Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

přišel mi Blackmail a prosím pro jistotu o kontrolu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
xcite
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 31 bře 2009 16:27

přišel mi Blackmail a prosím pro jistotu o kontrolu

#1 Příspěvek od xcite »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.02.2019
Ran by XXX (administrator) on XXX-TOSH (14-02-2019 16:15:15)
Running from C:\Users\XXX\Desktop
Loaded Profiles: XXX (Available Profiles: XXX)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
() C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\3GUty\tw3gsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(f.lux Software LLC) C:\Users\XXX\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Users\XXX\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Toshiba Corporation) C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Users\XXX\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(TOSHIBA) C:\Program Files\TOSHIBA\FlashCards\Hotkey\TDUNotify\TDUSrv64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Utils\SwiService.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe
(McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Společnost TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWififind.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16408320 2015-12-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [1006384 2015-09-10] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [613216 2015-09-30] (TOSHIBA CORPORATION -> )
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [711040 2013-08-20] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [1500240 2013-04-16] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe [230752 2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => c:\Program Files (x86)\Toshiba\Registration\ToshibaReminder.exe [150928 2017-05-09] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [298776 2015-12-18] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [BtPwrMon] => C:\Program Files (x86)\Toshiba\BtPwrMon\BtPwrMon.exe [28488 2015-12-15] (TOSHIBA CORPORATION -> Toshiba Corporation)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] (TOSHIBA CORPORATION -> )
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\Run: [f.lux] => C:\Users\XXX\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\XXX\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\XXX\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\MountPoints2: {211569fe-c311-11e7-a8e6-448500e4fb9b} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\MountPoints2: {c01eca2d-6813-11e7-9964-448500e4fb9b} - E:\startme.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
HKLM\Software\...\Authentication\Credential Providers: [{EB4BBF9F-17EB-42E3-A500-032864921611}] -> C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUBioCP.dll [2015-09-24] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\Software\...\Authentication\Credential Provider Filters: [{B39792CE-FA9B-475e-9881-151D5C215110}] -> C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUBioCP.dll [2015-09-24] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Monitor.lnk [2017-05-09]
ShortcutTarget: Bluetooth Monitor.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Monitor\BtMon2.exe (TOSHIBA CORPORATION)
Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2019-01-16]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.5.54.1
Tcpip\..\Interfaces\{AB95AB8B-DA4C-4A89-BD14-4C7B3961229F}: [DhcpNameServer] 10.5.54.1

Internet Explorer:
==================
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TBTE
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TBTE
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_10b
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3709101765-1524951398-3981220775-1000 -> DefaultScope {366444CB-B147-4916-B0EC-B548DA882495} URL =
SearchScopes: HKU\S-1-5-21-3709101765-1524951398-3981220775-1000 -> {366444CB-B147-4916-B0EC-B548DA882495} URL =
BHO: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-08] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2018-12-23] (McAfee, Inc. -> McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-02-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-12-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2018-12-23] (McAfee, Inc. -> McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-02-05] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File

FireFox:
========
FF DefaultProfile: ck9gt83p.default
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default [2019-02-14]
FF Homepage: Mozilla\Firefox\Profiles\ck9gt83p.default -> hxxps://www.seznam.cz/
FF NewTabOverride: Mozilla\Firefox\Profiles\ck9gt83p.default -> Disabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (youtube-flash-html) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\Extensions\jid1-o2qEVrZ4t5FJWu@jetpack.xpi [2018-05-27]
FF Extension: (YouTube ALL HTML5) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2017-10-25] [Legacy]
FF Extension: (h264ify) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\Extensions\jid1-TSgSxBhncsPBWQ@jetpack.xpi [2018-09-17]
FF Extension: (Seznam doplněk - Esko) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\Extensions\sko-extension@firma.seznam.cz.xpi [2018-11-24]
FF Extension: (Seznam doplněk - Email) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2018-11-24]
FF Extension: (No Name) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: (No Name) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\extensions\sko-extension@firma.seznam.cz [not found]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2018-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{302BCF7B-E09E-4854-9F2F-8B2DA4EF70F9}] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin
FF Extension: (TOSHIBA Fingerprint Utility Web Site Passwords) - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin [2017-05-09] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)

Chrome:
=======
CHR NewTab: Default -> Active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/speeddial/html/newTab.html"
CHR Profile: C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default [2018-02-13]
CHR Extension: (Prezentace) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-27]
CHR Extension: (Dokumenty) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-27]
CHR Extension: (Disk Google) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-27]
CHR Extension: (Ledger Manager) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimhnaefocolcplfimocfiaiefpkgbf [2017-12-27]
CHR Extension: (Seznam pro Chrome - Email) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-02-13]
CHR Extension: (YouTube) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-28]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-12-27]
CHR Extension: (Ledger Manager) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngpbmgggdeddanjnlclolbophdbkchp [2017-12-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-27]
CHR Extension: (TOSHIBA Fingerprint Utility Web Site Passwords) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniieblifogecdlkejbmonblijmdaiog [2017-12-27]
CHR Extension: (Cryptonite by MetaCert ) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\keghdcpemohlojlglbiegihkljkgnige [2018-02-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-27]
CHR Extension: (Seznam pro Chrome - Esko) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-02-13]
CHR Extension: (Gmail) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-27]
CHR Extension: (Chrome Media Router) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iniieblifogecdlkejbmonblijmdaiog] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\ChromeAddin\ChromeAddin.crx [2013-08-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3715208 2015-12-14] (Intel(R) Corporation -> Intel Corporation)
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [96512 2015-10-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013496 2019-01-28] (Microsoft Corporation -> Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [20928 2015-11-19] (DTS, Inc. -> )
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [165616 2015-11-12] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [354920 2015-12-30] (Intel Corporation - pGFX -> Intel Corporation)
R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-23] (Intel(R) Software Asset Manager -> Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [395744 2015-01-14] (Intel(R) Wireless Display -> Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-12-03] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [905336 2018-12-23] (McAfee, Inc. -> McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] (Intel Corporation-Wireless Connectivity Solutions -> )
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 SwiService; C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe [792840 2015-07-02] (Sierra Wireless, Inc. -> Sierra Wireless, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11786992 2018-11-14] (TeamViewer GmbH -> TeamViewer GmbH)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112232 2015-08-17] (Toshiba Europe Gmbh -> Toshiba Europe GmbH)
R2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [352688 2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [352688 2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
R2 TW3GSVC; C:\Program Files\Toshiba\3GUty\tw3gsvc.exe [186816 2014-12-15] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-11-19] (Validity Sensors, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [502256 2015-08-13] (Intel(R) Intel Network Drivers -> Intel Corporation)
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [99496 2015-08-12] (BayHub Technology Inc. -> O2Micro)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31728 2015-11-12] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [308496 2015-11-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-08] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [4008176 2015-08-23] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [752856 2015-06-12] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 SGXEPC; C:\Windows\System32\DRIVERS\sgx_driver.sys [54768 2015-12-14] (Intel(R) Corporation -> Windows (R) Win 7 DDK provider)
R3 swg3kmbb06; C:\Windows\System32\DRIVERS\swg3kmbb06.sys [556296 2015-07-02] (Sierra Wireless, Inc. -> Sierra Wireless Incorporated)
R3 swg3knmea06; C:\Windows\System32\DRIVERS\swg3knmea06.sys [276720 2015-07-02] (Sierra Wireless, Inc. -> Sierra Wireless Incorporated)
R3 swg3kser06; C:\Windows\System32\DRIVERS\swg3kser06.sys [276720 2015-07-02] (Sierra Wireless, Inc. -> Sierra Wireless Incorporated)
R3 swibus06; C:\Windows\System32\DRIVERS\swibus06.sys [88848 2015-07-02] (Sierra Wireless -> Sierra Wireless Inc.)
R3 swibusflt06; C:\Windows\System32\DRIVERS\swibusflt06.sys [88848 2015-07-02] (Sierra Wireless -> Sierra Wireless Inc.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [212056 2015-01-14] (Intel(R) Wireless Display -> Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-14 16:15 - 2019-02-14 16:16 - 000029130 _____ C:\Users\XXX\Desktop\FRST.txt
2019-02-14 16:14 - 2019-02-14 16:15 - 000000000 ____D C:\FRST
2019-02-14 16:13 - 2019-02-14 16:13 - 002433536 _____ (Farbar) C:\Users\XXX\Desktop\FRST64.exe
2019-02-10 22:10 - 2019-02-10 22:10 - 000000000 ____D C:\Users\XXX\Downloads\praha-noir
2019-02-10 22:09 - 2019-02-10 22:09 - 043351364 _____ C:\Users\XXX\Downloads\praha-noir.zip
2019-02-10 10:41 - 2019-02-10 10:41 - 000000000 ____D C:\Users\XXX\AppData\Roaming\EurekaLab s.a.s
2019-02-10 09:19 - 2019-02-10 09:20 - 565393278 _____ C:\Users\XXX\Downloads\František Kotleta - Poločas rozpadu (AudioKniha (Mluvené slovo CZ)).zip
2019-02-09 16:46 - 2019-02-09 16:48 - 939792384 _____ C:\Users\XXX\Downloads\Milosrdne_Lzi__2010__CZ_Dabing.avi
2019-02-09 09:28 - 2019-02-09 09:28 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-02-09 09:28 - 2019-02-09 09:28 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-02-09 09:28 - 2019-02-09 09:28 - 000002464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-02-09 09:28 - 2019-02-09 09:28 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-02-09 09:28 - 2019-02-09 09:28 - 000002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy.lnk
2019-02-09 09:28 - 2019-02-09 09:28 - 000002420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-02-09 09:28 - 2019-02-09 09:28 - 000002385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-02-09 09:28 - 2019-02-09 09:28 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-02-09 09:28 - 2019-02-09 09:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2019-02-07 20:33 - 2019-02-07 20:36 - 1470649240 _____ C:\Users\XXX\Downloads\Manhattan-Night-2016-Cz-tit..avi
2019-02-07 16:19 - 2019-02-07 16:19 - 000049265 _____ C:\Users\XXX\Downloads\868990010297_1_1132_20190104.pdf
2019-02-07 16:19 - 2019-02-07 16:19 - 000044750 _____ C:\Users\XXX\Downloads\868990010297_2_1132_20190206.pdf
2019-02-07 16:18 - 2019-02-07 16:18 - 000043768 _____ C:\Users\XXX\Downloads\868990010297_12_1132_20181206.pdf
2019-02-05 00:29 - 2019-02-05 00:29 - 000052620 _____ C:\Users\XXX\Downloads\The-Blacklist-S06E05(0000308475).srt
2019-02-04 23:18 - 2019-02-04 23:32 - 245181537 _____ C:\Users\XXX\Downloads\The.Blacklist.S06E05.HDTV.x264-KILLERS[ettv].mkv
2019-02-04 22:34 - 2019-02-04 22:34 - 000048648 _____ C:\Users\XXX\Downloads\The-Blacklist-S06E04(0000307929).srt
2019-02-04 20:03 - 2019-02-10 10:54 - 000000000 ____D C:\Users\XXX\Desktop\potichu
2019-02-04 16:40 - 2019-02-04 16:40 - 000002198 _____ C:\Users\XXX\Desktop\Voice Reader Home 15 Direct.lnk
2019-02-04 16:40 - 2019-02-04 16:40 - 000002162 _____ C:\Users\XXX\Desktop\Voice Reader Home 15.lnk
2019-02-04 16:40 - 2019-02-04 16:40 - 000000000 ____D C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Linguatec
2019-02-04 16:40 - 2019-02-04 16:40 - 000000000 ____D C:\Users\XXX\AppData\Roaming\Linguatec
2019-02-04 16:40 - 2019-02-04 16:40 - 000000000 ____D C:\Program Files (x86)\Linguatec
2019-02-04 16:15 - 2019-02-04 16:32 - 538925408 _____ C:\Users\XXX\Downloads\VoiceReaderHome15_Czech_Zuzana.exe
2019-02-03 23:37 - 2019-02-04 15:49 - 948091249 _____ C:\Users\XXX\Downloads\The Blacklist S06E04 720p HDTV x264.mkv
2019-02-03 15:08 - 2019-02-03 15:09 - 167921445 _____ C:\Users\XXX\Downloads\Jake.a.piráti.ze.Země.Nezemě.S02E32.Jake.zachraňuje.Bárku.část.2.HDTV.x264-PiP.mp4
2019-02-03 15:08 - 2019-02-03 15:08 - 167893627 _____ C:\Users\XXX\Downloads\Jake.a.piráti.ze.Země.Nezemě.S02E31.Jake.zachraňuje.Bárku.část.1.HDTV.x264-PiP.mp4
2019-02-03 15:08 - 2019-02-03 15:08 - 167800428 _____ C:\Users\XXX\Downloads\Jake a pirati ze Zeme Nezeme - 2x04 - Pirati z pouste (cz).mp4
2019-02-03 15:07 - 2019-02-03 15:08 - 167775857 _____ C:\Users\XXX\Downloads\Jake_a_pirati_ze_Zeme_Nezeme_S1_E13.mp4
2019-02-03 15:07 - 2019-02-03 15:08 - 167388622 _____ C:\Users\XXX\Downloads\Jake_a_pirati_ze_Zeme_Nezeme_S1_E10.mp4
2019-02-03 08:37 - 2019-02-03 08:37 - 000051920 _____ C:\Users\XXX\Downloads\The-Blacklist-S06E03(0000307717).srt
2019-02-03 08:30 - 2019-02-03 15:27 - 239164737 _____ C:\Users\XXX\Downloads\The.Blacklist.S06E03.HDTV.x264-KILLERS.mkv
2019-01-30 18:15 - 2019-01-30 18:15 - 000000000 ____D C:\ProgramData\Mozilla
2019-01-29 18:24 - 2019-01-29 18:24 - 074539964 _____ C:\Users\XXX\Downloads\ceska-pornografie-umelohmotny-tripokoj.zip
2019-01-29 18:24 - 2019-01-29 18:24 - 000000000 ____D C:\Users\XXX\Downloads\ceska-pornografie-umelohmotny-tripokoj
2019-01-18 14:52 - 2019-01-18 14:52 - 000042761 _____ C:\Users\XXX\Downloads\dok.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-14 15:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2019-02-14 09:42 - 2009-07-14 05:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-14 09:42 - 2009-07-14 05:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-14 09:39 - 2017-05-25 21:11 - 000000000 ____D C:\Windows\system32\MRT
2019-02-14 09:36 - 2011-02-14 11:17 - 000668792 _____ C:\Windows\system32\perfh005.dat
2019-02-14 09:36 - 2011-02-14 11:17 - 000141420 _____ C:\Windows\system32\perfc005.dat
2019-02-14 09:36 - 2009-07-14 06:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-14 09:36 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-02-14 08:08 - 2018-02-13 12:16 - 000000000 ____D C:\Users\XXX\AppData\Roaming\Seznam.cz
2019-02-14 08:07 - 2017-05-25 21:11 - 129330784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-02-14 08:03 - 2018-04-23 19:20 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-02-14 08:03 - 2017-05-09 22:22 - 000000000 ____D C:\Users\XXX\AppData\LocalLow\Mozilla
2019-02-14 08:03 - 2017-05-09 22:10 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-02-14 08:03 - 2017-05-09 22:10 - 000000000 __SHD C:\Users\XXX\IntelGraphicsProfiles
2019-02-14 08:03 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-13 20:05 - 2017-05-10 18:14 - 000000000 ____D C:\Users\XXX\AppData\Roaming\vlc
2019-02-10 05:32 - 2017-10-22 18:13 - 000003168 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3709101765-1524951398-3981220775-1000
2019-02-10 05:32 - 2017-10-21 17:38 - 000000000 ___RD C:\Users\XXX\OneDrive
2019-02-10 05:32 - 2017-05-09 22:10 - 000002190 _____ C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2019-02-09 09:39 - 2017-05-09 20:58 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-09 09:25 - 2017-05-09 20:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-01-31 22:17 - 2017-05-09 22:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-01-31 22:17 - 2017-05-09 22:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-01-29 01:55 - 2018-12-11 15:45 - 000000000 ____D C:\Users\XXX\AppData\Local\ElevatedDiagnostics
2019-01-29 01:55 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2019-01-20 16:17 - 2018-04-21 13:27 - 1210752117 _____ C:\Windows\MEMORY.DMP
2019-01-20 16:17 - 2018-04-21 13:27 - 000000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories =======

2018-04-05 22:03 - 2018-11-04 13:00 - 000007663 _____ () C:\Users\XXX\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-04-05 16:48 - 2018-06-17 07:56 - 000534528 _____ () C:\Users\XXX\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-02 02:33

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by XXX (14-02-2019 16:17:28)
Running from C:\Users\XXX\Desktop
Windows 7 Professional Service Pack 1 (X64) (2017-05-09 21:10:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3709101765-1524951398-3981220775-500 - Administrator - Disabled)
Guest (S-1-5-21-3709101765-1524951398-3981220775-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3709101765-1524951398-3981220775-1002 - Limited - Enabled)
XXX (S-1-5-21-3709101765-1524951398-3981220775-1000 - Administrator - Enabled) => C:\Users\XXX

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.100.303.215 - ALPS ELECTRIC CO., LTD.)
Bluetooth Monitor 4 (HKLM-x32\...\{61539202-097E-487E-9237-B291AB56D54C}) (Version: 4.08.000 - TOSHIBA)
Canon MF Toolbox 4.9.1.1.mf18 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf18 - CANON INC.)
Canon MF4100 Series (HKLM\...\{239A8D60-270B-42e8-82D3-60D70A2942E0}) (Version: - )
CMEDIA USB2.0 Audio Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392016500}) (Version: 1.0.0.3 - C-Media Electronics, Inc.)
DTS Studio Sound (HKLM-x32\...\{E7C66352-1D0C-406F-B5B2-FE2B23973356}) (Version: 1.02.5600 - DTS, Inc.)
f.lux (HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\Flux) (Version: - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1175 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4360 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.4.51 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{5DD8D7E4-87F1-4134-AD28-4228FB1A03BA}) (Version: 6.0.44.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (HKLM-x32\...\{86905E62-645F-482E-A417-82C812ABD787}) (Version: 1.1.383 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{4c8b7360-62a2-4339-b745-41323055d0bb}) (Version: 18.20.0 - Intel Corporation)
Kindle Converter 3.18.318.381 (HKLM-x32\...\{8142ADA6-F41A-461D-A211-B9B68B09CEAA}_is1) (Version: 3.18.318.381 - eBook Converter Team)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.2.167.1 - McAfee, LLC)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.9 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Office 365 - el-gr (HKLM\...\O365HomePremRetail - el-gr) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Office 365 - hu-hu (HKLM\...\O365HomePremRetail - hu-hu) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Office 365 - pl-pl (HKLM\...\O365HomePremRetail - pl-pl) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Office 365 - sk-sk (HKLM\...\O365HomePremRetail - sk-sk) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 65.0 (x64 cs) (HKLM\...\Mozilla Firefox 65.0 (x64 cs)) (Version: 65.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
O2Micro OZ776 SCR Driver (HKLM\...\{11868102-FAE6-436D-B794-B4B69E2A88DC}) (Version: 2.1.4.241GS - O2Micro) Hidden
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{11868102-FAE6-436D-B794-B4B69E2A88DC}) (Version: 2.1.4.241GS - O2Micro)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0408-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0415-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.1.2 - pdfforge GmbH)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.21277 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
Seznam Software (HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\SeznamInstall) (Version: 2.1.32 - Seznam.cz)
Sierra Wireless Skylight (HKLM\...\Sierra Wireless Skylight) (Version: 6.0.4320.8402 - Sierra Wireless, Inc.)
Sierra Wireless Toshiba Mobile Broadband Driver Package (HKLM-x32\...\SWIToshibaDrvInstaller) (Version: 6.14.4316.0602 - Sierra Wireless, Inc.)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.0.13880 - TeamViewer)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.13 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.4.6401 - Toshiba Corporation)
TOSHIBA Fingerprint Utility (HKLM\...\{62BBF381-D208-4EF0-B502-6CB6E5B9A161}) (Version: 2.3.10.64401 - Toshiba Corporation)
TOSHIBA Flash Cards (HKLM\...\{2263D049-8953-42C5-997B-CC19FD6CEF4F}) (Version: 9.0.11.6403 - Toshiba Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.16 - TOSHIBA Corporation)
TOSHIBA HWSetup (HKLM-x32\...\{0E94D98C-00A7-4C93-9708-8E5A1859E72E}) (Version: 9.1.1.3205 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\{6C0A2179-56CB-4F1F-9681-E777A4F3C800}) (Version: 9.0.4.3203 - Toshiba Corporation)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.4.6400 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{B507386D-1F61-4E55-B05B-F56ACB0086B3}) (Version: 5.01.05.6401 - Toshiba Corporation)
TOSHIBA Power Saver (HKLM\...\{4573FA6D-5FC1-4CA0-8D90-BAF9325B28ED}) (Version: 9.0.7.6401 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.3.00.8510 - Toshiba Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 3.0.1.0 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{472175F3-ACB2-4977-8CC8-EB971C24F245}) (Version: 2.0.2.3201 - Toshiba Corporation)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.1.0.6404 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{9AF63859-69C8-4B80-A9E3-B64DDB75E551}) (Version: 3.50 - Toshiba Europe GmbH)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Validity WBF DDK 5111 (HKLM\...\{8824790A-7C36-41D3-8127-5BD92623150E}) (Version: 4.5.243.0 - Validity Sensors, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voice Reader Home 15 Czech-Female (Zuzana) (HKLM-x32\...\{68EFC913-D74E-42B1-8096-BA75D0DA5EDE}) (Version: 15.0.0.0 - Linguatec GmbH)
WhatsApp (HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\WhatsApp) (Version: 0.2.9229 - WhatsApp)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3709101765-1524951398-3981220775-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\XXX\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUOverlayIcon.dll [2013-07-17] (TOSHIBA CORPORATION -> TOSHIBA)
ShellIconOverlayIdentifiers: [TFPUOverlayIcon] -> {8DBDDA23-34E3-4BF1-A107-67B94C080A1F} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll [2015-04-23] (TOSHIBA CORPORATION -> TOSHIBA)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [TFPUContextMenu] -> {2E34EBB9-C147-4DF4-938F-90C5B0837B1E} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll [2015-04-23] (TOSHIBA CORPORATION -> TOSHIBA)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-12-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [TFPUContextMenu] -> {2E34EBB9-C147-4DF4-938F-90C5B0837B1E} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll [2015-04-23] (TOSHIBA CORPORATION -> TOSHIBA)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0203AAFE-B51D-42D5-B32C-9C792B9276F5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {117F1175-3B4A-4DDD-AB7D-58D3AC853618} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {15C4CC2D-D3F0-4F37-9B94-B81853394294} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3C617356-1958-4AC4-9ABA-A048BAD54B6F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {42B3C504-6996-473B-8C2C-60AE543DD658} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe (DTS, Inc. -> )
Task: {4E4F882E-F931-4162-910B-95A76D79539A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6E230683-599A-4FBF-8CD2-528C67B833B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {7814B64D-5540-4932-B445-5B4C598D515A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {909BFEE5-CCD2-45D8-A6E3-5D63D38E891F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9518347D-A427-49CC-B141-A703B9E9C104} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A87729D2-8E48-445D-8DF4-14CB411F517B} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe (Intel(R) Software -> Intel Corporation)
Task: {B21E49F7-C844-4531-98F6-0CEBFAC381CC} - System32\Tasks\Toshiba\TemproTray => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe Gmbh -> Toshiba Europe GmbH)
Task: {CEF424FA-C9D7-4912-B926-29F791C12BEA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {D3696236-619A-4E8D-BA2F-5502FF7D8D3A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D9843A5A-FC41-4EB3-B0FA-11CD223CE48C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {EE1C0358-36DC-445B-8642-E14DC8ABFDCC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {EF6A9B0B-5FB2-4CE6-BA9D-14E5E33628F8} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {F29674AF-A9EC-40C0-A0C5-B9430C0EEF4C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F634361A-7457-44CA-8BC2-91B4FF806B6C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F6F9A1E5-0D84-4134-85C4-8CBB448D4BBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

ShortcutWithArgument: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Ledger Manager.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=beimhnaefocolcplfimocfiaiefpkgbf

==================== Loaded Modules (Whitelisted) ==============

2018-04-05 16:48 - 2017-11-13 15:46 - 000092368 _____ () C:\Users\XXX\AppData\Roaming\Seznam.cz\bin\27216libfoxloader-x64.dll
2014-02-19 08:13 - 2014-02-19 08:13 - 000352096 _____ () C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUCommon.dll
2014-10-09 13:39 - 2014-10-09 13:39 - 011237456 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2015-09-30 09:44 - 2015-09-30 09:44 - 000613216 _____ () C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2014-11-05 09:36 - 2014-11-05 09:36 - 000474184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2018-02-13 12:16 - 2017-11-13 15:38 - 000506064 _____ () C:\Users\XXX\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2018-02-13 12:17 - 2017-02-08 12:39 - 000080576 _____ () C:\Users\XXX\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2015-12-30 16:38 - 2015-12-30 16:38 - 000384104 _____ () C:\Windows\system32\igfxTray.exe
2015-11-19 14:10 - 2015-11-19 14:10 - 000020928 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2013-08-20 22:49 - 2013-08-20 22:49 - 000080264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2018-02-13 12:16 - 2017-11-13 15:49 - 000085200 _____ () C:\Users\XXX\AppData\Roaming\Seznam.cz\bin\2446libfoxloader.dll
2018-02-13 12:16 - 2018-02-21 10:36 - 000869584 _____ () C:\Users\XXX\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2015-12-03 20:13 - 2015-12-03 20:13 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-04-21 14:23 - 000000846 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.5.54.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{803A312A-B3D6-428E-832B-90544BD7C566}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{5D6ADB3B-EC39-4E6F-B20D-A353752BD2C9}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel(R) Wireless Display -> Microsoft)
FirewallRules: [{15369B3C-A4A7-4680-9E81-361BD2B78891}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe No File
FirewallRules: [{D4EFFD2D-8DEA-4657-B1CE-81239F1CDDA3}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe No File
FirewallRules: [{D0295C46-DF6C-446F-A96C-085E1991DDD3}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe No File
FirewallRules: [{47C66FDD-606E-4DAE-B9B8-D6F3D197E70B}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe (Intel(R) Wireless Display -> Intel)
FirewallRules: [{331488A7-9101-4DFE-AD09-E819B3429AD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{20542CF7-8AD2-43AB-812A-FC3CF755C02B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B325F2A6-6979-4CED-B641-904054E7F535}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{004DE366-9232-4ED0-9931-071AFFA034F1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D43566F4-A422-4801-8F50-190D6EECB319}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{03070D93-74FB-4EAE-AA78-47B729A5761A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{51B122A5-B340-42E2-8985-BFADAAABEC8F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1DB3AE11-1ED2-4574-9484-51FD348A280E}C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanagerlauncher.exe] => (Allow) C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanagerlauncher.exe (Bayerische Motoren Werke AG -> )
FirewallRules: [UDP Query User{5516D722-96A8-43CD-8ACB-BC9FA47602CF}C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanagerlauncher.exe] => (Allow) C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanagerlauncher.exe (Bayerische Motoren Werke AG -> )
FirewallRules: [TCP Query User{C183A1D3-2D27-4207-9B88-92A25217F077}C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanager.exe] => (Allow) C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanager.exe (Bayerische Motoren Werke AG -> )
FirewallRules: [UDP Query User{ACC8464D-24A4-445D-9239-36EE58AFD5F8}C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanager.exe] => (Allow) C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanager.exe (Bayerische Motoren Werke AG -> )
FirewallRules: [TCP Query User{92A5FAA2-211F-44BC-84D2-00F6983E1EBF}C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanagerapp.exe] => (Allow) C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanagerapp.exe (Bayerische Motoren Werke AG -> )
FirewallRules: [UDP Query User{8BBDD975-00FC-4830-BA55-AEE498879CBC}C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanagerapp.exe] => (Allow) C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanagerapp.exe (Bayerische Motoren Werke AG -> )
FirewallRules: [TCP Query User{AEA34023-E51C-463D-AAF4-09E129B9EF0B}C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\bmwdownloadmanagerwinlauncher.exe] => (Allow) C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\bmwdownloadmanagerwinlauncher.exe (Bayerische Motoren Werke AG -> )
FirewallRules: [UDP Query User{9C3A09C2-FE25-4353-92FD-DB38F9E8218F}C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\bmwdownloadmanagerwinlauncher.exe] => (Allow) C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\bmwdownloadmanagerwinlauncher.exe (Bayerische Motoren Werke AG -> )
FirewallRules: [{82534D51-130E-4E45-8D0F-9EA2D409B40E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{CA79269E-C70A-4383-B2BC-187D24683D9A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{5F15D08A-7106-4B64-9182-4B0B7FD7456D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{AE5297EC-980E-4A78-BAFD-94C05E9E18C9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{C394327B-6ED7-455F-BF45-711941D162F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)

==================== Restore Points =========================

10-02-2019 18:19:57 Windows Update
13-02-2019 18:26:05 Windows Update
14-02-2019 08:07:04 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2019 03:00:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Název chybujícího modulu: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000009a73
ID chybujícího procesu: 0x670
Čas spuštění chybující aplikace: 0x01d4c46dad112b90
Cesta k chybující aplikaci: C:\Windows\system32\igfxext.exe
Cesta k chybujícímu modulu: C:\Windows\system32\igfxext.exe
ID zprávy: f22bef30-3060-11e9-bf6c-448500e4fb9b

Error: (02/14/2019 02:03:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Název chybujícího modulu: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000009a73
ID chybujícího procesu: 0x9d8
Čas spuštění chybující aplikace: 0x01d4c465a5c61470
Cesta k chybující aplikaci: C:\Windows\system32\igfxext.exe
Cesta k chybujícímu modulu: C:\Windows\system32\igfxext.exe
ID zprávy: ea69d350-3058-11e9-bf6c-448500e4fb9b

Error: (02/14/2019 09:56:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Název chybujícího modulu: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000009a73
ID chybujícího procesu: 0x226c
Čas spuštění chybující aplikace: 0x01d4c44323617730
Cesta k chybující aplikaci: C:\Windows\system32\igfxext.exe
Cesta k chybujícímu modulu: C:\Windows\system32\igfxext.exe
ID zprávy: 66087bb0-3036-11e9-bf6c-448500e4fb9b

Error: (02/14/2019 09:33:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Název chybujícího modulu: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000009a73
ID chybujícího procesu: 0x2104
Čas spuštění chybující aplikace: 0x01d4c43fec0be021
Cesta k chybující aplikaci: C:\Windows\system32\igfxext.exe
Cesta k chybujícímu modulu: C:\Windows\system32\igfxext.exe
ID zprávy: 3448a442-3033-11e9-bf6c-448500e4fb9b

Error: (02/14/2019 08:16:06 AM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.

Error: (02/14/2019 08:03:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/13/2019 10:14:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Název chybujícího modulu: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000009a73
ID chybujícího procesu: 0x2608
Čas spuštění chybující aplikace: 0x01d4c3e119647960
Cesta k chybující aplikaci: C:\Windows\system32\igfxext.exe
Cesta k chybujícímu modulu: C:\Windows\system32\igfxext.exe
ID zprávy: 5eaf26a0-2fd4-11e9-b4e9-448500e4fb9b

Error: (02/13/2019 09:50:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Název chybujícího modulu: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000009a73
ID chybujícího procesu: 0x878
Čas spuštění chybující aplikace: 0x01d4c3ddadbb77c0
Cesta k chybující aplikaci: C:\Windows\system32\igfxext.exe
Cesta k chybujícímu modulu: C:\Windows\system32\igfxext.exe
ID zprávy: f0ccd6d0-2fd0-11e9-b4e9-448500e4fb9b


System errors:
=============
Error: (02/14/2019 03:26:04 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Error: (02/14/2019 03:00:36 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Čtečka čipových karet O2Micro CCID SC Reader 0 odmítla signál IOCTL GET_STATE: Zařízení bylo odebráno.. Pokud chyba přetrvává, čipová karta nebo čtečka pravděpodobně nefungují správně.

Záhlaví příkazu: XX XX XX XX

Error: (02/14/2019 03:00:32 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Error: (02/14/2019 02:03:12 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Čtečka čipových karet O2Micro CCID SC Reader 0 odmítla signál IOCTL GET_STATE: Zařízení bylo odebráno.. Pokud chyba přetrvává, čipová karta nebo čtečka pravděpodobně nefungují správně.

Záhlaví příkazu: XX XX XX XX

Error: (02/14/2019 02:03:10 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Error: (02/14/2019 11:30:35 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Error: (02/14/2019 09:56:18 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Název WORKGROUP :1d nelze zaregistrovat v rozhraní s IP adresou 10.5.55.77.
Počítač s IP adresou 10.5.55.76 nepovolil získání názvu
tímto počítačem.

Error: (02/14/2019 09:56:06 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Čtečka čipových karet O2Micro CCID SC Reader 0 odmítla signál IOCTL GET_STATE: Zařízení bylo odebráno.. Pokud chyba přetrvává, čipová karta nebo čtečka pravděpodobně nefungují správně.

Záhlaví příkazu: XX XX XX XX


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 35%
Total physical RAM: 16188.82 MB
Available physical RAM: 10474.45 MB
Total Virtual: 32375.77 MB
Available Virtual: 26463.29 MB

==================== Drives ================================

Drive c: (TIH0130600A) (Fixed) (Total:225.11 GB) (Free:30.85 GB) NTFS
Drive d: () (Removable) (Total:59.75 GB) (Free:51.38 GB) NTFS

\\?\Volume{0f59064e-3539-19e7-b8ae-e67a921512a0}\ (System) (Fixed) (Total:1.46 GB) (Free:1.17 GB) NTFS
\\?\Volume{1bbebe9c-1d7d-11e6-9e51-ec21e534951f}\ (HDDRECOVERY) (Fixed) (Total:11.67 GB) (Free:0.99 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 59.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: přišel mi Blackmail a prosím pro jistotu o kontrolu

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

xcite
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 31 bře 2009 16:27

Re: přišel mi Blackmail a prosím pro jistotu o kontrolu

#3 Příspěvek od xcite »

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-12.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-15-2019
# Duration: 00:00:02
# OS: Windows 7 Professional
# Cleaned: 13
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\Booking.com
Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\Users\XXX\AppData\Roaming\Seznam.cz

***** [ Files ] *****

Deleted C:\Users\XXX\Favorites\Booking.com.url

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.autoupdate
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|seznam-listicka-distribuce
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall
Deleted HKCU\Software\Seznam.cz
Deleted HKCU\Software\Mozilla\NativeMessagingHosts\sznpp_nm
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\warthunder.com

***** [ Chromium (and derivatives) ] *****

Deleted Seznam pro Chrome - Email
Deleted Seznam pro Chrome - Esko

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2223 octets] - [15/02/2019 10:24:33]
AdwCleaner[S01].txt - [2284 octets] - [15/02/2019 10:29:50]
AdwCleaner[S02].txt - [2345 octets] - [15/02/2019 10:32:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: přišel mi Blackmail a prosím pro jistotu o kontrolu

#4 Příspěvek od Diallix »

Poprosim o nove logy FRST + ADDITION
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

xcite
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 31 bře 2009 16:27

Re: přišel mi Blackmail a prosím pro jistotu o kontrolu

#5 Příspěvek od xcite »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.02.2019
Ran by XXX (administrator) on XXX-TOSH (15-02-2019 14:04:26)
Running from C:\Users\XXX\Desktop
Loaded Profiles: XXX (Available Profiles: XXX)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\3GUty\tw3gsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
() C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(f.lux Software LLC) C:\Users\XXX\AppData\Local\FluxSoftware\Flux\flux.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Toshiba Corporation) C:\Program Files (x86)\TOSHIBA\BtPwrMon\BtPwrMon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA) C:\Program Files\TOSHIBA\FlashCards\Hotkey\TDUNotify\TDUSrv64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Utils\SwiService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe
(McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Společnost TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWififind.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16408320 2015-12-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [1006384 2015-09-10] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [613216 2015-09-30] (TOSHIBA CORPORATION -> )
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [711040 2013-08-20] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [1500240 2013-04-16] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe [230752 2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => c:\Program Files (x86)\Toshiba\Registration\ToshibaReminder.exe [150928 2017-05-09] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [298776 2015-12-18] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [BtPwrMon] => C:\Program Files (x86)\Toshiba\BtPwrMon\BtPwrMon.exe [28488 2015-12-15] (TOSHIBA CORPORATION -> Toshiba Corporation)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] (TOSHIBA CORPORATION -> )
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\Run: [f.lux] => C:\Users\XXX\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\MountPoints2: {211569fe-c311-11e7-a8e6-448500e4fb9b} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\MountPoints2: {c01eca2d-6813-11e7-9964-448500e4fb9b} - E:\startme.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\Installer\chrmstp.exe [2019-02-15] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
HKLM\Software\...\Authentication\Credential Providers: [{EB4BBF9F-17EB-42E3-A500-032864921611}] -> C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUBioCP.dll [2015-09-24] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\Software\...\Authentication\Credential Provider Filters: [{B39792CE-FA9B-475e-9881-151D5C215110}] -> C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUBioCP.dll [2015-09-24] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Monitor.lnk [2017-05-09]
ShortcutTarget: Bluetooth Monitor.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Monitor\BtMon2.exe (TOSHIBA CORPORATION)
Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2019-01-16]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.255.255.10 10.255.255.20 192.168.1.1
Tcpip\..\Interfaces\{AB95AB8B-DA4C-4A89-BD14-4C7B3961229F}: [DhcpNameServer] 10.255.255.10 10.255.255.20 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TBTE
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TBTE
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_10b
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3709101765-1524951398-3981220775-1000 -> DefaultScope {366444CB-B147-4916-B0EC-B548DA882495} URL =
SearchScopes: HKU\S-1-5-21-3709101765-1524951398-3981220775-1000 -> {366444CB-B147-4916-B0EC-B548DA882495} URL =
BHO: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-08] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2018-12-23] (McAfee, Inc. -> McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-02-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: TOSHIBA Fingerprint Utility Web Site Passwords -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll [2013-08-26] (TOSHIBA CORPORATION -> TOSHIBA)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-12-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2018-12-23] (McAfee, Inc. -> McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-02-05] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File

FireFox:
========
FF DefaultProfile: ck9gt83p.default
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default [2019-02-15]
FF Homepage: Mozilla\Firefox\Profiles\ck9gt83p.default -> hxxps://www.seznam.cz/
FF NewTabOverride: Mozilla\Firefox\Profiles\ck9gt83p.default -> Disabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (youtube-flash-html) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\Extensions\jid1-o2qEVrZ4t5FJWu@jetpack.xpi [2018-05-27]
FF Extension: (YouTube ALL HTML5) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2017-10-25] [Legacy]
FF Extension: (h264ify) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\Extensions\jid1-TSgSxBhncsPBWQ@jetpack.xpi [2018-09-17]
FF Extension: (Seznam doplněk - Esko) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\Extensions\sko-extension@firma.seznam.cz.xpi [2019-02-14]
FF Extension: (Seznam doplněk - Email) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2018-11-24]
FF Extension: (No Name) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: (No Name) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\extensions\sko-extension@firma.seznam.cz [not found]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2018-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{302BCF7B-E09E-4854-9F2F-8B2DA4EF70F9}] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin
FF Extension: (TOSHIBA Fingerprint Utility Web Site Passwords) - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin [2017-05-09] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)

Chrome:
=======
CHR NewTab: Default -> Active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/speeddial/html/newTab.html"
CHR Profile: C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default [2018-02-13]
CHR Extension: (Prezentace) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-27]
CHR Extension: (Dokumenty) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-27]
CHR Extension: (Disk Google) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-27]
CHR Extension: (Ledger Manager) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimhnaefocolcplfimocfiaiefpkgbf [2017-12-27]
CHR Extension: (Seznam pro Chrome - Email) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-02-13]
CHR Extension: (YouTube) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-28]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-12-27]
CHR Extension: (Ledger Manager) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngpbmgggdeddanjnlclolbophdbkchp [2017-12-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-27]
CHR Extension: (TOSHIBA Fingerprint Utility Web Site Passwords) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniieblifogecdlkejbmonblijmdaiog [2017-12-27]
CHR Extension: (Cryptonite by MetaCert ) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\keghdcpemohlojlglbiegihkljkgnige [2018-02-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-27]
CHR Extension: (Seznam pro Chrome - Esko) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-02-13]
CHR Extension: (Gmail) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-27]
CHR Extension: (Chrome Media Router) - C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iniieblifogecdlkejbmonblijmdaiog] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\ChromeAddin\ChromeAddin.crx [2013-08-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3715208 2015-12-14] (Intel(R) Corporation -> Intel Corporation)
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [96512 2015-10-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013496 2019-01-28] (Microsoft Corporation -> Microsoft Corporation)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [20928 2015-11-19] (DTS, Inc. -> )
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [165616 2015-11-12] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [354920 2015-12-30] (Intel Corporation - pGFX -> Intel Corporation)
R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-23] (Intel(R) Software Asset Manager -> Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [395744 2015-01-14] (Intel(R) Wireless Display -> Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-12-03] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [905336 2018-12-23] (McAfee, Inc. -> McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] (Intel Corporation-Wireless Connectivity Solutions -> )
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 SwiService; C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe [792840 2015-07-02] (Sierra Wireless, Inc. -> Sierra Wireless, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11786992 2018-11-14] (TeamViewer GmbH -> TeamViewer GmbH)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112232 2015-08-17] (Toshiba Europe Gmbh -> Toshiba Europe GmbH)
R2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [352688 2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [352688 2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2018-11-27] (McAfee, Inc. -> McAfee, LLC.)
R2 TW3GSVC; C:\Program Files\Toshiba\3GUty\tw3gsvc.exe [186816 2014-12-15] (TOSHIBA CORPORATION -> TOSHIBA CORPORATION)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-11-19] (Validity Sensors, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [502256 2015-08-13] (Intel(R) Intel Network Drivers -> Intel Corporation)
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [99496 2015-08-12] (BayHub Technology Inc. -> O2Micro)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31728 2015-11-12] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [308496 2015-11-13] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-08] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [4008176 2015-08-23] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [752856 2015-06-12] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 SGXEPC; C:\Windows\System32\DRIVERS\sgx_driver.sys [54768 2015-12-14] (Intel(R) Corporation -> Windows (R) Win 7 DDK provider)
R3 swg3kmbb06; C:\Windows\System32\DRIVERS\swg3kmbb06.sys [556296 2015-07-02] (Sierra Wireless, Inc. -> Sierra Wireless Incorporated)
R3 swg3knmea06; C:\Windows\System32\DRIVERS\swg3knmea06.sys [276720 2015-07-02] (Sierra Wireless, Inc. -> Sierra Wireless Incorporated)
R3 swg3kser06; C:\Windows\System32\DRIVERS\swg3kser06.sys [276720 2015-07-02] (Sierra Wireless, Inc. -> Sierra Wireless Incorporated)
R3 swibus06; C:\Windows\System32\DRIVERS\swibus06.sys [88848 2015-07-02] (Sierra Wireless -> Sierra Wireless Inc.)
R3 swibusflt06; C:\Windows\System32\DRIVERS\swibusflt06.sys [88848 2015-07-02] (Sierra Wireless -> Sierra Wireless Inc.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [212056 2015-01-14] (Intel(R) Wireless Display -> Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-15 14:04 - 2019-02-15 14:06 - 000028561 _____ C:\Users\XXX\Desktop\FRST.txt
2019-02-15 10:23 - 2019-02-15 10:33 - 000000000 ____D C:\AdwCleaner
2019-02-15 10:22 - 2019-02-15 10:23 - 007316688 _____ (Malwarebytes) C:\Users\XXX\Downloads\adwcleaner_7.2.7.0.exe
2019-02-14 16:14 - 2019-02-15 14:04 - 000000000 ____D C:\FRST
2019-02-14 16:13 - 2019-02-14 16:13 - 002433536 _____ (Farbar) C:\Users\XXX\Desktop\FRST64.exe
2019-02-10 22:10 - 2019-02-10 22:10 - 000000000 ____D C:\Users\XXX\Downloads\praha-noir
2019-02-10 22:09 - 2019-02-10 22:09 - 043351364 _____ C:\Users\XXX\Downloads\praha-noir.zip
2019-02-10 10:41 - 2019-02-10 10:41 - 000000000 ____D C:\Users\XXX\AppData\Roaming\EurekaLab s.a.s
2019-02-10 09:19 - 2019-02-10 09:20 - 565393278 _____ C:\Users\XXX\Downloads\František Kotleta - Poločas rozpadu (AudioKniha (Mluvené slovo CZ)).zip
2019-02-09 16:46 - 2019-02-09 16:48 - 939792384 _____ C:\Users\XXX\Downloads\Milosrdne_Lzi__2010__CZ_Dabing.avi
2019-02-09 09:28 - 2019-02-09 09:28 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-02-09 09:28 - 2019-02-09 09:28 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-02-09 09:28 - 2019-02-09 09:28 - 000002464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-02-09 09:28 - 2019-02-09 09:28 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-02-09 09:28 - 2019-02-09 09:28 - 000002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy.lnk
2019-02-09 09:28 - 2019-02-09 09:28 - 000002420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-02-09 09:28 - 2019-02-09 09:28 - 000002385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-02-09 09:28 - 2019-02-09 09:28 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-02-09 09:28 - 2019-02-09 09:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2019-02-07 20:33 - 2019-02-07 20:36 - 1470649240 _____ C:\Users\XXX\Downloads\Manhattan-Night-2016-Cz-tit..avi
2019-02-07 16:19 - 2019-02-07 16:19 - 000049265 _____ C:\Users\XXX\Downloads\868990010297_1_1132_20190104.pdf
2019-02-07 16:19 - 2019-02-07 16:19 - 000044750 _____ C:\Users\XXX\Downloads\868990010297_2_1132_20190206.pdf
2019-02-07 16:18 - 2019-02-07 16:18 - 000043768 _____ C:\Users\XXX\Downloads\868990010297_12_1132_20181206.pdf
2019-02-05 00:29 - 2019-02-05 00:29 - 000052620 _____ C:\Users\XXX\Downloads\The-Blacklist-S06E05(0000308475).srt
2019-02-04 23:18 - 2019-02-04 23:32 - 245181537 _____ C:\Users\XXX\Downloads\The.Blacklist.S06E05.HDTV.x264-KILLERS[ettv].mkv
2019-02-04 22:34 - 2019-02-04 22:34 - 000048648 _____ C:\Users\XXX\Downloads\The-Blacklist-S06E04(0000307929).srt
2019-02-04 20:03 - 2019-02-10 10:54 - 000000000 ____D C:\Users\XXX\Desktop\potichu
2019-02-04 16:40 - 2019-02-04 16:40 - 000002198 _____ C:\Users\XXX\Desktop\Voice Reader Home 15 Direct.lnk
2019-02-04 16:40 - 2019-02-04 16:40 - 000002162 _____ C:\Users\XXX\Desktop\Voice Reader Home 15.lnk
2019-02-04 16:40 - 2019-02-04 16:40 - 000000000 ____D C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Linguatec
2019-02-04 16:40 - 2019-02-04 16:40 - 000000000 ____D C:\Users\XXX\AppData\Roaming\Linguatec
2019-02-04 16:40 - 2019-02-04 16:40 - 000000000 ____D C:\Program Files (x86)\Linguatec
2019-02-04 16:15 - 2019-02-04 16:32 - 538925408 _____ C:\Users\XXX\Downloads\VoiceReaderHome15_Czech_Zuzana.exe
2019-02-03 23:37 - 2019-02-04 15:49 - 948091249 _____ C:\Users\XXX\Downloads\The Blacklist S06E04 720p HDTV x264.mkv
2019-02-03 15:08 - 2019-02-03 15:09 - 167921445 _____ C:\Users\XXX\Downloads\Jake.a.piráti.ze.Země.Nezemě.S02E32.Jake.zachraňuje.Bárku.část.2.HDTV.x264-PiP.mp4
2019-02-03 15:08 - 2019-02-03 15:08 - 167893627 _____ C:\Users\XXX\Downloads\Jake.a.piráti.ze.Země.Nezemě.S02E31.Jake.zachraňuje.Bárku.část.1.HDTV.x264-PiP.mp4
2019-02-03 15:08 - 2019-02-03 15:08 - 167800428 _____ C:\Users\XXX\Downloads\Jake a pirati ze Zeme Nezeme - 2x04 - Pirati z pouste (cz).mp4
2019-02-03 15:07 - 2019-02-03 15:08 - 167775857 _____ C:\Users\XXX\Downloads\Jake_a_pirati_ze_Zeme_Nezeme_S1_E13.mp4
2019-02-03 15:07 - 2019-02-03 15:08 - 167388622 _____ C:\Users\XXX\Downloads\Jake_a_pirati_ze_Zeme_Nezeme_S1_E10.mp4
2019-02-03 08:37 - 2019-02-03 08:37 - 000051920 _____ C:\Users\XXX\Downloads\The-Blacklist-S06E03(0000307717).srt
2019-02-03 08:30 - 2019-02-03 15:27 - 239164737 _____ C:\Users\XXX\Downloads\The.Blacklist.S06E03.HDTV.x264-KILLERS.mkv
2019-01-30 18:15 - 2019-01-30 18:15 - 000000000 ____D C:\ProgramData\Mozilla
2019-01-29 18:24 - 2019-01-29 18:24 - 074539964 _____ C:\Users\XXX\Downloads\ceska-pornografie-umelohmotny-tripokoj.zip
2019-01-29 18:24 - 2019-01-29 18:24 - 000000000 ____D C:\Users\XXX\Downloads\ceska-pornografie-umelohmotny-tripokoj
2019-01-18 14:52 - 2019-01-18 14:52 - 000042761 _____ C:\Users\XXX\Downloads\dok.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-15 14:05 - 2009-07-14 05:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-15 14:05 - 2009-07-14 05:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-15 14:04 - 2011-02-14 11:17 - 000668792 _____ C:\Windows\system32\perfh005.dat
2019-02-15 14:04 - 2011-02-14 11:17 - 000141420 _____ C:\Windows\system32\perfc005.dat
2019-02-15 14:04 - 2009-07-14 06:13 - 001583226 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-15 14:04 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-02-15 10:38 - 2017-05-09 22:22 - 000000000 ____D C:\Users\XXX\AppData\LocalLow\Mozilla
2019-02-15 10:35 - 2018-04-23 19:20 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-02-15 10:35 - 2017-05-09 22:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-15 10:35 - 2017-05-09 22:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-02-15 10:35 - 2017-05-09 22:10 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-02-15 10:35 - 2017-05-09 22:10 - 000000000 __SHD C:\Users\XXX\IntelGraphicsProfiles
2019-02-15 10:35 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-15 07:05 - 2017-12-27 21:31 - 000002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-15 07:05 - 2017-12-27 21:31 - 000002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-02-14 15:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2019-02-14 09:39 - 2017-05-25 21:11 - 000000000 ____D C:\Windows\system32\MRT
2019-02-14 08:07 - 2017-05-25 21:11 - 129330784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-02-13 20:05 - 2017-05-10 18:14 - 000000000 ____D C:\Users\XXX\AppData\Roaming\vlc
2019-02-10 05:32 - 2017-10-22 18:13 - 000003168 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3709101765-1524951398-3981220775-1000
2019-02-10 05:32 - 2017-10-21 17:38 - 000000000 ___RD C:\Users\XXX\OneDrive
2019-02-10 05:32 - 2017-05-09 22:10 - 000002190 _____ C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2019-02-09 09:39 - 2017-05-09 20:58 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-09 09:25 - 2017-05-09 20:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-01-29 01:55 - 2018-12-11 15:45 - 000000000 ____D C:\Users\XXX\AppData\Local\ElevatedDiagnostics
2019-01-29 01:55 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2019-01-20 16:17 - 2018-04-21 13:27 - 1210752117 _____ C:\Windows\MEMORY.DMP
2019-01-20 16:17 - 2018-04-21 13:27 - 000000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories =======

2018-04-05 22:03 - 2018-11-04 13:00 - 000007663 _____ () C:\Users\XXX\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-04-05 16:48 - 2018-06-17 07:56 - 000534528 _____ () C:\Users\XXX\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-15 07:35

==================== End of FRST.txt ============================

xcite
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 31 bře 2009 16:27

Re: přišel mi Blackmail a prosím pro jistotu o kontrolu

#6 Příspěvek od xcite »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by XXX (15-02-2019 14:07:45)
Running from C:\Users\XXX\Desktop
Windows 7 Professional Service Pack 1 (X64) (2017-05-09 21:10:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3709101765-1524951398-3981220775-500 - Administrator - Disabled)
Guest (S-1-5-21-3709101765-1524951398-3981220775-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3709101765-1524951398-3981220775-1002 - Limited - Enabled)
XXX (S-1-5-21-3709101765-1524951398-3981220775-1000 - Administrator - Enabled) => C:\Users\XXX

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.100.303.215 - ALPS ELECTRIC CO., LTD.)
Bluetooth Monitor 4 (HKLM-x32\...\{61539202-097E-487E-9237-B291AB56D54C}) (Version: 4.08.000 - TOSHIBA)
Canon MF Toolbox 4.9.1.1.mf18 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf18 - CANON INC.)
Canon MF4100 Series (HKLM\...\{239A8D60-270B-42e8-82D3-60D70A2942E0}) (Version: - )
CMEDIA USB2.0 Audio Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392016500}) (Version: 1.0.0.3 - C-Media Electronics, Inc.)
DTS Studio Sound (HKLM-x32\...\{E7C66352-1D0C-406F-B5B2-FE2B23973356}) (Version: 1.02.5600 - DTS, Inc.)
f.lux (HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\Flux) (Version: - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1175 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4360 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.4.51 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{5DD8D7E4-87F1-4134-AD28-4228FB1A03BA}) (Version: 6.0.44.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (HKLM-x32\...\{86905E62-645F-482E-A417-82C812ABD787}) (Version: 1.1.383 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{4c8b7360-62a2-4339-b745-41323055d0bb}) (Version: 18.20.0 - Intel Corporation)
Kindle Converter 3.18.318.381 (HKLM-x32\...\{8142ADA6-F41A-461D-A211-B9B68B09CEAA}_is1) (Version: 3.18.318.381 - eBook Converter Team)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.2.167.1 - McAfee, LLC)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.9 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Office 365 - el-gr (HKLM\...\O365HomePremRetail - el-gr) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Office 365 - hu-hu (HKLM\...\O365HomePremRetail - hu-hu) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Office 365 - pl-pl (HKLM\...\O365HomePremRetail - pl-pl) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Office 365 - sk-sk (HKLM\...\O365HomePremRetail - sk-sk) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 65.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 65.0.1 (x64 cs)) (Version: 65.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
O2Micro OZ776 SCR Driver (HKLM\...\{11868102-FAE6-436D-B794-B4B69E2A88DC}) (Version: 2.1.4.241GS - O2Micro) Hidden
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{11868102-FAE6-436D-B794-B4B69E2A88DC}) (Version: 2.1.4.241GS - O2Micro)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0408-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0415-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.1.2 - pdfforge GmbH)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.21277 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
Sierra Wireless Skylight (HKLM\...\Sierra Wireless Skylight) (Version: 6.0.4320.8402 - Sierra Wireless, Inc.)
Sierra Wireless Toshiba Mobile Broadband Driver Package (HKLM-x32\...\SWIToshibaDrvInstaller) (Version: 6.14.4316.0602 - Sierra Wireless, Inc.)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.0.13880 - TeamViewer)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.13 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.4.6401 - Toshiba Corporation)
TOSHIBA Fingerprint Utility (HKLM\...\{62BBF381-D208-4EF0-B502-6CB6E5B9A161}) (Version: 2.3.10.64401 - Toshiba Corporation)
TOSHIBA Flash Cards (HKLM\...\{2263D049-8953-42C5-997B-CC19FD6CEF4F}) (Version: 9.0.11.6403 - Toshiba Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.16 - TOSHIBA Corporation)
TOSHIBA HWSetup (HKLM-x32\...\{0E94D98C-00A7-4C93-9708-8E5A1859E72E}) (Version: 9.1.1.3205 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\{6C0A2179-56CB-4F1F-9681-E777A4F3C800}) (Version: 9.0.4.3203 - Toshiba Corporation)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.4.6400 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{B507386D-1F61-4E55-B05B-F56ACB0086B3}) (Version: 5.01.05.6401 - Toshiba Corporation)
TOSHIBA Power Saver (HKLM\...\{4573FA6D-5FC1-4CA0-8D90-BAF9325B28ED}) (Version: 9.0.7.6401 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.3.00.8510 - Toshiba Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 3.0.1.0 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{472175F3-ACB2-4977-8CC8-EB971C24F245}) (Version: 2.0.2.3201 - Toshiba Corporation)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.1.0.6404 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{9AF63859-69C8-4B80-A9E3-B64DDB75E551}) (Version: 3.50 - Toshiba Europe GmbH)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Validity WBF DDK 5111 (HKLM\...\{8824790A-7C36-41D3-8127-5BD92623150E}) (Version: 4.5.243.0 - Validity Sensors, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Voice Reader Home 15 Czech-Female (Zuzana) (HKLM-x32\...\{68EFC913-D74E-42B1-8096-BA75D0DA5EDE}) (Version: 15.0.0.0 - Linguatec GmbH)
WhatsApp (HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\WhatsApp) (Version: 0.2.9229 - WhatsApp)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3709101765-1524951398-3981220775-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\XXX\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUOverlayIcon.dll [2013-07-17] (TOSHIBA CORPORATION -> TOSHIBA)
ShellIconOverlayIdentifiers: [TFPUOverlayIcon] -> {8DBDDA23-34E3-4BF1-A107-67B94C080A1F} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll [2015-04-23] (TOSHIBA CORPORATION -> TOSHIBA)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [TFPUContextMenu] -> {2E34EBB9-C147-4DF4-938F-90C5B0837B1E} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll [2015-04-23] (TOSHIBA CORPORATION -> TOSHIBA)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-12-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [TFPUContextMenu] -> {2E34EBB9-C147-4DF4-938F-90C5B0837B1E} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll [2015-04-23] (TOSHIBA CORPORATION -> TOSHIBA)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0203AAFE-B51D-42D5-B32C-9C792B9276F5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {088D8AB2-A6C5-456E-B8BC-AC2609D2C834} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {117F1175-3B4A-4DDD-AB7D-58D3AC853618} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {15C4CC2D-D3F0-4F37-9B94-B81853394294} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3C617356-1958-4AC4-9ABA-A048BAD54B6F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {42B3C504-6996-473B-8C2C-60AE543DD658} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe (DTS, Inc. -> )
Task: {4E4F882E-F931-4162-910B-95A76D79539A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6E230683-599A-4FBF-8CD2-528C67B833B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {7814B64D-5540-4932-B445-5B4C598D515A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {909BFEE5-CCD2-45D8-A6E3-5D63D38E891F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {9518347D-A427-49CC-B141-A703B9E9C104} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A87729D2-8E48-445D-8DF4-14CB411F517B} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe (Intel(R) Software -> Intel Corporation)
Task: {B21E49F7-C844-4531-98F6-0CEBFAC381CC} - System32\Tasks\Toshiba\TemproTray => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe Gmbh -> Toshiba Europe GmbH)
Task: {D3696236-619A-4E8D-BA2F-5502FF7D8D3A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D9843A5A-FC41-4EB3-B0FA-11CD223CE48C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DAFBEFE4-5334-4E96-8D9A-85DBA73295AE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {EE1C0358-36DC-445B-8642-E14DC8ABFDCC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {EF6A9B0B-5FB2-4CE6-BA9D-14E5E33628F8} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {F634361A-7457-44CA-8BC2-91B4FF806B6C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F6F9A1E5-0D84-4134-85C4-8CBB448D4BBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

ShortcutWithArgument: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Ledger Manager.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=beimhnaefocolcplfimocfiaiefpkgbf

==================== Loaded Modules (Whitelisted) ==============

2014-02-19 08:13 - 2014-02-19 08:13 - 000352096 _____ () C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUCommon.dll
2014-10-09 13:39 - 2014-10-09 13:39 - 011237456 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2015-09-30 09:44 - 2015-09-30 09:44 - 000613216 _____ () C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2014-11-05 09:36 - 2014-11-05 09:36 - 000474184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2015-12-30 16:38 - 2015-12-30 16:38 - 000384104 _____ () C:\Windows\system32\igfxTray.exe
2015-11-19 14:10 - 2015-11-19 14:10 - 000020928 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2013-08-20 22:49 - 2013-08-20 22:49 - 000080264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-12-03 20:13 - 2015-12-03 20:13 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-04-21 14:23 - 000000846 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.255.255.10 - 10.255.255.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{803A312A-B3D6-428E-832B-90544BD7C566}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{5D6ADB3B-EC39-4E6F-B20D-A353752BD2C9}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe (Intel(R) Wireless Display -> Microsoft)
FirewallRules: [{15369B3C-A4A7-4680-9E81-361BD2B78891}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe No File
FirewallRules: [{D4EFFD2D-8DEA-4657-B1CE-81239F1CDDA3}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe No File
FirewallRules: [{D0295C46-DF6C-446F-A96C-085E1991DDD3}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe No File
FirewallRules: [{47C66FDD-606E-4DAE-B9B8-D6F3D197E70B}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe (Intel(R) Wireless Display -> Intel)
FirewallRules: [{331488A7-9101-4DFE-AD09-E819B3429AD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{20542CF7-8AD2-43AB-812A-FC3CF755C02B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B325F2A6-6979-4CED-B641-904054E7F535}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{004DE366-9232-4ED0-9931-071AFFA034F1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D43566F4-A422-4801-8F50-190D6EECB319}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{03070D93-74FB-4EAE-AA78-47B729A5761A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{51B122A5-B340-42E2-8985-BFADAAABEC8F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1DB3AE11-1ED2-4574-9484-51FD348A280E}C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanagerlauncher.exe] => (Allow) C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanagerlauncher.exe (Bayerische Motoren Werke AG -> )
FirewallRules: [UDP Query User{5516D722-96A8-43CD-8ACB-BC9FA47602CF}C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanagerlauncher.exe] => (Allow) C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanagerlauncher.exe (Bayerische Motoren Werke AG -> )
FirewallRules: [TCP Query User{C183A1D3-2D27-4207-9B88-92A25217F077}C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanager.exe] => (Allow) C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanager.exe (Bayerische Motoren Werke AG -> )
FirewallRules: [UDP Query User{ACC8464D-24A4-445D-9239-36EE58AFD5F8}C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanager.exe] => (Allow) C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanager.exe (Bayerische Motoren Werke AG -> )
FirewallRules: [TCP Query User{92A5FAA2-211F-44BC-84D2-00F6983E1EBF}C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanagerapp.exe] => (Allow) C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanagerapp.exe (Bayerische Motoren Werke AG -> )
FirewallRules: [UDP Query User{8BBDD975-00FC-4830-BA55-AEE498879CBC}C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanagerapp.exe] => (Allow) C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\jwrapper-windows32jre-00056135645-complete\bin\bmwdownloadmanagerapp.exe (Bayerische Motoren Werke AG -> )
FirewallRules: [TCP Query User{AEA34023-E51C-463D-AAF4-09E129B9EF0B}C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\bmwdownloadmanagerwinlauncher.exe] => (Allow) C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\bmwdownloadmanagerwinlauncher.exe (Bayerische Motoren Werke AG -> )
FirewallRules: [UDP Query User{9C3A09C2-FE25-4353-92FD-DB38F9E8218F}C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\bmwdownloadmanagerwinlauncher.exe] => (Allow) C:\users\xxx\appdata\roaming\jwrapper-bmwdownloadmanager\bmwdownloadmanagerwinlauncher.exe (Bayerische Motoren Werke AG -> )
FirewallRules: [{82534D51-130E-4E45-8D0F-9EA2D409B40E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{CA79269E-C70A-4383-B2BC-187D24683D9A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{5F15D08A-7106-4B64-9182-4B0B7FD7456D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{AE5297EC-980E-4A78-BAFD-94C05E9E18C9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6896CBF4-D06C-4457-A3F2-CFF85B62FDDE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

13-02-2019 18:26:05 Windows Update
14-02-2019 08:07:04 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2019 02:03:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Název chybujícího modulu: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000009a73
ID chybujícího procesu: 0x1868
Čas spuštění chybující aplikace: 0x01d4c52ed4352070
Cesta k chybující aplikaci: C:\Windows\system32\igfxext.exe
Cesta k chybujícímu modulu: C:\Windows\system32\igfxext.exe
ID zprávy: 1c00e2e2-3122-11e9-a446-448500e4fb9b

Error: (02/15/2019 10:41:14 AM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.

Error: (02/15/2019 10:35:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/15/2019 10:31:30 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL na řádku 1.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (02/15/2019 10:31:30 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL na řádku 1.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (02/15/2019 09:18:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Název chybujícího modulu: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000009a73
ID chybujícího procesu: 0x1b34
Čas spuštění chybující aplikace: 0x01d4c5070a8fb4a0
Cesta k chybující aplikaci: C:\Windows\system32\igfxext.exe
Cesta k chybujícímu modulu: C:\Windows\system32\igfxext.exe
ID zprávy: 5225a9a0-30fa-11e9-bf6c-448500e4fb9b

Error: (02/14/2019 03:00:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Název chybujícího modulu: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000009a73
ID chybujícího procesu: 0x670
Čas spuštění chybující aplikace: 0x01d4c46dad112b90
Cesta k chybující aplikaci: C:\Windows\system32\igfxext.exe
Cesta k chybujícímu modulu: C:\Windows\system32\igfxext.exe
ID zprávy: f22bef30-3060-11e9-bf6c-448500e4fb9b

Error: (02/14/2019 02:03:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Název chybujícího modulu: igfxext.exe, verze: 6.15.10.4360, časové razítko: 0x5678c648
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000009a73
ID chybujícího procesu: 0x9d8
Čas spuštění chybující aplikace: 0x01d4c465a5c61470
Cesta k chybující aplikaci: C:\Windows\system32\igfxext.exe
Cesta k chybujícímu modulu: C:\Windows\system32\igfxext.exe
ID zprávy: ea69d350-3058-11e9-bf6c-448500e4fb9b


System errors:
=============
Error: (02/15/2019 02:03:10 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Čtečka čipových karet O2Micro CCID SC Reader 0 odmítla signál IOCTL GET_STATE: Zařízení bylo odebráno.. Pokud chyba přetrvává, čipová karta nebo čtečka pravděpodobně nefungují správně.

Záhlaví příkazu: XX XX XX XX

Error: (02/15/2019 02:03:08 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Error: (02/15/2019 10:35:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (02/15/2019 10:35:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Service Installer TrueKey neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (02/15/2019 10:33:51 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Error: (02/15/2019 10:33:51 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Error: (02/15/2019 10:33:51 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll

Error: (02/15/2019 10:33:46 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 16188.82 MB
Available physical RAM: 11462.2 MB
Total Virtual: 32375.77 MB
Available Virtual: 27709.66 MB

==================== Drives ================================

Drive c: (TIH0130600A) (Fixed) (Total:225.11 GB) (Free:32.53 GB) NTFS

\\?\Volume{0f59064e-3539-19e7-b8ae-e67a921512a0}\ (System) (Fixed) (Total:1.46 GB) (Free:1.17 GB) NTFS
\\?\Volume{1bbebe9c-1d7d-11e6-9e51-ec21e534951f}\ (HDDRECOVERY) (Fixed) (Total:11.67 GB) (Free:0.99 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: přišel mi Blackmail a prosím pro jistotu o kontrolu

#7 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\MountPoints2: {211569fe-c311-11e7-a8e6-448500e4fb9b} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\MountPoints2: {c01eca2d-6813-11e7-9964-448500e4fb9b} - E:\startme.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3709101765-1524951398-3981220775-1000 -> DefaultScope {366444CB-B147-4916-B0EC-B548DA882495} URL = 
SearchScopes: HKU\S-1-5-21-3709101765-1524951398-3981220775-1000 -> {366444CB-B147-4916-B0EC-B548DA882495} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FF Extension: (No Name) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: (No Name) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\extensions\sko-extension@firma.seznam.cz [not found]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR NewTab: Default -> Active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/speeddial/html/newTab.html"
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
2019-02-15 10:35 - 2017-05-09 22:10 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-04-05 16:48 - 2018-06-17 07:56 - 000534528 _____ () C:\Users\XXX\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
CustomCLSID: HKU\S-1-5-21-3709101765-1524951398-3981220775-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\XXX\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {F6F9A1E5-0D84-4134-85C4-8CBB448D4BBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {909BFEE5-CCD2-45D8-A6E3-5D63D38E891F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
FirewallRules: [{15369B3C-A4A7-4680-9E81-361BD2B78891}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe No File
FirewallRules: [{D4EFFD2D-8DEA-4657-B1CE-81239F1CDDA3}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe No File
FirewallRules: [{D0295C46-DF6C-446F-A96C-085E1991DDD3}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe No File

EmptyTemp:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

xcite
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 31 bře 2009 16:27

Re: přišel mi Blackmail a prosím pro jistotu o kontrolu

#8 Příspěvek od xcite »

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by XXX (15-02-2019 16:23:02) Run:1
Running from C:\Users\XXX\Desktop\frst
Loaded Profiles: XXX (Available Profiles: XXX)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\MountPoints2: {211569fe-c311-11e7-a8e6-448500e4fb9b} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\...\MountPoints2: {c01eca2d-6813-11e7-9964-448500e4fb9b} - E:\startme.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3709101765-1524951398-3981220775-1000 -> DefaultScope {366444CB-B147-4916-B0EC-B548DA882495} URL =
SearchScopes: HKU\S-1-5-21-3709101765-1524951398-3981220775-1000 -> {366444CB-B147-4916-B0EC-B548DA882495} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FF Extension: (No Name) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: (No Name) - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\extensions\sko-extension@firma.seznam.cz [not found]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR NewTab: Default -> Active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/speeddial/html/newTab.html"
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
2019-02-15 10:35 - 2017-05-09 22:10 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-04-05 16:48 - 2018-06-17 07:56 - 000534528 _____ () C:\Users\XXX\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
CustomCLSID: HKU\S-1-5-21-3709101765-1524951398-3981220775-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\XXX\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {F6F9A1E5-0D84-4134-85C4-8CBB448D4BBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {909BFEE5-CCD2-45D8-A6E3-5D63D38E891F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
FirewallRules: [{15369B3C-A4A7-4680-9E81-361BD2B78891}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe No File
FirewallRules: [{D4EFFD2D-8DEA-4657-B1CE-81239F1CDDA3}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe No File
FirewallRules: [{D0295C46-DF6C-446F-A96C-085E1991DDD3}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe No File

EmptyTemp:
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{211569fe-c311-11e7-a8e6-448500e4fb9b} => removed successfully
HKLM\Software\Classes\CLSID\{211569fe-c311-11e7-a8e6-448500e4fb9b} => not found
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c01eca2d-6813-11e7-9964-448500e4fb9b} => removed successfully
HKLM\Software\Classes\CLSID\{c01eca2d-6813-11e7-9964-448500e4fb9b} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{366444CB-B147-4916-B0EC-B548DA882495} => removed successfully
HKLM\Software\Classes\CLSID\{366444CB-B147-4916-B0EC-B548DA882495} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => removed successfully
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => path removed successfully
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ck9gt83p.default\extensions\sko-extension@firma.seznam.cz => path removed successfully
C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => path removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
"Chrome NewTab" => removed successfully
HKLM\System\CurrentControlSet\Services\InstallerService => removed successfully
InstallerService => service removed successfully
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Users\XXX\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe => moved successfully
HKU\S-1-5-21-3709101765-1524951398-3981220775-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6F9A1E5-0D84-4134-85C4-8CBB448D4BBA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6F9A1E5-0D84-4134-85C4-8CBB448D4BBA}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{909BFEE5-CCD2-45D8-A6E3-5D63D38E891F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{909BFEE5-CCD2-45D8-A6E3-5D63D38E891F}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{15369B3C-A4A7-4680-9E81-361BD2B78891}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D4EFFD2D-8DEA-4657-B1CE-81239F1CDDA3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0295C46-DF6C-446F-A96C-085E1991DDD3}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29705170 B
Java, Flash, Steam htmlcache => 4391 B
Windows/system/drivers => 20015373482 B
Edge => 0 B
Chrome => 114622267 B
Firefox => 1115443417 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 2831787 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 1094716 B
XXX => 4323739360 B

RecycleBin => 12968696878 B
EmptyTemp: => 35.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:26:30 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: přišel mi Blackmail a prosím pro jistotu o kontrolu

#9 Příspěvek od Diallix »

Ako je na tom pocitac ?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

xcite
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 31 bře 2009 16:27

Re: přišel mi Blackmail a prosím pro jistotu o kontrolu

#10 Příspěvek od xcite »

Velice děkuji, ono mi to chodilo celkem normálně, ale vzhledem k tomu co s tím dělám jsem už měl strach.
Smekám před Váma.
Co byste mi doporučil jako prevenci? Teda když mě baví stahovat kde co.

Velké DÍKY Marek

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: přišel mi Blackmail a prosím pro jistotu o kontrolu

#11 Příspěvek od Diallix »

Nemate zac :D

No, doporucujem vam pouzivat zdravy rozum :]] nestahovat podozrive veci. Osobne by som doporucoval ako ochranu Aviru. Ma dobru databazu a posielam im vzorky malwaru.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

xcite
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 31 bře 2009 16:27

Re: přišel mi Blackmail a prosím pro jistotu o kontrolu

#12 Příspěvek od xcite »

To je jasné, mám na stahovačky tenhle ntb vyhrazen. A AVIRA znám, používal jsem ji.

Díky za vše

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: přišel mi Blackmail a prosím pro jistotu o kontrolu

#13 Příspěvek od Diallix »

Za malicko :]]
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Zamčeno