VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Odstranění crypt

https://forum.viry.cz:443/viewtopic.php?t=151232

Stránka 1 z 1

Odstranění crypt

Napsal: 25 led 2017 17:37
od Tomas.11
Prosím o pomoc s odstraněním červa, který způsobuje šifrování .crypt , nějaký červ mi pořád zaheslovává soubory. Zkoušel jsem systém projet MBAM, ale nenašel žádnou havěť.

Logfile of random's system information tool 1.14 (written by random/random)
Run by admin at 2017-01-25 17:31:16
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 152 GB (64%) free of 238 GB
Total RAM: 1911 MB (54% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:31:21, on 25.1.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files\trend micro\admin_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.hp.com
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/ ... Signed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{53D25EC4-9361-4C88-8825-ECF7907AD361}: NameServer = 192.168.1.1
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8869 bytes

======Enumerating Processes======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
"C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe" -service
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Browny02\BrYNSvc.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\taskhost.exe
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe"
"C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Users\admin\Downloads\RSITx64.exe"
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\taskhost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe41_ Global\UsGthrCtrlFltPipeMssGthrPipe41 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\{F4D8BDAC-932A-48BB-B538-3CD053AF23E4} - C:\Windows\system32\pcalua.exe -a C:\Downloads\sp45687.exe -d C:\Downloads
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-1401928355-2162589318-1405226972-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Office\Office Automatic Updates - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
C:\Windows\system32\tasks\Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /WatchService
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack - C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe scan upload mininterval:2880
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn - C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe scan upload

=========Google Chrome=========

C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.1
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5516.1005.0.3
Homepage:
default_search_provider.search_url:
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13 229064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-01-10 896288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-01-10 2351920]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-01-25 163528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-01-25 720160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-10 1743664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-02-22 168944]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-02-22 394224]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-02-22 418800]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-07-29 16686600]
"Služba Acronis Scheduler2"=C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2013-08-21 519504]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"=C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2014-03-05 7830704]
"AcronisTibMounterMonitor"=C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [2013-10-10 1104104]
"ControlCenter4"=C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [2012-09-06 143360]
"BrStsMon00"=C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2012-06-06 3076096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-02-19 390144]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-01-25 17:31:17 ----D---- C:\Program Files\trend micro
2017-01-25 17:31:16 ----D---- C:\rsit
2017-01-25 15:35:24 ----A---- C:\Windows\system32\pdfcmon.dll
2017-01-25 15:35:06 ----D---- C:\Program Files\PDFCreator
2017-01-25 13:07:46 ----D---- C:\Program Files\CCleaner
2017-01-25 10:27:30 ----D---- C:\Users\admin\AppData\Roaming\Foxit Software
2017-01-25 08:16:41 ----A---- C:\Program Files (x86)\desktop.ini
2017-01-25 08:12:07 ----A---- C:\Program Files\desktop.ini
2017-01-25 08:11:53 ----A---- C:\AiOLog.txt
2017-01-24 21:36:39 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2017-01-24 21:36:26 ----D---- C:\ProgramData\Malwarebytes
2017-01-24 21:36:26 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-01-24 21:36:26 ----A---- C:\Windows\system32\drivers\mwac.sys
2017-01-24 21:36:26 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2017-01-24 21:36:26 ----A---- C:\Windows\system32\drivers\mbam.sys
2017-01-18 20:20:19 ----RHD---- C:\MSOCache
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-01-11 01:19:55 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\wdigest.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\TSpkg.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\sspisrv.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\sspicli.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\schannel.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\secur32.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\rpchttp.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\rpcrt4.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\ncrypt.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\msv1_0.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\msobjs.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\msaudite.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\lsass.exe
2017-01-11 01:19:55 ----A---- C:\Windows\system32\lsasrv.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\kerberos.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-01-11 01:19:55 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-01-11 01:19:55 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-01-11 01:19:55 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-01-11 01:19:55 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-01-11 01:19:55 ----A---- C:\Windows\system32\cryptbase.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\credssp.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\certcli.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\bcrypt.dll
2017-01-11 01:19:55 ----A---- C:\Windows\system32\auditpol.exe
2017-01-11 01:19:55 ----A---- C:\Windows\system32\adtschema.dll
2017-01-10 16:46:35 ----D---- C:\Users\admin\AppData\Roaming\ControlCenter4
2017-01-10 14:49:04 ----A---- C:\Windows\Brpfx04a.ini
2017-01-10 14:49:04 ----A---- C:\Windows\brpcfx.ini
2017-01-10 14:48:07 ----A---- C:\Windows\BRPARAM.INI
2017-01-10 14:31:17 ----D---- C:\Brother
2017-01-10 14:31:11 ----D---- C:\ProgramData\ControlCenter4
2017-01-10 14:31:11 ----D---- C:\Program Files (x86)\Browny02
2017-01-10 14:30:50 ----D---- C:\Program Files (x86)\ControlCenter4
2017-01-10 14:30:49 ----A---- C:\Windows\Brfaxrx.ini
2017-01-10 14:30:43 ----N---- C:\Windows\system32\BrfxDA5c.dll
2017-01-10 14:30:43 ----A---- C:\Windows\brdfxspd.dat
2017-01-10 14:30:42 ----A---- C:\Windows\system32\NSSRH64.dll
2017-01-10 14:30:42 ----A---- C:\Windows\system32\BrWiaNCp.dll
2017-01-10 14:30:42 ----A---- C:\Windows\system32\BrWi211a.dll
2017-01-10 14:30:42 ----A---- C:\Windows\system32\BrSNMP64.dll
2017-01-10 14:30:42 ----A---- C:\Windows\system32\Brnsplg.dll
2017-01-10 14:30:42 ----A---- C:\Windows\system32\BrNetSti.dll
2017-01-10 14:30:42 ----A---- C:\Windows\system32\BrJDec.dll
2017-01-10 14:30:39 ----A---- C:\Windows\SYSWOW64\BRTCPCON.DLL
2017-01-10 14:30:39 ----A---- C:\Windows\SYSWOW64\BRRBI100.EXE
2017-01-10 14:30:39 ----A---- C:\Windows\SYSWOW64\BRPRTINK.DLL
2017-01-10 14:30:39 ----A---- C:\Windows\SYSWOW64\BROSNMP.DLL
2017-01-10 14:30:39 ----A---- C:\Windows\SYSWOW64\BRLMW03A.INI
2017-01-10 14:30:39 ----A---- C:\Windows\SYSWOW64\BRLMW03A.DLL
2017-01-10 14:30:39 ----A---- C:\Windows\SYSWOW64\BRLM03A.DLL
2017-01-10 14:30:36 ----N---- C:\Windows\SYSWOW64\NSSearch.dll
2017-01-10 14:30:36 ----N---- C:\Windows\SYSWOW64\BrDctF2S.dll
2017-01-10 14:30:36 ----N---- C:\Windows\SYSWOW64\BrDctF2L.dll
2017-01-10 14:30:36 ----N---- C:\Windows\SYSWOW64\BrDctF2.dll
2017-01-10 14:30:35 ----D---- C:\Program Files (x86)\Brother
2017-01-10 14:29:24 ----D---- C:\ProgramData\Brother
2017-01-10 14:29:23 ----D---- C:\Users\admin\AppData\Roaming\InstallShield
2017-01-10 13:20:22 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2017-01-10 13:20:21 ----D---- C:\Program Files (x86)\Microsoft Office
2017-01-10 13:15:43 ----D---- C:\Program Files\Microsoft Office 15

======List of files/folders modified in the last 1 month======

2017-01-25 17:31:21 ----D---- C:\Windows\Prefetch
2017-01-25 17:31:18 ----D---- C:\Windows\Temp
2017-01-25 17:31:17 ----RD---- C:\Program Files
2017-01-25 17:10:02 ----D---- C:\Windows\system32\FxsTmp
2017-01-25 15:35:24 ----D---- C:\Windows\System32
2017-01-25 13:34:06 ----SHD---- C:\$Recycle.Bin
2017-01-25 13:34:00 ----RD---- C:\Users
2017-01-25 13:15:30 ----D---- C:\ksoft
2017-01-25 13:09:23 ----D---- C:\Windows\inf
2017-01-25 13:08:17 ----D---- C:\Windows\Panther
2017-01-25 13:08:17 ----D---- C:\Windows\Logs
2017-01-25 13:08:17 ----D---- C:\Windows\debug
2017-01-25 13:08:17 ----D---- C:\Windows
2017-01-25 13:07:50 ----D---- C:\Windows\system32\Tasks
2017-01-25 13:07:17 ----D---- C:\Downloads
2017-01-25 13:04:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-01-25 12:59:06 ----D---- C:\Windows\system32\catroot2
2017-01-25 12:58:18 ----D---- C:\Windows\system32\drivers
2017-01-25 12:58:18 ----D---- C:\Windows\Setup
2017-01-25 12:39:57 ----SHD---- C:\System Volume Information
2017-01-25 09:38:08 ----D---- C:\Windows\system32\config
2017-01-25 09:23:05 ----RD---- C:\Program Files (x86)
2017-01-25 09:23:05 ----D---- C:\Program Files\DVD Maker
2017-01-25 08:16:55 ----D---- C:\ProgramData\TP-LINK
2017-01-25 08:16:49 ----D---- C:\ProgramData\Foxit ContentPlatform
2017-01-25 08:11:53 ----SHD---- C:\Boot
2017-01-24 21:36:26 ----HD---- C:\ProgramData
2017-01-22 22:56:51 ----D---- C:\Users\admin\AppData\Roaming\GHISLER
2017-01-22 22:56:44 ----SHD---- C:\Recovery
2017-01-20 12:55:42 ----D---- C:\Program Files (x86)\TeamViewer
2017-01-14 20:39:12 ----D---- C:\Windows\Microsoft.NET
2017-01-14 20:38:31 ----RSD---- C:\Windows\assembly
2017-01-14 20:37:44 ----D---- C:\Program Files\Common Files\Microsoft Shared
2017-01-14 20:16:08 ----SHD---- C:\Windows\Installer
2017-01-11 10:02:46 ----D---- C:\Windows\rescache
2017-01-11 09:31:14 ----D---- C:\Windows\system32\NDF
2017-01-11 09:23:16 ----D---- C:\Windows\winsxs
2017-01-11 03:19:41 ----D---- C:\Windows\SYSWOW64\cs-CZ
2017-01-11 03:19:41 ----D---- C:\Windows\system32\cs-CZ
2017-01-11 03:19:41 ----AD---- C:\Windows\SysWOW64
2017-01-11 03:03:36 ----D---- C:\Windows\system32\MRT
2017-01-11 03:00:58 ----AC---- C:\Windows\system32\MRT.exe
2017-01-10 16:45:11 ----RSD---- C:\Windows\Fonts
2017-01-10 14:49:01 ----D---- C:\Windows\system32\DriverStore
2017-01-10 14:47:36 ----D---- C:\Windows\twain_32
2017-01-10 14:30:25 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2017-01-10 13:29:41 ----SD---- C:\Users\admin\AppData\Roaming\Microsoft
2017-01-10 13:29:35 ----D---- C:\Program Files (x86)\Common Files
2017-01-10 13:29:32 ----D---- C:\Program Files (x86)\Microsoft.NET
2017-01-10 13:20:20 ----SD---- C:\ProgramData\Microsoft

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fltsrv;Acronis Storage Filter Management; C:\Windows\system32\DRIVERS\fltsrv.sys [2016-10-25 116000]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2015-05-29 646408]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2015-05-29 30960]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2016-10-25 269600]
R0 tib;Acronis TIB Manager; C:\Windows\system32\DRIVERS\tib.sys [2016-10-25 1120032]
R0 tib_mounter;Acronis TIB Mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [2016-10-25 198432]
R0 vididr;Acronis Virtual Disk; C:\Windows\system32\DRIVERS\vididr.sys [2016-10-25 161568]
R0 vidsflt;Acronis Disk Storage Filter; C:\Windows\system32\DRIVERS\vidsflt.sys [2016-10-25 117024]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2016-10-25 367200]
R3 e1kexpress;Intel(R) Network Connections Driver K; C:\Windows\system32\DRIVERS\e1k62x64.sys [2013-07-18 497424]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-02-19 57848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-02-19 12312928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2016-07-29 5220360]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2015-06-18 86672]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2015-06-18 69264]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-10-05 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2017-01-25 192216]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
S3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
S3 Blfp;Broadcom Advanced Server Program Driver; C:\Windows\system32\DRIVERS\basp.sys [2011-08-22 121856]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-10-05 63704]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 tdrpman;Acronis Try&Decide and Restore Points filter; C:\Windows\system32\DRIVERS\tdrpman.sys [2016-10-25 1464096]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2013-08-21 1144688]
R2 afcdpsrv;Acronis Nonstop Backup Service; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2016-10-25 3869688]
R2 BrcmMgmtAgent;Broadcom Management Agent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2011-01-14 163328]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2016-12-13 3042032]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 FoxitReaderService;Foxit Reader Service; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [2016-10-13 1659592]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2016-07-29 314624]
R2 syncagentsrv;Acronis Sync Agent Service; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-02-04 7149264]
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-09-20 7500048]
R3 BrYNSvc;BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-06-05 266240]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-22 154440]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-22 154440]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-11-12 114688]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2016-11-22 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2016-11-22 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\system32\storsvc.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2016-08-25 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-11-29 51384]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]

-----------------EOF-----------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017
Ran by admin (administrator) on ADMIN-PC (25-01-2017 17:41:59)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin & Administrativa & MH)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\Program Files (x86)\totalcmd\TOTALCMD.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\admin\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16686600 2016-07-29] (Realtek Semiconductor)
HKLM\...\Run: [Služba Acronis Scheduler2] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519504 2013-08-21] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7830704 2014-03-05] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104104 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-10] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{44636443-245E-4EF4-BE79-D273F02847D5}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{53D25EC4-9361-4C88-8825-ECF7907AD361}: [NameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-01-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-01-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-01-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-01-25] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-01-10] (Microsoft Corporation)
DPF: HKLM-x32 {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-01-25] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-01-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2017-01-25]
CHR Extension: (Prezentace Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-22]
CHR Extension: (Dokumenty Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-22]
CHR Extension: (Disk Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-22]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-22]
CHR Extension: (Tabulky Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-24]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163328 2011-01-14] (Broadcom Corporation) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-10-13] (Foxit Software Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2016-07-29] (Realtek Semiconductor)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R3 TermService; C:\Windows\System32\termsrv.dll [683520 2016-08-23] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [30960 2015-05-29] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-25] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2016-10-25] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2016-10-25] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2016-10-25] (Acronis International GmbH)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-25 17:41 - 2017-01-25 17:42 - 00012390 _____ C:\Users\admin\Desktop\FRST.txt
2017-01-25 17:41 - 2017-01-25 17:41 - 00029696 _____ C:\Users\admin\AppData\Local\MSGBOX.EXE
2017-01-25 17:41 - 2017-01-25 17:41 - 00015327 _____ C:\Users\admin\Desktop\LM.bat
2017-01-25 17:41 - 2017-01-25 17:41 - 00000000 ____D C:\FRST
2017-01-25 17:40 - 2017-01-25 17:40 - 00112640 _____ (forum.viry.cz) C:\Users\admin\Desktop\FRSTLauncher.exe
2017-01-25 17:39 - 2017-01-25 17:39 - 02420736 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2017-01-25 17:38 - 2017-01-25 17:38 - 01323520 _____ C:\Users\admin\Downloads\RSITx64 (1).exe
2017-01-25 17:31 - 2017-01-25 17:31 - 00000000 ____D C:\rsit
2017-01-25 17:31 - 2017-01-25 17:31 - 00000000 ____D C:\Program Files\trend micro
2017-01-25 17:07 - 2017-01-25 17:07 - 00000000 ____D C:\Users\MH\AppData\Local\Foxit Reader
2017-01-25 16:05 - 2017-01-25 16:05 - 00112224 _____ C:\Users\MH\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-25 15:39 - 2017-01-25 15:39 - 00000000 ____D C:\Users\MH\AppData\Local\PDFCreator
2017-01-25 15:35 - 2017-01-25 17:31 - 00000000 ____D C:\Program Files\PDFCreator
2017-01-25 15:35 - 2017-01-25 15:35 - 00115200 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2017-01-25 15:35 - 2017-01-25 15:35 - 00000836 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2017-01-25 15:35 - 2017-01-25 15:35 - 00000000 ____D C:\Users\admin\AppData\Local\PDFCreator
2017-01-25 15:35 - 2017-01-25 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2017-01-25 15:34 - 2017-01-25 15:34 - 28398896 _____ (pdfforge GmbH ) C:\Users\admin\Downloads\PDFCreator-2_4_0-Setup.exe
2017-01-25 15:28 - 2017-01-25 16:08 - 00000000 ____D C:\Users\MH\AppData\Roaming\Foxit Software
2017-01-25 13:47 - 2017-01-25 13:47 - 01323520 _____ C:\Users\admin\Desktop\RSITx64.exe
2017-01-25 13:34 - 2017-01-25 13:34 - 00001397 _____ C:\Users\MH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-25 13:34 - 2017-01-25 13:34 - 00000635 _____ C:\Users\MH\Desktop\KOSYS – zástupce.lnk
2017-01-25 13:34 - 2017-01-25 13:34 - 00000020 ___SH C:\Users\MH\ntuser.ini
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 _SHDL C:\Users\MH\Šablony
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 _SHDL C:\Users\MH\Soubory cookie
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 _SHDL C:\Users\MH\Poslední
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 _SHDL C:\Users\MH\Okolní tiskárny
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 _SHDL C:\Users\MH\Okolní síť
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 _SHDL C:\Users\MH\Nabídka Start
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 _SHDL C:\Users\MH\Dokumenty
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 _SHDL C:\Users\MH\Documents\Obrázky
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 _SHDL C:\Users\MH\Documents\Hudba
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 _SHDL C:\Users\MH\Documents\Filmy
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 _SHDL C:\Users\MH\Data aplikací
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 _SHDL C:\Users\MH\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 _SHDL C:\Users\MH\AppData\Local\Data aplikací
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 ____D C:\Users\MH\AppData\Roaming\GHISLER
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 ____D C:\Users\MH\AppData\Roaming\ControlCenter4
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 ____D C:\Users\MH\AppData\Roaming\Adobe
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 ____D C:\Users\MH\AppData\Local\Google
2017-01-25 13:34 - 2017-01-25 13:34 - 00000000 ____D C:\Users\MH
2017-01-25 13:34 - 2017-01-22 13:36 - 00009826 _____ C:\Users\MH\HOW_OPEN_FILES.hta
2017-01-25 13:34 - 2016-11-10 12:55 - 00002202 _____ C:\Users\MH\Desktop\podklady p. Rydlová.lnk
2017-01-25 13:34 - 2011-04-12 09:45 - 00000000 ____D C:\Users\MH\AppData\Roaming\Media Center Programs
2017-01-25 13:14 - 2017-01-25 13:32 - 00000000 ____D C:\Users\test\AppData\Roaming\ControlCenter4
2017-01-25 13:13 - 2017-01-25 13:32 - 00000000 ____D C:\Users\test
2017-01-25 13:11 - 2017-01-25 12:40 - 00000635 _____ C:\Users\admin\Desktop\KOSYS – zástupce.lnk
2017-01-25 13:07 - 2017-01-25 13:07 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-01-25 13:07 - 2017-01-25 13:07 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-25 13:07 - 2017-01-25 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-25 13:07 - 2017-01-25 13:07 - 00000000 ____D C:\Program Files\CCleaner
2017-01-25 13:04 - 2017-01-25 13:14 - 00000121 _____ C:\kosdat.mem
2017-01-25 10:27 - 2017-01-25 10:27 - 00000000 ____D C:\Users\admin\AppData\Roaming\Foxit Software
2017-01-25 09:23 - 2017-01-25 09:23 - 00000000 ____D C:\Users\Administrativa\AppData\Local\GHISLER
2017-01-25 08:19 - 2017-01-25 09:22 - 00000637 _____ C:\Users\Administrativa\Desktop\KOSYS – zástupce.lnk
2017-01-25 08:19 - 2017-01-25 09:22 - 00000637 _____ C:\Users\Administrativa\Desktop\KOSYS - záložní ikona.lnk
2017-01-25 08:19 - 2017-01-25 08:19 - 10893616 _____ (TeamViewer GmbH) C:\Users\admin\Downloads\TeamViewer_Setup_cs-uwr.exe
2017-01-25 08:19 - 2017-01-25 08:19 - 01131776 _____ (Microsoft Corporation) C:\Users\admin\Downloads\Setup.X86.cs-cz_O365ProPlusRetail_042538b9-21f4-42a9-8647-7b6799722584_TX_PR_.exe
2017-01-25 08:19 - 2017-01-25 08:19 - 00112224 _____ C:\Users\Administrativa\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-25 08:19 - 2017-01-25 08:19 - 00002202 _____ C:\Users\Administrativa\Desktop\podklady p. Rydlová.lnk
2017-01-25 08:19 - 2017-01-25 08:19 - 00000020 ___SH C:\Users\Administrativa\ntuser.ini
2017-01-25 08:18 - 2017-01-25 08:19 - 140485160 _____ (A.I.SOFT,INC.) C:\Users\admin\Downloads\MFC-J5910DW-inst-C1-eeu.EXE
2017-01-25 08:18 - 2017-01-25 08:18 - 00285176 _____ (DriverPack) C:\Users\admin\Downloads\DriverPack-Online_769331068.1471861558.exe
2017-01-25 08:17 - 2017-01-25 08:17 - 00111344 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-25 08:11 - 2017-01-25 08:11 - 00000085 _____ C:\AiOLog.txt
2017-01-24 21:43 - 2017-01-24 21:34 - 01035008 _____ (Emsisoft Ltd) C:\Users\admin\Desktop\decrypt_GlobeImposter.exe
2017-01-24 21:36 - 2017-01-25 13:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-24 21:36 - 2017-01-24 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-01-24 21:36 - 2017-01-24 21:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-24 21:36 - 2017-01-24 21:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-01-24 21:36 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-01-24 21:36 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-01-24 21:36 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-24 21:28 - 2017-01-24 21:28 - 00000020 ___SH C:\Users\admin\ntuser.ini
2017-01-22 13:36 - 2017-01-22 13:36 - 00788544 _____ C:\Users\Administrativa\AppData\Local\IconCache.db.crypt
2017-01-22 13:36 - 2017-01-22 13:36 - 00112272 _____ C:\Users\Administrativa\AppData\Local\GDIPFONTCACHEV1.DAT.crypt
2017-01-22 13:36 - 2017-01-22 13:36 - 00009826 _____ C:\Users\Default\HOW_OPEN_FILES.hta
2017-01-22 13:36 - 2017-01-22 13:36 - 00009826 _____ C:\Users\Administrativa\AppData\Roaming\HOW_OPEN_FILES.hta
2017-01-22 13:36 - 2017-01-22 13:36 - 00009826 _____ C:\Users\Administrativa\AppData\Local\HOW_OPEN_FILES.hta
2017-01-22 13:34 - 2017-01-22 13:34 - 00780208 _____ C:\Users\admin\AppData\Local\IconCache.db.crypt
2017-01-22 13:34 - 2017-01-22 13:34 - 00111392 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT.crypt
2017-01-22 13:34 - 2017-01-22 13:34 - 00009826 _____ C:\Users\admin\AppData\Local\HOW_OPEN_FILES.hta
2017-01-18 20:20 - 2017-01-18 20:20 - 00000000 __RHD C:\MSOCache
2017-01-18 14:10 - 2017-01-18 14:10 - 00000000 ____D C:\Users\Administrativa\AppData\Local\TeamViewer
2017-01-16 11:55 - 2017-01-25 08:19 - 00000000 ____D C:\Users\Administrativa\AppData\Roaming\PC-FAX TX
2017-01-15 20:10 - 2017-01-15 20:10 - 00012544 _____ C:\Users\admin\Desktop\[CzT]Fantasticka_zvirata_a_kde_je_najit_Fantastic_Beasts_and_Where_to_Find_Them_2016_WebRip_.torrent
2017-01-12 14:03 - 2017-01-12 14:04 - 00000000 ____D C:\Users\Administrativa\AppData\Roaming\Foxit Software
2017-01-12 11:53 - 2017-01-12 11:53 - 00000000 ____D C:\Users\Administrativa\AppData\Roaming\TeamViewer
2017-01-11 09:34 - 2017-01-25 08:19 - 00000000 ____D C:\Users\Administrativa\AppData\Roaming\GHISLER
2017-01-11 09:34 - 2017-01-11 09:34 - 00001397 _____ C:\Users\Administrativa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-11 09:34 - 2017-01-11 09:34 - 00000000 ____D C:\Users\Administrativa\AppData\Roaming\DRPSu
2017-01-11 09:34 - 2017-01-11 09:34 - 00000000 ____D C:\Users\Administrativa\AppData\Roaming\ControlCenter4
2017-01-11 09:34 - 2017-01-11 09:34 - 00000000 ____D C:\Users\Administrativa\AppData\Roaming\Adobe
2017-01-11 09:34 - 2017-01-11 09:34 - 00000000 ____D C:\Users\Administrativa\AppData\Local\Google
2017-01-11 09:33 - 2017-01-25 09:23 - 00000000 ____D C:\Users\Administrativa
2017-01-11 09:33 - 2017-01-11 09:33 - 00000000 _SHDL C:\Users\Administrativa\Šablony
2017-01-11 09:33 - 2017-01-11 09:33 - 00000000 _SHDL C:\Users\Administrativa\Soubory cookie
2017-01-11 09:33 - 2017-01-11 09:33 - 00000000 _SHDL C:\Users\Administrativa\Poslední
2017-01-11 09:33 - 2017-01-11 09:33 - 00000000 _SHDL C:\Users\Administrativa\Okolní tiskárny
2017-01-11 09:33 - 2017-01-11 09:33 - 00000000 _SHDL C:\Users\Administrativa\Okolní síť
2017-01-11 09:33 - 2017-01-11 09:33 - 00000000 _SHDL C:\Users\Administrativa\Nabídka Start
2017-01-11 09:33 - 2017-01-11 09:33 - 00000000 _SHDL C:\Users\Administrativa\Dokumenty
2017-01-11 09:33 - 2017-01-11 09:33 - 00000000 _SHDL C:\Users\Administrativa\Documents\Obrázky
2017-01-11 09:33 - 2017-01-11 09:33 - 00000000 _SHDL C:\Users\Administrativa\Documents\Hudba
2017-01-11 09:33 - 2017-01-11 09:33 - 00000000 _SHDL C:\Users\Administrativa\Documents\Filmy
2017-01-11 09:33 - 2017-01-11 09:33 - 00000000 _SHDL C:\Users\Administrativa\Data aplikací
2017-01-11 09:33 - 2017-01-11 09:33 - 00000000 _SHDL C:\Users\Administrativa\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-01-11 09:33 - 2017-01-11 09:33 - 00000000 _SHDL C:\Users\Administrativa\AppData\Local\Data aplikací
2017-01-11 09:33 - 2011-04-12 09:45 - 00000000 ____D C:\Users\Administrativa\AppData\Roaming\Media Center Programs
2017-01-11 01:19 - 2017-01-05 19:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-11 01:19 - 2017-01-05 19:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-11 01:19 - 2017-01-05 19:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-11 01:19 - 2017-01-05 19:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-11 01:19 - 2017-01-05 18:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-11 01:19 - 2017-01-05 18:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 01:19 - 2017-01-05 18:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-11 01:19 - 2017-01-05 18:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 01:19 - 2017-01-05 18:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-11 01:19 - 2017-01-05 18:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-11 01:19 - 2017-01-05 18:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-11 01:19 - 2017-01-05 18:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-11 01:19 - 2017-01-05 18:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-11 01:19 - 2017-01-05 18:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-11 01:19 - 2017-01-05 18:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-11 01:19 - 2017-01-05 18:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-11 01:19 - 2017-01-05 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-11 01:19 - 2017-01-05 18:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-11 01:19 - 2017-01-05 18:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-11 01:19 - 2017-01-05 18:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-11 01:19 - 2017-01-05 18:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-11 01:19 - 2017-01-05 18:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-11 01:19 - 2017-01-05 18:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-11 01:19 - 2017-01-05 18:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-11 01:19 - 2017-01-05 18:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-11 01:19 - 2017-01-05 18:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-11 01:19 - 2017-01-05 18:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-10 17:52 - 2017-01-10 17:52 - 00000000 ____D C:\Users\admin\AppData\Local\GHISLER
2017-01-10 16:46 - 2017-01-10 16:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\ControlCenter4
2017-01-10 14:49 - 2017-01-19 11:47 - 00000777 _____ C:\Windows\Brpfx04a.ini
2017-01-10 14:49 - 2017-01-10 14:49 - 00000065 _____ C:\Windows\brpcfx.ini
2017-01-10 14:49 - 2017-01-10 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2017-01-10 14:48 - 2017-01-10 14:48 - 00002944 _____ C:\Windows\BRPARAM.INI
2017-01-10 14:31 - 2017-01-10 14:31 - 00000000 ____D C:\Users\Public\Documents\BrFaxRx
2017-01-10 14:31 - 2017-01-10 14:31 - 00000000 ____D C:\ProgramData\ControlCenter4
2017-01-10 14:31 - 2017-01-10 14:31 - 00000000 ____D C:\Program Files (x86)\Browny02
2017-01-10 14:31 - 2017-01-10 14:31 - 00000000 ____D C:\Brother
2017-01-10 14:30 - 2017-01-10 14:31 - 00000066 _____ C:\Windows\Brfaxrx.ini
2017-01-10 14:30 - 2017-01-10 14:31 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2017-01-10 14:30 - 2017-01-10 14:30 - 00000000 ____D C:\Program Files (x86)\Brother
2017-01-10 14:30 - 2012-09-10 16:31 - 00245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2017-01-10 14:30 - 2012-07-09 17:19 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2017-01-10 14:30 - 2012-07-05 12:49 - 01441280 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrWi211a.dll
2017-01-10 14:30 - 2012-07-05 12:32 - 00084480 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrNetSti.dll
2017-01-10 14:30 - 2012-06-05 07:59 - 00025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
2017-01-10 14:30 - 2012-03-19 05:09 - 00316928 _____ (brother) C:\Windows\system32\NSSRH64.dll
2017-01-10 14:30 - 2010-09-23 09:14 - 00058880 _____ (Brother Industries,Ltd.) C:\Windows\system32\BrWiaNCp.dll
2017-01-10 14:30 - 2010-09-23 09:13 - 00051712 _____ (Brother Industries,Ltd) C:\Windows\system32\Brnsplg.dll
2017-01-10 14:30 - 2010-05-20 06:33 - 00103792 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBI100.EXE
2017-01-10 14:30 - 2010-04-01 11:27 - 00278528 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrJDec.dll
2017-01-10 14:30 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2017-01-10 14:30 - 2010-03-15 17:20 - 00050176 _____ (Brother Industries Ltd.) C:\Windows\SysWOW64\BRPRTINK.DLL
2017-01-10 14:30 - 2010-02-05 03:42 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2017-01-10 14:30 - 2009-12-08 16:19 - 00290304 ____N (Brother Industries, Ltd.) C:\Windows\system32\BrfxDA5c.dll
2017-01-10 14:30 - 2007-12-13 22:16 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2017-01-10 14:30 - 2005-04-22 05:36 - 00143360 _____ C:\Windows\system32\BrSNMP64.dll
2017-01-10 14:30 - 2005-01-17 08:10 - 00045056 _____ C:\Windows\SysWOW64\BRTCPCON.DLL
2017-01-10 14:30 - 2004-08-09 08:00 - 00000114 _____ C:\Windows\SysWOW64\BRLMW03A.INI
2017-01-10 14:30 - 2004-08-09 07:42 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
2017-01-10 14:30 - 2003-11-28 18:57 - 00000000 _____ C:\Windows\brdfxspd.dat
2017-01-10 14:29 - 2017-01-10 14:48 - 00000000 ____D C:\ProgramData\Brother
2017-01-10 14:09 - 2017-01-10 14:09 - 00000000 ____D C:\Users\admin\Downloads\install
2017-01-10 13:20 - 2017-01-14 20:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-10 13:20 - 2017-01-14 20:15 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-10 13:20 - 2017-01-10 13:20 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-01-10 13:17 - 2017-01-10 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-10 13:15 - 2017-01-25 09:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-12-28 08:55 - 2016-12-28 08:55 - 00000000 ____D C:\Users\admin\AppData\Local\Programs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-25 17:10 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-01-25 13:15 - 2016-11-10 12:49 - 00000000 ____D C:\ksoft
2017-01-25 13:14 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-25 13:10 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2017-01-25 13:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-25 13:08 - 2016-07-13 13:42 - 00000000 ____D C:\Windows\Panther
2017-01-25 13:07 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-25 13:07 - 2009-07-14 05:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-25 13:04 - 2016-11-10 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kosys
2017-01-25 13:04 - 2011-04-12 09:34 - 00668138 _____ C:\Windows\system32\perfh005.dat
2017-01-25 13:04 - 2011-04-12 09:34 - 00140798 _____ C:\Windows\system32\perfc005.dat
2017-01-25 13:04 - 2009-07-14 06:13 - 01582262 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-25 12:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-25 12:58 - 2009-07-14 05:45 - 00000000 ____D C:\Windows\Setup
2017-01-25 09:23 - 2016-08-22 11:56 - 00000000 ___RD C:\Users\admin\Documents\Scanned Documents
2017-01-25 09:23 - 2016-07-13 12:48 - 00000000 ____D C:\Users\admin
2017-01-25 09:23 - 2011-04-12 09:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-01-25 09:23 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-01-25 08:48 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-01-25 08:16 - 2016-11-10 12:51 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform
2017-01-25 08:16 - 2016-08-22 11:13 - 00000000 ____D C:\ProgramData\TP-LINK
2017-01-22 22:56 - 2016-12-20 22:21 - 00000000 ____D C:\Users\admin\AppData\Roaming\GHISLER
2017-01-20 12:55 - 2016-10-13 15:36 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-14 20:37 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-01-11 10:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2017-01-11 09:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-11 03:03 - 2016-08-23 11:51 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 03:00 - 2016-08-23 11:50 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-10 16:45 - 2009-07-14 05:45 - 00436448 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-10 14:30 - 2016-08-22 11:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2017-01-22 13:34 - 2017-01-22 13:34 - 0009826 _____ () C:\Users\admin\AppData\Local\HOW_OPEN_FILES.hta
2017-01-25 17:41 - 2017-01-25 17:41 - 0029696 _____ () C:\Users\admin\AppData\Local\MSGBOX.EXE

Some files in TEMP:
====================
2017-01-25 08:17 - 2017-01-25 08:17 - 0612296 _____ () C:\Users\admin\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-24 20:24

==================== End of FRST.txt ============================

Re: Odstranění crypt

Napsal: 25 led 2017 17:48
od Rudy
Zdravím!
PC vám můžeme odvirovat, ale dekrptování nemůžeme provést. K tomu je třeba přímý přístup do PC, což nemáme právně ošetřeno. Pokud to bude možné,k soubory vám dekryptují naši kolegové zde: https://neslape.cz/?utm_campaign=neslap ... ium=banner . Máte-li zájem, spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Odstranění crypt

Napsal: 25 led 2017 17:57
od Tomas.11
Potřeboval bych ze systému odstranit ten prográmek co mi to šifruje / šifroval. Data si obnovím ze zálohy. Odkryptovat naštěstí nic není třeba. Mohl bych vás poprosit?

# AdwCleaner v6.042 - Log vytvořen 25/01/2017 v 17:54:29
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-25.2 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : admin - ADMIN-PC
# Spuštěno z : C:\Users\admin\Desktop\adwcleaner_6.042.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****



***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [813 Bajty] - [25/01/2017 17:54:29]
C:\AdwCleaner\AdwCleaner[S0].txt - [1384 Bajty] - [25/01/2017 17:54:20]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [958 Bajty] ##########

Re: Odstranění crypt

Napsal: 25 led 2017 18:06
od Rudy
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\admin\AppData\Local\Temp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Odstranění crypt

Napsal: 25 led 2017 18:18
od Tomas.11
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017
Ran by admin (25-01-2017 18:16:15) Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin & Administrativa & MH)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\admin\AppData\Local\Temp

EmptyTemp:
End
*****************

HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully

"C:\Users\admin\AppData\Local\Temp" folder move:

Could not move "C:\Users\admin\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 9826 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16162962 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 657079 B
Edge => 0 B
Chrome => 107213225 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 66228 B
LocalService => 66228 B
NetworkService => 66228 B
admin => 1611654036 B
Administrativa => 8078425 B
test => 128 B
MH => 9220977 B

RecycleBin => 867056 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-01-2017 18:18:40)

C:\Users\admin\AppData\Local\Temp => moved successfully

==== End of Fixlog 18:18:41 ====

Re: Odstranění crypt

Napsal: 25 led 2017 19:11
od Rudy
Smazáno. Ještě udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: Odstranění crypt

Napsal: 25 led 2017 23:25
od Tomas.11
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 25.1.2017
Čas skenování: 19:36
Protokol:
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2017.01.25.06
Databáze rootkitů: v2016.11.20.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: admin

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 493037
Uplynulý čas: 3 hod, 0 min, 1 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 10
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\diagnostics, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\events, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\Internet, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\Logs, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\ohm, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\PROGRAMS, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\snapshots, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp, , [de3ced9374344fe759019d07b749946c],

Soubory: 301
PUP.Optional.DriverPack, C:\Users\admin\Downloads\DriverPack-Online_769331068.1471861558.exe, , [51c990f0cfd9033302d41b98629e748c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\diagnostics\hardware.json, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\diagnostics\hardware.json.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\diagnostics\HOW_OPEN_FILES.hta, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\diagnostics\localdiagnostics.json, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\diagnostics\localdiagnostics.json.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\diagnostics\soft.json, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\diagnostics\soft.json.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\diagnostics\softchanges.json, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\diagnostics\softchanges.json.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-NTx64-12.8.20.1002_rst-drp.zip.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Acer-WinAll-drp.zip, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Acer-WinAll-drp.zip.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Atheros-FORCED-7x64-USB_9.2.0.19-drp.zip, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Atheros-FORCED-7x64-USB_9.2.0.19-drp.zip.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\HOW_OPEN_FILES.hta, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-7x64-HD_8.15.10.2993-drp.zip, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-7x64-HD_8.15.10.2993-drp.zip.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-7x64-PRO1000-drp.zip, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-7x64-PRO1000-drp.zip.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-Audio-NTx64-2804-drp.zip, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-Audio-NTx64-2804-drp.zip.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-HECI-WinAll-3B64_6.2-drp.zip, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-HECI-WinAll-3B64_6.2-drp.zip.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-MESRL-WinAll-3B67_6.2-drp.zip, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-MESRL-WinAll-3B67_6.2-drp.zip.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-NTx64-12.8.20.1002_rst-drp.zip, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Intel-WinAll-Chipset-9.3.2.1020_NEW-drp.zip, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Intel-WinAll-Chipset-9.3.2.1020_NEW-drp.zip.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\LG-FORCED-10x64-drp.zip, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\LG-FORCED-10x64-drp.zip.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Logitech-FORCED-Allx64-SetPoint-drp.zip, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Logitech-FORCED-Allx64-SetPoint-drp.zip.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Nuvoton-Allx64-drp.zip, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Nuvoton-Allx64-drp.zip.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Realtek-FORCED-NTx64-7891-drp.zip, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\DRIVERS\Realtek-FORCED-NTx64-7891-drp.zip.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\events\e-1485289704801-notifier, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\events\e-1485289706631-notifier, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\Internet\HOW_OPEN_FILES.hta, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\Internet\WifiInterface.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\Internet\WifiInterface.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\Logs\HOW_OPEN_FILES.hta, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\Logs\log___2016-08-22-12-26-20.html, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\Logs\log___2016-08-22-12-26-20.html.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\Logs\log___2016-08-22-12-32-44.html, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\Logs\log___2016-08-22-12-32-44.html.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\ohm\HOW_OPEN_FILES.hta, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\ohm\openhardwaremonitor.zip, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\ohm\openhardwaremonitor.zip.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\PROGRAMS\DirectX.exe, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\PROGRAMS\DirectX.exe.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\PROGRAMS\DotNet.exe, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\PROGRAMS\DotNet.exe.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\PROGRAMS\DriverPack-Notifier.exe, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\PROGRAMS\DriverPack-Notifier.exe.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\PROGRAMS\HOW_OPEN_FILES.hta, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\PROGRAMS\RuntimePack.exe, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\PROGRAMS\RuntimePack.exe.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20160822_122623.zip, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20160822_122623.zip.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20160822_123247.zip, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20160822_123247.zip.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\snapshots\HOW_OPEN_FILES.hta, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_15303.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_34527.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_34527.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_40303.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_40303.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_47139.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_47139.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_49396.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_49396.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_50255.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_50255.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_54178.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_54178.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_58675.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_58675.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_64912.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_64912.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_65205.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_65205.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_73465.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_73465.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_769.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_769.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_80925.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_80925.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_83147.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_83147.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_83303.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_24966.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_24966.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_26587.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_26587.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_27807.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_27807.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_28790.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_28790.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_34527.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_34527.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_40303.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_40303.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_47139.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_47139.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_49396.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_49396.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_50255.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_50255.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_54178.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_54178.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_58675.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_58675.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_64912.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_64912.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_65205.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_65205.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_73465.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_73465.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_769.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\ps.is5wdrwv.iei6h.cmd.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\ps.is5wdrwv.iei6h.cmd.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\ps.is5wdrwv.iei6h.stderr.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\ps.is5wdrwv.iei6h.stderr.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\ps.is5wdrwv.iei6h.stdout.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\ps.is5wdrwv.iei6h.stdout.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\ps.is5wm01t.e2zbv.cmd.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\ps.is5wm01t.e2zbv.cmd.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\ps.is5wm01t.e2zbv.stderr.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\ps.is5wm01t.e2zbv.stderr.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\ps.is5wm01t.e2zbv.stdout.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_15303.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_54178.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_15303.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_47139.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\ps.is5wm01t.e2zbv.stdout.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_34527.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_28790.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_83303.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_2409.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_769.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_58675.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_58675.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_64912.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_64912.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_65205.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_65205.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_83147.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_83147.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_85148.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_85148.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_92119.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_92119.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_49396.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_49396.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_50255.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_50255.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_54178.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_54178.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_58675.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_58675.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_64912.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_64912.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_65205.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_65205.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_80925.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_80925.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_83147.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_83147.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_85148.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_85148.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_92119.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_92119.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_47139.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_47139.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_49396.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_49396.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_50255.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_50255.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_54178.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_54178.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_58675.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_58675.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_64912.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_64912.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_65205.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_65205.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_80925.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_80925.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_83147.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_83147.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_85148.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_85148.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_92119.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_92119.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_undefined.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_undefined.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_19071.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_19071.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_21810.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_21810.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_2409.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_2409.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_24966.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_24966.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_28790.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_28790.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_34527.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_34527.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_47139.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_47139.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_49396.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_49396.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_50255.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_50255.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\devcon_54178.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\driversInstallationStatus.json, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\driversInstallationStatus.json.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\HOW_OPEN_FILES.hta, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\installing_26587.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\installing_26587.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\installing_73465.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\installing_73465.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\installing_769.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\installing_769.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_15303.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_19071.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_19071.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_21810.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_21810.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_2409.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_2409.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_24966.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_24966.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_28790.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_28790.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_34527.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_34527.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\log_zip_file_47139.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_15303.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_15303.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_19071.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_19071.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_21810.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_21810.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_2409.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_2409.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_24966.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_24966.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_28790.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_28790.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\unzipping_34527.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_11754.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_11754.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_15303.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_15303.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_15945.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_15945.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_19071.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_19071.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_21810.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_21810.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_2409.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_2409.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_24966.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_24966.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_26587.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_26587.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_27807.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_27807.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_28790.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_85148.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_85148.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_92119.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_92119.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_9409.txt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_finished_9409.txt.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_11754.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_11754.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_15303.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_15303.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_15945.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_15945.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_19071.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_19071.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_21810.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_21810.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_2409.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_80925.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_80925.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_83147.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_83147.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_83303.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_83303.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_85148.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_85148.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_92119.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_92119.log.crypt, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_9409.log, , [de3ced9374344fe759019d07b749946c],
PUP.Optional.DriverPack, C:\Users\admin\AppData\Roaming\DRPSu\temp\wget_log_9409.log.crypt, , [de3ced9374344fe759019d07b749946c],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Re: Odstranění crypt

Napsal: 26 led 2017 17:15
od Rudy
Vše, co MBAM nalezl, smažte.

Re: Odstranění crypt

Napsal: 26 led 2017 18:08
od Tomas.11
Smazáno. Díky, vypadá to že už nic nekryptuje.

Co to bylo za vira? Na druhém PC s Windows XP SP3 se mi dostal i přes ESET Smart Security 9 :(. Musel jsem ho obnovit ze zálohy. Údajně se mol rozšířit přes remote desktop, který používám, bylo tam dost slabé heslo. Heslo jsem změnil, ale nejsem si jistý, jestli to stačí :(.

Na tomto PC s Windows 7 jsem ESETa neměl nainstalován, vždy mě defender a firewall ochránil, ale taky tam bylo slabé heslo na RDP a bum, hotovo.

Re: Odstranění crypt

Napsal: 26 led 2017 19:17
od Rudy
To jsem rád. Heslo musí být dostatečně silné (kombinace malých a velkých znaků a diakrtikckých znamének, nejméně 6ti znakové). Virus je to cryptolocker.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz