1.0.8039
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Žádná uživatelská akce, [432], [518476],1.0.8039
PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, Žádná uživatelská akce, [591], [241622],1.0.8039
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{629099A6-F5F9-CA3F-A06D-F695AE4C294A}, Žádná uživatelská akce, [422], [564860],1.0.8039
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{94FD7541-6D12-462D-B639-48AA2814BF09}, Žádná uživatelská akce, [422], [564860],1.0.8039
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{94FD7541-6D12-462D-B639-48AA2814BF09}, Žádná uživatelská akce, [422], [564860],1.0.8039
Adware.Neoreklami, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\cGuRYWMDXAzszcxQS2, Žádná uživatelská akce, [905], [602649],1.0.8039
Adware.Neoreklami, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D5998BF7-0837-4FE3-9686-208085986746}, Žádná uživatelská akce, [905], [602649],1.0.8039
Adware.Neoreklami, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{D5998BF7-0837-4FE3-9686-208085986746}, Žádná uživatelská akce, [905], [602649],1.0.8039
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OperaUpdateService, Žádná uživatelská akce, [14197], [555894],1.0.8039
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{75E6C9CC-0BDB-4CC3-B39A-2FC7DAEE331C}, Žádná uživatelská akce, [14197], [555894],1.0.8039
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{75E6C9CC-0BDB-4CC3-B39A-2FC7DAEE331C}, Žádná uživatelská akce, [14197], [555894],1.0.8039
Adware.Neoreklami, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ZSFGHAUrEQvZYk, Žádná uživatelská akce, [905], [602653],1.0.8039
Adware.Neoreklami, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BDD9E7E6-85E9-4677-88AF-7C39E6B5B17E}, Žádná uživatelská akce, [905], [602653],1.0.8039
Adware.Neoreklami, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{BDD9E7E6-85E9-4677-88AF-7C39E6B5B17E}, Žádná uživatelská akce, [905], [602653],1.0.8039

Hodnota v registru: 2
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, Žádná uživatelská akce, [754], [259988],1.0.8039
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Žádná uživatelská akce, [754], [-1],0.0.0

Data registrů: 3
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, Žádná uživatelská akce, [754], [293485],1.0.8039
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCHASSISTANT, Žádná uživatelská akce, [754], [293485],1.0.8039
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Žádná uživatelská akce, [754], [293486],1.0.8039

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 1
Adware.Linkury.TskLnk, C:\PROGRAM FILES\COMMON FILES\SUBDEX, Žádná uživatelská akce, [14223], [444929],1.0.8039

Soubor: 22
Adware.Linkury.Generic, C:\USERS\KATEřINA\APPDATA\LOCAL\UNINSTALL_TEMP.ICO, Žádná uživatelská akce, [3727], [404862],1.0.8039
Adware.Linkury.Generic, C:\USERS\KATEřINA\APPDATA\LOCAL\MD.XML, Žádná uživatelská akce, [3727], [404866],1.0.8039
Adware.Linkury.Generic, C:\USERS\KATEřINA\APPDATA\LOCAL\NOAH.DAT, Žádná uživatelská akce, [3727], [404865],1.0.8039
Adware.Linkury.Generic, C:\USERS\KATEřINA\APPDATA\LOCAL\AGENT.DAT, Žádná uživatelská akce, [3727], [404872],1.0.8039
Adware.Linkury.Generic, C:\USERS\KATEřINA\APPDATA\LOCAL\QvoTech.tst, Žádná uživatelská akce, [3727], [404871],1.0.8039
Adware.Linkury.Generic, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\SHAM.DB, Žádná uživatelská akce, [3727], [516189],1.0.8039
PUP.Optional.WhiteClick, C:\USERS\KATEřINA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\SHORTCUT TO PRIMARY OUTPUT FROM START (ACTIVE).LNK, Žádná uživatelská akce, [5077], [543347],1.0.8039
Adware.Linkury.Generic, C:\USERS\KATEřINA\APPDATA\LOCAL\SHAM.DB, Žádná uživatelská akce, [3727], [516191],1.0.8039
Adware.Linkury.Generic, C:\USERS\KATEřINA\APPDATA\LOCAL\CONFIG.XML, Žádná uživatelská akce, [3727], [404859],1.0.8039
Adware.Linkury.TskLnk, C:\PROGRAM FILES\COMMON FILES\SUBDEX\INSTALLATIONCONFIGURATION.XML, Žádná uživatelská akce, [14223], [444929],1.0.8039
Adware.Linkury.TskLnk, C:\Program Files\Common Files\Subdex\uninstall.dat, Žádná uživatelská akce, [14223], [444929],1.0.8039
Adware.Linkury.TskLnk, C:\Program Files\Common Files\Subdex\uninstall.ico, Žádná uživatelská akce, [14223], [444929],1.0.8039
Adware.FileTour, C:\WINDOWS\SYSTEM32\TASKS\{629099A6-F5F9-CA3F-A06D-F695AE4C294A}, Žádná uživatelská akce, [422], [564860],1.0.8039
Adware.Neoreklami, C:\WINDOWS\SYSTEM32\TASKS\cGuRYWMDXAzszcxQS2, Žádná uživatelská akce, [905], [602649],1.0.8039
Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\OperaUpdateService, Žádná uživatelská akce, [14197], [555894],1.0.8039
Adware.Neoreklami, C:\WINDOWS\SYSTEM32\TASKS\ZSFGHAUrEQvZYk, Žádná uživatelská akce, [905], [602653],1.0.8039
Trojan.Banker, C:\USERS\KATEřINA\APPDATA\ROAMING\IE.COOCKIES\361804\AVASTFILEREP.DLL, Žádná uživatelská akce, [1991], [583420],1.0.8039
PUP.Optional.FusionCore, C:\USERS\KATEřINA\APPDATA\ROAMING\POWERISO\UPGRADE\POWERISO7.EXE, Žádná uživatelská akce, [7802], [604099],1.0.8039
PUP.Optional.SafeBytes, C:\USERS\KATEřINA\DESKTOP\DRIVERASSIST-SETUP.EXE, Žádná uživatelská akce, [7257], [530191],1.0.8039
Spyware.Socelars, C:\USERS\KATEřINA\APPDATA\LOCAL\MAURICE\MAURICE.DLL, Žádná uživatelská akce, [6251], [598746],1.0.8039
Adware.WhiteClick, C:\WINDOWS\INSTALLER\4BE062C.MSI, Žádná uživatelská akce, [13397], [556015],1.0.8039
Adware.Linkury, C:\USERS\KATEřINA\APPDATA\LOCAL\INCHDAX.BIN, Žádná uživatelská akce, [1138], [504848],1.0.8039

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Re: Zničené soubory - vir?

Napsal: 27 lis 2018 15:52
od Rudy
V ADW ještě klikněte na mazání, restartujte a nové logy FRST+Addition.

Re: Zničené soubory - vir?

Napsal: 27 lis 2018 16:17
od LadyKate
Provedla jsem a posílám požadované logy:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27.11.2018
Ran by Kateřina (administrator) on LAPTOP-LMBQQVTN (27-11-2018 16:10:12)
Running from C:\Users\Kateřina\Desktop
Loaded Profiles: Kateřina (Available Profiles: kcver & Kateřina)
Platform: Microsoft Windows 10 Home Version 1803 17134.407 (X86) Language: Slovenština (Slovensko)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.4.2.223\WsAppService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Innovative Solutions GRUP SRL) C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\SkypeApp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x86__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x86__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(3NOD) C:\Windows\3NOD\Lenovokb.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [486816 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [3nodkey] => C:\Windows\3NOD\LenovoKB.exe [6416384 2015-08-12] (3NOD)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [267064 2017-03-22] (Apple Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [103528 2015-07-29] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [406664 2016-05-25] (Power Software Ltd)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\Run: [Easy Disk Drive Repair] => C:\Program Files\Zeatron Software\Easy Disk Drive Repair\EasyDiskDriveRepair.exe [483328 2015-01-17] (Zeatron Software)
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{0536420d-6f45-4c03-9f00-769e7f69022c}: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{49ca41ff-aac6-4d4b-96eb-37e9914a09f3}: [DhcpNameServer] 169.254.73.172

Internet Explorer:
==================
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
BHO: YoutubeAdBlock -> {D1660F2C-BBC4-4D94-A6BA-EB25BC207DA5} -> C:\Program Files\loreCZYyGIE\k80xklHJ.dll => No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-15] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-15] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-15] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-10-09] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-10-06] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [147160 2015-07-16] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [6083744 2018-11-20] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [299488 2016-11-28] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [108648 2015-07-29] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [105576 2015-07-29] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [115816 2015-07-29] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [292832 2016-11-28] (Intel Corporation)
S3 InnovativeSolutions_monitor; C:\Program Files\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1065560 2018-10-16] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-07-17] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [353792 2018-03-19] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3358832 2018-10-23] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [91584 2018-10-23] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [66560 2018-04-11] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [23040 2018-04-11] (Microsoft Corporation)
R3 camera; C:\WINDOWS\system32\DRIVERS\iacamera32.sys [697360 2015-07-09] (Intel(R) Corporation)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [88584 2015-06-23] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\System32\drivers\DptfDevPower.sys [55816 2015-06-23] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [59392 2015-06-23] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [85000 2015-06-23] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [203264 2015-06-23] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [467968 2015-06-23] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [129248 2018-10-18] (Malwarebytes)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [34176 2015-06-10] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [27496 2015-06-10] (Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [57360 2015-06-18] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [98560 2015-06-10] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44016 2015-12-01] (Intel Corporation)
R3 IntelBatteryManagement; C:\WINDOWS\System32\drivers\IntelBatteryManagement.sys [47104 2015-07-01] ()
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [277264 2015-11-11] (Intel(R) Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35320 2015-12-01] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [173496 2018-11-27] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [101216 2018-11-27] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [56552 2018-11-27] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [229568 2018-11-27] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [91544 2018-11-27] (Malwarebytes)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [33792 2015-06-16] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [77424 2015-06-16] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [208624 2015-06-12] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [557312 2015-07-20] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\System32\drivers\rtwlans.sys [6555136 2018-04-11] (Realtek Semiconductor Corporation )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [1943808 2016-10-13] (Realtek Semiconductor Corp.)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [123968 2016-05-25] (Power Software Ltd)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [84520 2015-05-27] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [38504 2018-10-23] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [261816 2018-10-23] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [47800 2018-10-23] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [189952 2018-04-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-06-07 14:05 - 4950-06-07 14:05 - 000178688 ____N (Microsoft Corporation) C:\WINDOWS\yLAe.exe
2099-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe
2099-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Program Files\Common Files\eejei.exe
2018-11-27 16:10 - 2018-11-27 16:10 - 000000000 ____D C:\Users\Kateřina\Desktop\FRST-OlderVersion
2018-11-27 16:08 - 2018-11-27 16:08 - 000056552 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-11-27 16:07 - 2018-11-27 16:07 - 000101216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-11-27 16:07 - 2018-11-27 16:07 - 000091544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-11-27 13:36 - 2018-11-27 13:36 - 000008105 _____ C:\Users\Kateřina\Desktop\MBAM log.txt
2018-11-27 13:28 - 2018-11-27 13:28 - 000000000 ____D C:\Users\Kateřina\AppData\Local\mbam
2018-11-27 13:26 - 2018-11-27 16:07 - 000229568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-11-27 13:26 - 2018-11-27 13:26 - 000173496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-11-27 13:26 - 2018-11-27 13:26 - 000000000 ____D C:\Users\Kateřina\AppData\Local\mbamtray
2018-11-27 13:25 - 2018-11-27 13:25 - 000002104 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-11-27 13:25 - 2018-11-27 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-27 13:25 - 2018-11-27 13:25 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-27 13:25 - 2018-11-27 13:25 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-27 13:25 - 2018-10-18 08:44 - 000129248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae.sys
2018-11-27 12:47 - 2018-11-27 12:47 - 080557120 _____ (Malwarebytes ) C:\Users\Kateřina\Desktop\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.8025.exe
2018-11-26 22:35 - 2018-11-26 22:38 - 000009994 _____ C:\Users\Kateřina\Desktop\Fixlog.txt
2018-11-26 18:44 - 2018-11-26 18:46 - 000000000 ____D C:\AdwCleaner
2018-11-26 18:44 - 2018-11-26 18:44 - 007592144 _____ (Malwarebytes) C:\Users\Kateřina\Desktop\adwcleaner_7.2.4.0.exe
2018-11-26 18:00 - 2018-11-26 19:28 - 000036224 _____ C:\Users\Kateřina\Desktop\Addition.txt
2018-11-26 17:57 - 2018-11-27 16:11 - 000013190 _____ C:\Users\Kateřina\Desktop\FRST.txt
2018-11-26 17:56 - 2018-11-27 16:10 - 000000000 ____D C:\FRST
2018-11-26 17:55 - 2018-11-27 16:10 - 001776128 _____ (Farbar) C:\Users\Kateřina\Desktop\FRST.exe
2018-11-26 17:54 - 2018-11-26 22:40 - 000000008 __RSH C:\Users\Kateřina\ntuser.pol
2018-11-26 16:57 - 2018-11-26 16:58 - 000000000 ____D C:\rsit
2018-11-26 16:57 - 2018-11-26 16:58 - 000000000 ____D C:\Program Files\trend micro
2018-11-26 16:57 - 2018-11-26 16:57 - 001107968 _____ C:\Users\Kateřina\Desktop\RSIT.exe
2018-11-26 16:48 - 2018-11-26 22:39 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-11-26 16:46 - 2018-11-26 16:55 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\bag0dugniqe
2018-11-26 15:47 - 2018-11-26 15:47 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Seznam.cz
2018-11-26 15:46 - 2018-11-26 15:46 - 000008666 _____ C:\Users\Kateřina\Desktop\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Kateřina\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Kateřina\AppData\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Kateřina\AppData\Roaming\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\Downloads\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\Documents\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\Desktop\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\AppData\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\AppData\Roaming\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default\AppData\Local\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default.migrated\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default.migrated\Documents\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default.migrated\AppData\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default.migrated\AppData\Local\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\Downloads\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\Documents\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\Desktop\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\AppData\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\AppData\Roaming\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ C:\Users\Default User\AppData\Local\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:44 - 2018-11-26 15:44 - 000008666 _____ C:\Users\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:44 - 2018-11-26 15:44 - 000008666 _____ C:\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:44 - 2018-11-26 15:44 - 000008666 _____ C:\Program Files\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:43 - 2018-11-26 15:43 - 000000000 ____D C:\Users\Kateřina\AppData\Local\Chrome
2018-11-26 15:40 - 2018-11-27 13:38 - 000000000 ____D C:\Users\Kateřina\AppData\Local\Maurice
2018-11-26 15:40 - 2018-11-26 17:04 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\g0lwckdn14l
2018-11-26 15:40 - 2018-11-26 17:04 - 000000000 ____D C:\Program Files\Live
2018-11-26 15:39 - 2018-11-26 15:46 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Mozilla
2018-11-26 15:38 - 2018-11-26 15:38 - 000140800 _____ C:\Users\Kateřina\AppData\Local\installer.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-11-26 15:37 - 2018-11-26 15:46 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\ComfortSoftware
2018-11-26 15:37 - 2018-11-26 15:37 - 000000000 ____D C:\Users\Kateřina\AppData\Local\AdvinstAnalytics
2018-11-26 15:37 - 2018-11-26 15:37 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2018-11-26 15:36 - 2018-11-26 17:53 - 000000000 ____D C:\Users\Kateřina\AppData\Local\William
2018-11-26 15:36 - 2018-11-26 15:36 - 000000000 ____D C:\ProgramData\HotCopy
2018-11-26 15:34 - 2018-11-26 15:34 - 004567040 _____ C:\Users\Kateřina\Downloads\Microsoft+Office+2016+Activator+(Updated).iso
2018-11-26 15:25 - 2018-11-26 15:46 - 000000000 ____D C:\Users\Kateřina\Desktop\Microsoft Office Professional Plus 2016 Untouched
2018-11-26 13:49 - 2018-11-26 15:46 - 000240156 _____ C:\Users\Kateřina\Desktop\LOSR210104_01_EN02_CS.doc.tnvvpfinss
2018-11-26 11:59 - 2018-11-26 15:46 - 000380114 _____ C:\Users\Kateřina\Desktop\00_EN_CS_test.zip.tnvvpfinss
2018-11-25 13:19 - 2018-11-26 15:44 - 000000000 ___HD C:\OneDriveTemp
2018-11-20 11:39 - 2018-09-04 23:25 - 001491976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-11-18 17:39 - 2018-11-26 23:14 - 000000000 ____D C:\Users\Kateřina\Desktop\Pro ÚP
2018-11-18 16:33 - 2018-11-26 15:46 - 000000000 ____D C:\Users\Kateřina\Desktop\Do mailu
2018-11-17 15:57 - 2018-11-26 15:46 - 000025701 _____ C:\Users\Kateřina\Desktop\Překlad.docx.tnvvpfinss
2018-11-15 23:56 - 2018-11-15 23:57 - 004841734 _____ C:\Users\Kateřina\Desktop\Zajištěné dluhopisy s pevnou sazbou 2017 (AJ - CZ).zip
2018-11-15 20:54 - 2018-11-26 15:46 - 004120559 _____ C:\Users\Kateřina\Desktop\Blackmore Bond S2.pdf.tnvvpfinss
2018-11-15 20:17 - 2018-11-26 15:46 - 000029824 _____ C:\Users\Kateřina\Desktop\Jak založit e-shop (překlad AJ - CZ).docx.tnvvpfinss
2018-11-14 15:12 - 2018-11-01 05:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-14 15:12 - 2018-11-01 05:48 - 004790184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-14 15:12 - 2018-11-01 05:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-14 15:12 - 2018-11-01 05:48 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-14 15:12 - 2018-11-01 05:48 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-14 15:12 - 2018-11-01 05:48 - 000502824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-14 15:12 - 2018-11-01 05:47 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-14 15:12 - 2018-11-01 05:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-14 15:12 - 2018-11-01 05:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-14 15:12 - 2018-11-01 05:47 - 000129304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-14 15:12 - 2018-11-01 05:30 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-14 15:12 - 2018-11-01 05:28 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-14 15:12 - 2018-10-21 12:38 - 000221216 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-14 15:12 - 2018-10-21 12:28 - 012501504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-14 15:12 - 2018-10-21 08:09 - 013873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-14 15:12 - 2018-10-21 07:58 - 001172992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-14 15:11 - 2018-11-01 11:10 - 004939408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-14 15:11 - 2018-11-01 11:10 - 001362440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-14 15:11 - 2018-11-01 11:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-14 15:11 - 2018-11-01 11:07 - 000078648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-11-14 15:11 - 2018-11-01 10:59 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-14 15:11 - 2018-11-01 10:54 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-14 15:11 - 2018-11-01 10:54 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-14 15:11 - 2018-11-01 10:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-14 15:11 - 2018-11-01 10:52 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-14 15:11 - 2018-11-01 05:48 - 006039064 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-14 15:11 - 2018-11-01 05:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-14 15:11 - 2018-11-01 05:48 - 002351416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-14 15:11 - 2018-11-01 05:48 - 000343056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-14 15:11 - 2018-11-01 05:47 - 006687032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-14 15:11 - 2018-11-01 05:47 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-14 15:11 - 2018-11-01 05:47 - 000817768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-14 15:11 - 2018-11-01 05:47 - 000679840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-14 15:11 - 2018-11-01 05:47 - 000633336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-14 15:11 - 2018-11-01 05:47 - 000220472 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-14 15:11 - 2018-11-01 05:35 - 003255296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-14 15:11 - 2018-11-01 05:34 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-14 15:11 - 2018-11-01 05:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-14 15:11 - 2018-11-01 05:33 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-14 15:11 - 2018-11-01 05:32 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-14 15:11 - 2018-11-01 05:31 - 005307904 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-14 15:11 - 2018-11-01 05:31 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-14 15:11 - 2018-11-01 05:31 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-14 15:11 - 2018-11-01 05:30 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-14 15:11 - 2018-11-01 05:29 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-14 15:11 - 2018-11-01 05:29 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-14 15:11 - 2018-11-01 05:29 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-14 15:11 - 2018-11-01 05:29 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-14 15:11 - 2018-11-01 05:29 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-14 15:11 - 2018-11-01 05:28 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-14 15:11 - 2018-11-01 05:28 - 000441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 001741312 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-14 15:11 - 2018-11-01 05:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000977408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-14 15:11 - 2018-11-01 05:27 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-14 15:11 - 2018-11-01 05:27 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-14 15:11 - 2018-11-01 05:26 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-14 15:11 - 2018-11-01 05:26 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-14 15:11 - 2018-10-21 12:37 - 001530560 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-14 15:11 - 2018-10-21 12:28 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-14 15:11 - 2018-10-21 12:26 - 011902464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-14 15:11 - 2018-10-21 12:26 - 003458560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-14 15:11 - 2018-10-21 08:20 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-14 15:11 - 2018-10-21 08:19 - 002487088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-14 15:11 - 2018-10-21 08:19 - 002144056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-14 15:11 - 2018-10-21 08:19 - 001618376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-14 15:11 - 2018-10-21 08:19 - 000542520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-14 15:11 - 2018-10-21 08:19 - 000505616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-14 15:11 - 2018-10-21 08:19 - 000493368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-14 15:11 - 2018-10-21 08:19 - 000142136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-14 15:11 - 2018-10-21 08:02 - 002966528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-14 15:11 - 2018-10-21 08:01 - 000183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-14 15:11 - 2018-10-21 07:58 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-14 15:11 - 2018-10-21 07:58 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-14 15:11 - 2018-10-21 07:56 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-14 15:11 - 2018-10-21 07:56 - 000700928 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-14 15:11 - 2018-10-21 06:42 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2018-11-14 15:10 - 2018-11-01 11:07 - 000316248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-14 15:10 - 2018-11-01 10:57 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-14 15:10 - 2018-11-01 10:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-14 15:10 - 2018-11-01 10:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-14 15:10 - 2018-11-01 10:55 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-14 15:10 - 2018-11-01 10:53 - 001459200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-11-14 15:10 - 2018-11-01 10:53 - 001082880 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-14 15:10 - 2018-11-01 06:08 - 002417952 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-14 15:10 - 2018-11-01 05:53 - 000994480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-14 15:10 - 2018-11-01 05:50 - 004171920 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-14 15:10 - 2018-11-01 05:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-14 15:10 - 2018-11-01 05:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-14 15:10 - 2018-11-01 05:47 - 000197136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-14 15:10 - 2018-11-01 05:40 - 022015488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-14 15:10 - 2018-11-01 05:35 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-14 15:10 - 2018-11-01 05:31 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-14 15:10 - 2018-11-01 05:30 - 002808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-14 15:10 - 2018-11-01 05:30 - 002278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-11-14 15:10 - 2018-11-01 05:30 - 001751552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-14 15:10 - 2018-11-01 05:30 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-14 15:10 - 2018-11-01 05:30 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-14 15:10 - 2018-11-01 05:29 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-14 15:10 - 2018-11-01 05:28 - 001272832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-14 15:10 - 2018-11-01 05:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-14 15:10 - 2018-11-01 05:27 - 001354240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-14 15:10 - 2018-11-01 05:27 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-14 15:10 - 2018-11-01 05:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-14 15:10 - 2018-11-01 05:26 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-14 15:10 - 2018-10-21 12:38 - 001322376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-14 15:10 - 2018-10-21 12:38 - 000662312 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-14 15:10 - 2018-10-21 12:38 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-14 15:10 - 2018-10-21 12:37 - 020381808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-14 15:10 - 2018-10-21 12:26 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-14 15:10 - 2018-10-21 12:25 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-14 15:10 - 2018-10-21 12:24 - 000887808 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-14 15:10 - 2018-10-21 12:23 - 000998400 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-14 15:10 - 2018-10-21 12:23 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-14 15:10 - 2018-10-21 12:23 - 000523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-14 15:10 - 2018-10-21 12:22 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-14 15:10 - 2018-10-21 12:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-14 15:10 - 2018-10-21 08:39 - 000480272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-14 15:10 - 2018-10-21 08:20 - 000539904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-14 15:10 - 2018-10-21 08:20 - 000424000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-14 15:10 - 2018-10-21 08:19 - 001190696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-14 15:10 - 2018-10-21 08:19 - 001130768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-14 15:10 - 2018-10-21 08:19 - 000949344 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-14 15:10 - 2018-10-21 08:19 - 000831216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-14 15:10 - 2018-10-21 08:18 - 001050488 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-14 15:10 - 2018-10-21 08:18 - 000142736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-14 15:10 - 2018-10-21 08:18 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-14 15:10 - 2018-10-21 08:18 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-14 15:10 - 2018-10-21 08:18 - 000044104 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-14 15:10 - 2018-10-21 08:02 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-14 15:10 - 2018-10-21 08:01 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-14 15:10 - 2018-10-21 08:01 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-14 15:10 - 2018-10-21 08:01 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-14 15:10 - 2018-10-21 08:01 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-14 15:10 - 2018-10-21 08:01 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-14 15:10 - 2018-10-21 08:01 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-14 15:10 - 2018-10-21 08:01 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-14 15:10 - 2018-10-21 08:00 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-14 15:10 - 2018-10-21 07:59 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-14 15:10 - 2018-10-21 07:59 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-14 15:10 - 2018-10-21 07:59 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 002198528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 001224192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-11-14 15:10 - 2018-10-21 07:58 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-14 15:10 - 2018-10-21 07:58 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-14 15:10 - 2018-10-21 07:58 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-14 15:10 - 2018-10-21 07:57 - 002611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-14 15:10 - 2018-10-21 07:57 - 002412544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-14 15:10 - 2018-10-21 07:57 - 001588224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-14 15:10 - 2018-10-21 07:57 - 000830976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-14 15:10 - 2018-10-21 07:57 - 000515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-14 15:10 - 2018-10-21 07:57 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-14 15:10 - 2018-10-21 07:56 - 001414144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-14 15:10 - 2018-10-21 07:56 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-09 09:30 - 2018-11-26 15:46 - 000632885 _____ C:\Users\Kateřina\Desktop\Náborový dotazník.docx.tnvvpfinss
2018-11-08 21:45 - 2018-11-26 15:46 - 000054283 _____ C:\Users\Kateřina\Desktop\imageresize.jpg.tnvvpfinss
2018-11-07 22:22 - 2018-11-13 13:10 - 006161408 _____ C:\Users\Kateřina\AppData\Local\dump007.dat
2018-11-04 18:22 - 2018-11-04 18:22 - 000000011 _____ C:\Users\Kateřina\setup12.ini
2018-11-01 19:41 - 2018-11-01 19:41 - 000000000 ____D C:\WINDOWS\Firmware
2018-10-31 18:10 - 2018-10-31 18:10 - 000173094 _____ C:\Users\Kateřina\Desktop\Seznam Email.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-27 16:10 - 2016-10-16 15:53 - 000496160 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-11-27 16:08 - 2018-04-11 21:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-27 16:08 - 2016-10-13 16:40 - 000000000 ___RD C:\Users\Kateřina\OneDrive
2018-11-27 16:07 - 2018-08-01 12:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-27 16:07 - 2016-10-13 16:37 - 000000000 __SHD C:\Users\Kateřina\IntelGraphicsProfiles
2018-11-27 16:06 - 2018-04-11 13:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-11-27 16:03 - 2018-08-01 12:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-27 14:32 - 2018-08-09 17:12 - 000000000 ____D C:\WINDOWS\Minidump
2018-11-27 13:41 - 2015-11-29 12:20 - 000000000 ____D C:\Program Files\Microsoft Office
2018-11-26 22:47 - 2018-08-01 12:36 - 000718030 _____ C:\WINDOWS\system32\perfh005.dat
2018-11-26 22:47 - 2018-08-01 12:36 - 000145610 _____ C:\WINDOWS\system32\perfc005.dat
2018-11-26 22:47 - 2018-08-01 12:30 - 002650970 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-26 22:47 - 2018-04-11 21:31 - 000000000 ____D C:\WINDOWS\INF
2018-11-26 22:47 - 2017-10-22 17:48 - 000511542 _____ C:\WINDOWS\system32\perfh01B.dat
2018-11-26 22:47 - 2017-10-22 17:48 - 000425462 _____ C:\WINDOWS\system32\perfc01B.dat
2018-11-26 22:40 - 2018-08-01 12:15 - 000000000 ____D C:\Users\Kateřina
2018-11-26 22:35 - 2015-07-10 09:28 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-11-26 18:46 - 2017-09-29 12:55 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-11-26 16:47 - 2018-04-11 21:25 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-26 16:01 - 2016-12-10 16:10 - 000000000 ____D C:\Users\Kateřina\Desktop\recovered
2018-11-26 15:47 - 2017-11-24 18:58 - 000000000 ____D C:\Users\Kateřina\Desktop\Překlady
2018-11-26 15:46 - 2018-10-20 16:34 - 000041153 _____ C:\Users\Kateřina\Desktop\1.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-10-20 13:21 - 000001161 _____ C:\Users\Kateřina\Desktop\odkazy.txt.tnvvpfinss
2018-11-26 15:46 - 2018-10-16 12:42 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\IE.Coockies
2018-11-26 15:46 - 2018-10-09 16:44 - 000001045 _____ C:\Users\Kateřina\Desktop\Microsoft Toolkit By Graphic Evolved.zip.tnvvpfinss
2018-11-26 15:46 - 2018-10-08 17:35 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\PowerISO
2018-11-26 15:46 - 2018-10-08 17:21 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Nero
2018-11-26 15:46 - 2018-09-13 19:26 - 000093390 _____ C:\Users\Kateřina\Desktop\bez názvu.png.tnvvpfinss
2018-11-26 15:46 - 2018-09-12 13:58 - 000133679 _____ C:\Users\Kateřina\Desktop\02.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-09-03 12:29 - 000012130 _____ C:\Users\Kateřina\Desktop\example.xlsx.tnvvpfinss
2018-11-26 15:46 - 2018-09-03 11:55 - 000671193 _____ C:\Users\Kateřina\Desktop\Chapman Gary - Pět jazyků lásky.pdf.tnvvpfinss
2018-11-26 15:46 - 2018-08-08 22:30 - 000434683 _____ C:\Users\Kateřina\Desktop\P6132720.JPG.tnvvpfinss
2018-11-26 15:46 - 2018-08-08 22:30 - 000423860 _____ C:\Users\Kateřina\Desktop\P6132719.JPG.tnvvpfinss
2018-11-26 15:46 - 2018-06-25 17:37 - 000028581 _____ C:\Users\Kateřina\Desktop\CF0618C5-8D9D-4B9C-9AC0-F849BF8B90A1.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-25 17:27 - 000006101 _____ C:\Users\Kateřina\Desktop\222.png.tnvvpfinss
2018-11-26 15:46 - 2018-06-25 17:21 - 000043782 _____ C:\Users\Kateřina\Desktop\11.png.tnvvpfinss
2018-11-26 15:46 - 2018-06-25 15:52 - 000016629 _____ C:\Users\Kateřina\Desktop\imagesQUSH4PEZ.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-25 15:29 - 000014456 _____ C:\Users\Kateřina\Desktop\01.png.tnvvpfinss
2018-11-26 15:46 - 2018-06-21 15:32 - 000037145 _____ C:\Users\Kateřina\Desktop\Consignment no.docx.tnvvpfinss
2018-11-26 15:46 - 2018-06-21 15:28 - 000174646 _____ C:\Users\Kateřina\Desktop\6C6A4557-F45B-4533-B798-BAF0A014CA59.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-21 15:23 - 000067605 _____ C:\Users\Kateřina\Desktop\9EDEC4FF-E92F-4249-B2BC-205D3CD52C50.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-21 15:20 - 000087361 _____ C:\Users\Kateřina\Desktop\3419FD88-1A86-47E2-A6C7-FEF72AFFAFF8.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-19 13:39 - 000083495 _____ C:\Users\Kateřina\Desktop\Doklad č. 19062018.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-06-16 17:06 - 000027942 _____ C:\Users\Kateřina\Desktop\Překlad webové stránky LitFin.docx.tnvvpfinss
2018-11-26 15:46 - 2018-06-16 16:52 - 000025430 _____ C:\Users\Kateřina\Desktop\LitFin_web text.docx.tnvvpfinss
2018-11-26 15:46 - 2018-06-12 18:31 - 000003259 _____ C:\Users\Kateřina\Desktop\1234.png.tnvvpfinss
2018-11-26 15:46 - 2018-06-12 13:38 - 000193853 _____ C:\Users\Kateřina\Desktop\180147.png.tnvvpfinss
2018-11-26 15:46 - 2018-06-07 18:22 - 000151425 _____ C:\Users\Kateřina\Desktop\15208649-D6DB-45A7-8706-C21E32C24A29.jpg.tnvvpfinss
2018-11-26 15:46 - 2018-05-31 18:44 - 002065935 _____ C:\Users\Kateřina\Desktop\IMG_4593.jpeg.tnvvpfinss
2018-11-26 15:46 - 2018-05-29 18:10 - 000153356 _____ C:\Users\Kateřina\Desktop\7A0227D1-B461-4081-941E-8CD09AC22CE2.jpeg.tnvvpfinss
2018-11-26 15:46 - 2018-05-29 14:23 - 000014125 _____ C:\Users\Kateřina\Desktop\Hledáte přivýdělek z domu a rádi se učíte novým věcem.docx.tnvvpfinss
2018-11-26 15:46 - 2018-05-22 15:41 - 000779021 _____ C:\Users\Kateřina\Desktop\Osobní dotazník, 6.2.2018 - TRANSPONO.pdf.tnvvpfinss
2018-11-26 15:46 - 2018-05-22 09:42 - 000033308 _____ C:\Users\Kateřina\Desktop\Osobní dotazník, 6.2.2018 - TRANSPONO s.r.pdf.tnvvpfinss
2018-11-26 15:46 - 2018-05-20 18:00 - 000019089 _____ C:\Users\Kateřina\Desktop\Překlad termínů výkresové dokumentace.xlsx.tnvvpfinss
2018-11-26 15:46 - 2018-05-18 21:21 - 000000000 ____D C:\Users\Kateřina\Desktop\Hudba
2018-11-26 15:46 - 2018-05-14 17:47 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\SDL
2018-11-26 15:46 - 2017-08-24 19:48 - 000061913 _____ C:\Users\Kateřina\Desktop\Motivační dopis - Cvernová.pdf.tnvvpfinss
2018-11-26 15:46 - 2017-08-01 17:53 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\GRETECH
2018-11-26 15:46 - 2017-08-01 17:45 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\SoftCDN
2018-11-26 15:46 - 2017-05-10 00:47 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Wondershare
2018-11-26 15:46 - 2017-04-05 14:46 - 000000000 ____D C:\Users\Kateřina\Desktop\epson30712eu
2018-11-26 15:46 - 2017-04-05 14:41 - 014123985 _____ C:\Users\Kateřina\Desktop\epson30712eu.zip.tnvvpfinss
2018-11-26 15:46 - 2017-04-05 14:37 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\EPSON
2018-11-26 15:46 - 2017-02-21 17:31 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Tomabo
2018-11-26 15:46 - 2017-01-27 18:42 - 000020020 _____ C:\Users\Kateřina\Desktop\config.bin.tnvvpfinss
2018-11-26 15:46 - 2017-01-06 16:10 - 000000000 ____D C:\Users\Kateřina\Desktop\Iphone 2016-2017
2018-11-26 15:46 - 2016-11-30 19:33 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Webshare
2018-11-26 15:46 - 2016-11-23 14:46 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Softland
2018-11-26 15:46 - 2016-11-21 15:49 - 000000000 ____D C:\Users\Kateřina\Desktop\EU-4208_Windows_driver_v1.1
2018-11-26 15:46 - 2016-11-05 19:02 - 000000000 ___RD C:\Users\Kateřina\Desktop\Média
2018-11-26 15:46 - 2016-10-30 16:03 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Apple Computer
2018-11-26 15:46 - 2016-10-29 17:33 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Lenovo
2018-11-26 15:46 - 2016-10-16 15:50 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Skype
2018-11-26 15:46 - 2016-10-14 20:56 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Macromedia
2018-11-26 15:46 - 2016-10-13 16:47 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\LSC
2018-11-26 15:45 - 2018-01-27 18:33 - 000000000 ___RD C:\Users\Kateřina\3D Objects
2018-11-26 15:45 - 2016-10-13 16:37 - 000000000 ____D C:\Users\Kateřina\AppData\Roaming\Adobe
2018-11-26 15:45 - 2015-11-29 12:19 - 000000000 __SHD C:\UserGuidePDF
2018-11-26 15:45 - 2015-07-10 07:59 - 000000000 ____D C:\Users\Default.migrated
2018-11-26 15:44 - 2018-06-28 21:03 - 000000612 ___SH C:\bootTel.dat.tnvvpfinss
2018-11-26 15:44 - 2018-05-11 22:04 - 000000000 ___HD C:\$AV_ASW
2018-11-26 15:44 - 2018-04-11 21:36 - 000000000 ____D C:\PerfLogs
2018-11-26 15:44 - 2018-01-23 14:43 - 000000000 ___HD C:\$GetCurrent
2018-11-26 15:44 - 2016-11-30 19:33 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2018-11-26 15:44 - 2016-10-29 20:09 - 000000000 ____D C:\Log
2018-11-26 15:44 - 2015-11-29 13:03 - 000000000 ___HD C:\Intel
2018-11-26 13:50 - 2018-01-26 12:17 - 000000000 ____D C:\Users\Kateřina\AppData\Local\Packages
2018-11-25 13:22 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-23 12:29 - 2018-04-11 21:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-21 17:00 - 2018-04-11 21:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-11-18 16:31 - 2016-11-05 19:08 - 000000000 ____D C:\Users\Kateřina\Documents\CV
2018-11-17 16:02 - 2018-08-01 12:15 - 000002407 _____ C:\Users\Kateřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-17 15:50 - 2017-09-29 19:27 - 000000000 ____D C:\Program Files\rempl
2018-11-17 00:00 - 2018-04-11 21:39 - 000834960 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-11-17 00:00 - 2018-04-11 21:39 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-11-15 23:58 - 2018-07-08 19:46 - 000000000 ____D C:\Users\Kateřina\Desktop\Články
2018-11-15 16:29 - 2015-07-16 16:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-15 16:28 - 2018-08-01 12:12 - 000397080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-14 23:49 - 2018-04-11 21:36 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-14 23:49 - 2018-04-11 21:36 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-14 23:49 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-14 23:49 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-14 23:49 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-14 15:38 - 2016-10-14 22:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-11-14 15:23 - 2016-10-14 22:19 - 134758520 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-13 13:11 - 2016-10-28 22:34 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-09 16:47 - 2018-04-11 21:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-10-30 19:25 - 2018-08-01 13:10 - 000000000 ____D C:\Users\Kateřina\AppData\Local\PlaceholderTileLogoFolder

==================== Files in the root of some directories =======

2018-11-26 15:44 - 2018-11-26 15:44 - 000008666 _____ () C:\Program Files\TNVVPFINSS-DECRYPT.txt
4950-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Program Files\Common Files\eejei.exe
2018-11-26 15:45 - 2018-11-26 15:45 - 000008666 _____ () C:\Users\Kateřina\AppData\Roaming\TNVVPFINSS-DECRYPT.txt
2018-11-26 15:46 - 2018-11-26 15:46 - 000008666 _____ () C:\Users\Kateřina\AppData\Roaming\Microsoft\TNVVPFINSS-DECRYPT.txt
4950-06-07 14:05 - 4950-06-07 14:05 - 000060416 ____N (Microsoft Corporation) C:\Users\Kateřina\AppData\Local\ddfckuKVYuTeA.exe
2018-11-07 22:22 - 2018-11-13 13:10 - 006161408 _____ () C:\Users\Kateřina\AppData\Local\dump007.dat
2018-11-26 15:38 - 2018-11-26 15:38 - 000140800 _____ () C:\Users\Kateřina\AppData\Local\installer.dat
2018-10-09 16:24 - 2018-10-09 16:24 - 000000003 _____ () C:\Users\Kateřina\AppData\Local\wbem.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-08-01 12:12

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27.11.2018
Ran by Kateřina (27-11-2018 16:12:58)
Running from C:\Users\Kateřina\Desktop
Microsoft Windows 10 Home Version 1803 17134.407 (X86) (2018-08-01 11:55:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3793012919-2705438960-3369879477-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3793012919-2705438960-3369879477-503 - Limited - Disabled)
Guest (S-1-5-21-3793012919-2705438960-3369879477-501 - Limited - Disabled)
Kateřina (S-1-5-21-3793012919-2705438960-3369879477-1004 - Administrator - Enabled) => C:\Users\Kateřina
kcver (S-1-5-21-3793012919-2705438960-3369879477-1002 - Administrator - Enabled) => C:\Users\kcver
WDAGUtilityAccount (S-1-5-21-3793012919-2705438960-3369879477-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 12 (HKLM\...\AU11_is1) (Version: 12.24.0.100 - Innovative Solutions)
Apple Mobile Device Support (HKLM\...\{90B7F915-6343-43CE-9DA7-E79E5BAC6673}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
AX88772C_772B_772A_772 Windows 8.x Drivers (HKLM\...\{18B9948C-938D-4AED-9ED7-EADE3BD1876A}) (Version: 3.0.1.0 - ASIX Electronics Corporation) Hidden
AX88772C_772B_772A_772 Windows 8.x Drivers (HKLM\...\InstallShield_{18B9948C-938D-4AED-9ED7-EADE3BD1876A}) (Version: 3.0.1.0 - ASIX Electronics Corporation)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Epson Easy Photo Print 2 (HKLM\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Free YouTube Downloader 4.2.754 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
GOM Player (HKLM\...\GOM Player) (Version: 2.3.17.5274 - GOM & Company)
iTunes (HKLM\...\{2F95FFC4-8624-43AB-8256-AA223555C9B7}) (Version: 12.6.0.100 - Apple Inc.)
Lenovo Keyboard Driver (HKLM\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: 1.0.15.0812 - 3NOD)
Lenovo EasyCamera (HKLM\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo Solution Center (HKLM\...\{74C3EF3E-2A0D-470A-9EDC-884D5F85644F}) (Version: 3.0.003.00 - Lenovo)
Malwarebytes verze 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.11029.20079 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\...\OneDriveSetup.exe) (Version: 18.222.1104.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 CSY (HKLM\...\{E8BEDB28-151D-465C-9BE0-F6EB930A629C}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Network Stumbler 0.4.0 (remove only) (HKLM\...\Network Stumbler) (Version: - )
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Podpora aplikací Apple (32bitová) (HKLM\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
PowerISO (HKLM\...\PowerISO) (Version: 6.6 - Power Software Ltd)
REALTEK Bluetooth (HKLM\...\{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.102.50724 - REALTEK Semiconductor Corp.) Hidden
REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.102.50724 - Realtek Semiconductor Corp.)
UpdateAssistant (HKLM\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden
User Manuals (HKLM\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden
User Manuals (HKLM\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
Webshare uploader (HKLM\...\WebshareDLC) (Version: - Webshare)
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3793012919-2705438960-3369879477-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Ltd)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-28] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2016-05-25] (Power Software Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {167E3FB4-131E-4233-B715-971F16AB53F6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {24C6AD8D-F43B-4846-B9D2-7DD8483291DF} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {302231E7-C058-4190-A0E8-6117E2BAF219} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-17] (Lenovo)
Task: {42A961D9-CEFA-4D98-987A-7339498B7611} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-07-17] (Lenovo)
Task: {446DB129-8C88-404C-A5D8-D80235E8C7EE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-10-28] (AVAST Software)
Task: {5A72D693-A3D8-45D7-B3AF-11C822A649F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {5D3785BE-6363-42A7-983C-E53AF43D990D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-15] (Microsoft Corporation)
Task: {5EDCF634-ADA8-4E81-8E9D-E32F52200C45} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {677FC7E3-4DF5-466F-8744-8B72498D624F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-27] (Microsoft Corporation)
Task: {68CC61C1-9097-4142-8ED8-707C5AD7EB4A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-11-21] (Microsoft Corporation)
Task: {6DCD6F2A-5C33-4871-B76D-E0CF6A2E2F72} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-07-17] ()
Task: {77DAFC11-0359-4C27-B5BA-A4272B7F68E3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-27] (Microsoft Corporation)
Task: {90AA0BCA-EE84-4A3B-BF39-7BAA0100F20B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-10] (Piriform Ltd)
Task: {915B6AB5-F0CA-4CEB-A7D9-F67A16D5DBAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-11-21] (Microsoft Corporation)
Task: {A55F8C56-9340-4E17-A70D-19EF3CB5E178} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-27] (Microsoft Corporation)
Task: {A5DADB1B-980E-4AD8-B009-08253E9B7E82} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-15] (Microsoft Corporation)
Task: {AB06E272-F562-4BB8-B21A-294C245DA51F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {AB224C74-AD57-49BB-8DE5-36F634B12460} - System32\Tasks\UninstallMonitor => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [2018-10-16] (Innovative Solutions GRUP SRL)
Task: {B2198A60-F972-4207-AD76-690EDFC0180E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-07-17] ()
Task: {C213EF7B-5958-4F69-B15B-D4F929D4FE7C} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {C2BC506F-6DB7-45F3-B626-513FA4CBC091} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-07-17] (Lenovo)
Task: {CB5461D8-35B3-44DC-BD82-68D7EFCE8E99} - System32\Tasks\AupAvUpdate => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe
Task: {D82E391E-FF41-4A20-A5AE-BCD03A578146} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-27] (Microsoft Corporation)
Task: {E1F6E12B-2B6F-4D20-ABFF-033CAE55C88F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {E5DA2C13-F525-4D06-8BC3-CC0441899B58} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-10] (Piriform Ltd)
Task: {E80ED523-54C7-4C27-8893-0006833E0A6C} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback
Task: {F6EF23E3-075E-469E-9D38-0A43DCC6618B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-10-05 18:18 - 2016-10-05 18:18 - 000080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 15:09 - 2017-03-16 15:09 - 001041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-29 13:07 - 2015-07-16 22:40 - 000147160 _____ () C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
2018-11-27 13:25 - 2018-10-18 08:44 - 002312648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-11-27 13:25 - 2018-10-18 08:44 - 002225368 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 21:29 - 2018-04-11 21:29 - 000364200 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-10-16 18:38 - 2017-05-02 13:13 - 000565827 _____ () C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\sqlite3.dll
2018-10-16 18:38 - 2018-10-16 13:56 - 000010840 _____ () C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\memmgrset.dll
2018-04-11 21:29 - 2018-04-11 21:29 - 000308224 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 21:29 - 2018-04-11 21:29 - 001670656 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-14 15:11 - 2018-11-01 05:28 - 001609216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-13 13:14 - 2018-11-13 13:15 - 000159744 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-11-13 13:14 - 2018-11-13 13:15 - 000013312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-10-04 16:25 - 2018-10-04 16:25 - 000008192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-11-13 13:14 - 2018-11-13 13:14 - 000053248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\ChakraBridge.dll
2018-11-13 13:14 - 2018-11-13 13:14 - 006827520 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\LibWrapper.dll
2018-11-13 13:14 - 2018-11-13 13:15 - 001930240 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\skypert.dll
2018-11-13 13:14 - 2018-11-13 13:14 - 000542208 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x86__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-10 12:18 - 2018-07-10 12:30 - 001428144 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x86__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-10-23 13:02 - 2018-10-23 13:02 - 017193984 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x86__8wekyb3d8bbwe\Video.UI.exe
2018-10-23 13:02 - 2018-10-23 13:02 - 000214528 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x86__8wekyb3d8bbwe\SharedUI.dll
2018-10-23 13:02 - 2018-10-23 13:02 - 004467712 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x86__8wekyb3d8bbwe\EntCommon.dll
2017-09-29 19:28 - 2017-09-29 19:30 - 002890664 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x86__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-10-23 13:02 - 2018-10-23 13:02 - 006793216 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x86__8wekyb3d8bbwe\EntPlat.dll
2015-11-29 13:05 - 2015-06-09 03:20 - 000045056 _____ () C:\Windows\3NOD\hidhook.dll
2017-03-27 11:21 - 2017-03-27 11:21 - 000080184 _____ () C:\Program Files\iTunes\zlib1.dll
2017-03-27 11:21 - 2017-03-27 11:21 - 001041720 _____ () C:\Program Files\iTunes\libxml2.dll
2018-04-12 21:15 - 2018-09-10 14:32 - 000085320 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Kateřina\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 09:28 - 2015-07-10 09:26 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3793012919-2705438960-3369879477-1004\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 10.0.1.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{686A5B0F-72AE-4887-BA1C-7C5538C8EE2E}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{CE4E4021-A8EF-4D73-8D6D-0EDEF241C821}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{9797F135-393E-49F2-8549-E8A23C9BCB19}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{4506DF19-34C4-467F-A305-81241F34E03A}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{B2FB42EF-2792-41CE-BD13-CDAA2FC378AD}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{DC6EC7A9-76AA-4DE7-B37A-99D8BEADE131}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{CFEE2A02-79F0-460A-8D4A-B066C0CBFA58}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{C764E5CB-BE9B-4773-B4EC-0E7F1FA35F36}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe
FirewallRules: [{C5E3EA69-45DA-4F21-A67C-8456ED7BB907}] => (Allow) C:\WINDOWS\system32\InstallShield\x32\setup.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2018 04:11:38 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-LMBQQVTN)
Description: httphttp-2147467263

Error: (11/27/2018 04:07:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/27/2018 04:07:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/27/2018 02:57:16 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-LMBQQVTN)
Description: httphttp-2147467263

Error: (11/27/2018 02:25:12 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-LMBQQVTN)
Description: httphttp-2147467263

Error: (11/27/2018 02:24:32 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: LAPTOP-LMBQQVTN)
Description: httphttp-2147467263

Error: (11/27/2018 01:42:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/27/2018 01:42:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.


System errors:
=============
Error: (11/27/2018 04:08:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Launch pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Unavailable
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/27/2018 04:08:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Launch pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Unavailable
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/27/2018 04:08:51 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-LMBQQVTN)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Launch pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscCloudBackupProvider
a APPID
Unavailable
uživateli LAPTOP-LMBQQVTN\Kateřina (SID: S-1-5-21-3793012919-2705438960-3369879477-1004) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/27/2018 04:07:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/27/2018 04:07:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/27/2018 04:07:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN se nepodařilo spustit.

Cesta k modulu: C:\WINDOWS\system32\Rtlihvs.dll
Kód chyby: 126

Error: (11/27/2018 02:30:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/27/2018 01:24:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2018-11-27 16:06:02.273
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Tiggre!plock
ID: 2147723626
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\AppData\Roaming\IE.Coockies\361804\AvastFileRep.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Verze podpisu: AV: 1.281.872.0, AS: 1.281.872.0, NIS: 1.281.872.0
Verze modulu: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-27 16:05:49.961
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Tiggre!plock
ID: 2147723626
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\AppData\Roaming\IE.Coockies\361804\AvastFileRep.dll
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.281.872.0, AS: 1.281.872.0, NIS: 1.281.872.0
Verze modulu: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-27 15:10:06.057
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {E694CA30-87E3-4B2B-B7DF-1EB83E1281FE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-11-27 14:39:47.952
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {0673F102-4C3D-475C-83D7-7AF5FF7DFE98}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-11-27 13:38:58.616
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Users\Kateřina\AppData\Roaming\IE.Coockies\122335\x64_steam.dll
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze podpisu: AV: 1.281.872.0, AS: 1.281.872.0, NIS: 1.281.872.0
Verze modulu: AM: 1.1.15400.5, NIS: 1.1.15400.5

Date: 2018-11-06 13:11:53.843
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.279.1294.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15400.4
Kód chyby: 0x80240438
Popis chyby :Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

CodeIntegrity:
===================================

Date: 2018-11-27 16:12:11.091
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 16:11:58.000
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 16:09:53.977
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 16:09:38.198
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 16:08:21.904
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 16:08:21.904
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 15:40:17.466
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-11-27 14:17:32.049
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz
Percentage of memory in use: 89%
Total physical RAM: 1977.13 MB
Available physical RAM: 216.44 MB
Total Virtual: 4921.13 MB
Available Virtual: 2670.41 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:56.99 GB) (Free:14.41 GB) NTFS

\\?\Volume{9c76ee76-6bb3-4f5a-993b-b448b6702264}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.67 GB) NTFS
\\?\Volume{e1359a58-b0db-4cbb-9fd5-0160589ee3ed}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 58.2 GB) (Disk ID: 049CE56E)

Partition: GPT.

==================== End of Addition.txt ============================

Re: Zničené soubory - vir?

Napsal: 27 lis 2018 16:57
od Rudy
PC je nyní čistý, malware je pryč. Pokud chcete, přihlašte se na neslape, pokud budou moci, soubory dešifrují. Pro příště doporučuji dokumenty zálohovat.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz