Ransomware Master

Zpráva

ms-boss · #1 Příspěvek od **ms-boss** » 31 kvě 2017 21:06

Ahoj,
dnes jsem se po práci chtěl připojit k počítači přes vzdálenou plochu a zjistil jsem, že veškeré soubory jsou zakryptované s příponou .master. Během dne jsem se možná na chvilku připojil z práce, ale rozhodně jsem nic nestahoval ani nespouštěl nic staženého.
Na ploše jsem měl soubor s názvem "!#_RESTORE_FILES_#!.inf" s následujícím textem:

[WHAT HAPPENED]
Your important files produced on this computer have been encrypted due a security problem
If you want to restore them, write us to the e-mail: unlocking.guarantee@aol.com
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.

[FREE DECRYPTION AS GUARANTEE]
Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information
and their total size must be less than 1Mb

[HOW TO OBTAIN BITCOINS]
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller
by payment method and price
https://localbitcoins.com/buy_bitcoins

[ATTENTION]
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
If you not write on e-mail in 36 hours - your key has been deleted and you cant decrypt your files

Your ID:

c8+zVFm9YS5ZxK8Yt50QO7sN+jT4kXnLmvldne5GHghuem03IA9NUIDdE7NLw6iZ80fFig8/Rb0IGu2iRZ1mE2Y5Vi77u4Jteitf9Uolhh20ziQy8qXstY5umgppiy15ZdZ51UuKLZnaD12A7HtJsgjQQ80kKCdX7hpbQNcMcUk=

Moje verze systému je Windows 7 x64 CZ, zakoupený legálně v českém obchodě.
Pomůžete mi prosím?

Výpis z FRST (FRST.txt):

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-05-2017
Ran by MS-BOSS (administrator) on MS-BOSS-BIG (31-05-2017 21:46:25)
Running from C:\Users\MS-BOSS\Desktop
Loaded Profiles: MS-BOSS & remote (Available Profiles: MS-BOSS & Zora & Marta & Pavel & remote & Denča & Pavlík & Mira & sunshinekx)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: "C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ABBYY InfoPoisk LLC) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Intel Corporation) C:\NOSPACE\RSoft\bin\smpd.exe.[unlocking.guarantee@aol.com].master
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\NOSPACE\RSoft\bin\rslmd.exe.[unlocking.guarantee@aol.com].master
() C:\Windows\runSW.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Realtek) C:\Windows\SwUSB.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Design Science, Inc.) C:\Program Files (x86)\MathType\MathType.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Igor Pavlov) C:\Program Files (x86)\7-Zip\7zFM.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Opera Software) C:\Program Files (x86)\Opera\45.0.2552.812\opera.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Spotify Ltd) C:\Users\MS-BOSS\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
() C:\Program Files (x86)\EAGLE-7.2.0\bin\eagle.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(ARM Ltd and ARM Germany GmbH) C:\NOSPACE\Keil_v5\UV4\UV4.exe.[unlocking.guarantee@aol.com].master
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Medvedik) C:\Program Files (x86)\TED Notepad\TedNPad.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Farfetch) C:\Users\MS-BOSS\Downloads\kissme3005_guarantee_cr64.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\MS-BOSS\AppData\Local\Vivaldi\Application\vivaldi.exe
(forum.viry.cz) C:\Users\MS-BOSS\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133408 2012-09-11] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [29246632 2017-05-30] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-1415804882-838916977-258804726-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-1415804882-838916977-258804726-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-1415804882-838916977-258804726-1000\...\Run: [Spotify] => C:\Users\MS-BOSS\AppData\Roaming\Spotify\Spotify.exe [7009904 2017-05-28] (Spotify Ltd)
HKU\S-1-5-21-1415804882-838916977-258804726-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1415804882-838916977-258804726-1000\...\Run: [Spotify Web Helper] => C:\Users\MS-BOSS\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1560176 2017-05-28] (Spotify Ltd)
HKU\S-1-5-21-1415804882-838916977-258804726-1000\...\Run: [DECRYPTINFO] => C:\Users\MS-BOSS\AppData\Roaming\!#_RESTORE_FILES_#!.inf [1222 2017-05-31] ()
HKU\S-1-5-21-1415804882-838916977-258804726-1000\...\MountPoints2: I - I:\setup.exe
HKU\S-1-5-21-1415804882-838916977-258804726-1000\...\MountPoints2: {48c72333-b4ba-11e6-8c7f-00269ececea2} - L:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
HKU\S-1-5-21-1415804882-838916977-258804726-1000\...\MountPoints2: {7b436c7f-3b19-11e6-9414-bc5ff4ec4c17} - M:\AutoRunCD.exe
HKU\S-1-5-21-1415804882-838916977-258804726-1000\...\MountPoints2: {d9f5542c-4fd4-11e6-9fe9-bc5ff4ec4c17} - Explorer.exe monitor.htm
HKU\S-1-5-21-1415804882-838916977-258804726-1000\...\MountPoints2: {dae44c2d-3b06-11e6-94ba-bc5ff4ec4c17} - I:\setup.exe
HKU\S-1-5-21-1415804882-838916977-258804726-1000\...\MountPoints2: {dae44c32-3b06-11e6-94ba-bc5ff4ec4c17} - J:\setup.exe
HKU\S-1-5-21-1415804882-838916977-258804726-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\Orbitron.scr [110080 2005-02-10] (Sebastian Stoff)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
Startup: C:\Users\Mira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 5.1.lnk [2017-01-26]
ShortcutTarget: LibreOffice 5.1.lnk -> C:\Program Files\LibreOffice 5\program\quickstart.exe ()
Startup: C:\Users\Pavlík\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 5.1.lnk [2017-02-01]
ShortcutTarget: LibreOffice 5.1.lnk -> C:\Program Files\LibreOffice 5\program\quickstart.exe ()
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 185.97.254.158    api.facepunch.com
Tcpip\Parameters: [DhcpNameServer] 147.32.127.214 195.113.144.194
Tcpip\..\Interfaces\{3E9AFA86-A183-4CF8-BDDF-184B70530F3C}: [DhcpNameServer] 147.32.127.214 195.113.144.194
Tcpip\..\Interfaces\{6E88F148-7EEB-4E23-B034-603F200A8C30}: [DhcpNameServer] 147.32.127.214 195.113.144.194

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-23] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-05-06] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-23] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-05-05] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-23] (Oracle Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: acsnl7ho.default
FF DefaultProfile: xd6mmnnu.default
FF ProfilePath: C:\Users\MS-BOSS\AppData\Roaming\Zotero\Zotero\Profiles\acsnl7ho.default [2017-05-24]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2017-05-17] [not signed]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2017-05-17] [not signed]
FF ProfilePath: C:\Users\MS-BOSS\AppData\Roaming\Mozilla\Firefox\Profiles\xd6mmnnu.default [2017-05-31]
FF Extension: (Zotero) - C:\Users\MS-BOSS\AppData\Roaming\Mozilla\Firefox\Profiles\xd6mmnnu.default\Extensions\zotero@chnm.gmu.edu.xpi [2017-05-31]
FF Extension: (Zotero LibreOffice Integration) - C:\Users\MS-BOSS\AppData\Roaming\Mozilla\Firefox\Profiles\xd6mmnnu.default\Extensions\zoteroOpenOfficeIntegration@zotero.org [2016-06-29]
FF Extension: (Zotero Word for Windows Integration) - C:\Users\MS-BOSS\AppData\Roaming\Mozilla\Firefox\Profiles\xd6mmnnu.default\Extensions\zoteroWinWordIntegration@zotero.org [2017-05-31]
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-23] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-01] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)

Opera: 
=======
OPR Extension: (YouTube™ Flash-HTML5) - C:\Users\MS-BOSS\AppData\Roaming\Opera Software\Opera Stable\Extensions\abpeogmjbjonedcakbihofgpoelmfbgj [2017-01-01]
OPR Extension: (Zotero Connector) - C:\Users\MS-BOSS\AppData\Roaming\Opera Software\Opera Stable\Extensions\aglkdfckbibjdkdoconjbdggodkdchbn [2016-06-29]
OPR Extension: (Notifier for Google™ Calendar) - C:\Users\MS-BOSS\AppData\Roaming\Opera Software\Opera Stable\Extensions\ficfjmedbmhcpdomehdkhfnibjnigihm [2016-09-10]
OPR Extension: (uBlock Origin) - C:\Users\MS-BOSS\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2017-03-23]
OPR Extension: (YouTube™ Flash-HTML5) - C:\Users\MS-BOSS\AppData\Roaming\Opera Software\Opera Stable\Extensions\nncgmpcdlilgbepbfpeidpjlcdfhmcfp [2016-09-10]
OPR Extension: (Adblock Plus) - C:\Users\MS-BOSS\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-03-23]
OPR Extension: (RSS Detector) - C:\Users\MS-BOSS\AppData\Roaming\Opera Software\Opera Stable\Extensions\omebjechjecckkfgmlicbeijbebpkpaf [2016-09-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [821048 2013-06-17] (ABBYY InfoPoisk LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2017-05-05] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-08] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-05-30] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [392480 2017-03-10] (EasyAntiCheat Ltd)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-14] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-04-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-04-01] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-06-26] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] ()
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
R3 TermService; C:\Windows\System32\termsrv.dll [680960 2016-07-06] (Microsoft Corporation) [File not signed]
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 impi_smpd; C:\NOSPACE\RSoft\bin\smpd.exe [X]
R2 rslmd; C:\NOSPACE\RSoft\bin\rslmd.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2011-08-15] (Google Inc)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2015-02-03] (ASRock Inc.)
S3 AxtuDrv; C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [21768 2016-06-22] (RW-Everything)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-05] (www.winchiphead.com)
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2008-03-05] (DemoForge, LLC)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-25] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-25] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated)
S3 MiniProWdf; C:\Windows\System32\DRIVERS\MiniProWdf.sys [17216 2012-06-22] (hxxp://www.autoelectric.cn)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-04-01] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3810520 2015-10-08] (Realtek Semiconductor Corporation                           )
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-07-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192864 2016-07-18] (Oracle Corporation)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [268800 2014-01-28] (Jungo Connectivity)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-08-15] (ZTE Incorporated)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-31 21:46 - 2017-05-31 21:47 - 00031885 ____C C:\Users\MS-BOSS\Desktop\FRST.txt
2017-05-31 21:45 - 2017-05-31 21:45 - 02431488 ____C (Farbar) C:\Users\MS-BOSS\Desktop\FRST64.exe
2017-05-31 21:45 - 2017-05-31 21:45 - 00112640 ____C (forum.viry.cz) C:\Users\MS-BOSS\Desktop\FRSTLauncher.exe
2017-05-31 21:44 - 2017-05-31 21:44 - 02431488 ____C (Farbar) C:\Users\MS-BOSS\Desktop\install.exe
2017-05-31 21:41 - 2017-05-31 21:41 - 00036873 ____C C:\Users\MS-BOSS\Downloads\Addition.txt
2017-05-31 21:39 - 2017-05-31 21:41 - 00051616 ____C C:\Users\MS-BOSS\Downloads\FRST.txt.[unlocking.guarantee@aol.com].master
2017-05-31 21:38 - 2017-05-31 21:39 - 00000000 ___DC C:\FRST
2017-05-31 21:36 - 2017-05-31 21:38 - 02431488 ____C (Farbar) C:\Users\MS-BOSS\Downloads\FRST64.exe.[unlocking.guarantee@aol.com].master
2017-05-31 19:22 - 2017-05-31 19:22 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-31 17:12 - 2017-05-31 17:12 - 00389120 ____C (Farfetch) C:\Users\MS-BOSS\Downloads\kissme3005_guarantee_cr64.exe
2017-05-30 12:22 - 2017-05-30 12:22 - 00048944 ____C (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-05-29 22:29 - 2017-05-29 22:29 - 00011284 ____C C:\Users\MS-BOSS\AppData\Local\recently-used.xbel
2017-05-26 01:10 - 2017-05-26 01:10 - 00377536 ____C C:\Users\remote\Downloads\OPTIM.pdf
2017-05-26 00:35 - 2017-05-26 00:35 - 00091655 ____C C:\Users\remote\Downloads\AlgDif.pdf
2017-05-26 00:22 - 2017-05-26 00:22 - 00108344 ____C C:\Users\remote\Downloads\JFET.pdf
2017-05-26 00:13 - 2017-05-26 00:13 - 00143163 ____C C:\Users\remote\Downloads\MOSFET.pdf
2017-05-26 00:02 - 2017-05-26 00:02 - 00204254 ____C C:\Users\remote\Downloads\BJT.pdf
2017-05-25 23:42 - 2017-05-25 23:42 - 00095381 ____C C:\Users\remote\Downloads\DiodeAC.pdf
2017-05-25 23:32 - 2017-05-25 23:32 - 00073472 ____C C:\Users\remote\Downloads\DiodeDC.pdf
2017-05-25 23:04 - 2017-05-25 23:04 - 00096078 ____C C:\Users\remote\Downloads\Temata2017.pdf
2017-05-25 23:04 - 2017-05-25 23:04 - 00000000 ___DC C:\Users\remote\AppData\Roaming\Adobe
2017-05-25 23:04 - 2017-05-25 23:04 - 00000000 ___DC C:\Users\remote\AppData\LocalLow\Adobe
2017-05-25 23:04 - 2017-05-25 23:04 - 00000000 ___DC C:\Users\remote\AppData\Local\Adobe
2017-05-25 21:44 - 2017-05-25 21:44 - 156904315 ____C C:\Users\MS-BOSS\Downloads\LES.zip
2017-05-24 12:48 - 2017-05-24 12:49 - 00001560 ____C C:\Users\Pavlík\Desktop\Simulace_MIR_vlakna_2.ind
2017-05-23 20:21 - 2017-05-23 20:21 - 00319602 ____C C:\Users\Pavlík\Desktop\btmpmode.m00
2017-05-23 20:21 - 2017-05-23 20:21 - 00001679 ____C C:\Users\Pavlík\Desktop\btmpmode.pda
2017-05-23 20:21 - 2017-05-23 20:21 - 00001607 ____C C:\Users\Pavlík\Desktop\btmprun.ind
2017-05-23 20:21 - 2017-05-23 20:21 - 00001326 ____C C:\Users\Pavlík\Desktop\btmpmode.run
2017-05-23 20:21 - 2017-05-23 20:21 - 00001241 ____C C:\Users\Pavlík\Desktop\btmpmode.ind
2017-05-23 20:21 - 2017-05-23 20:21 - 00000370 ____C C:\Users\Pavlík\Desktop\btmpmode.dataindex
2017-05-23 20:21 - 2017-05-23 20:21 - 00000153 ____C C:\Users\Pavlík\Desktop\btmpmode.mds
2017-05-23 20:21 - 2017-05-23 20:21 - 00000109 ____C C:\Users\Pavlík\Desktop\btmpmode.p00
2017-05-23 20:21 - 2017-05-23 20:21 - 00000017 ____C C:\Users\Pavlík\Desktop\btmpmode.nef
2017-05-22 02:10 - 2017-05-31 17:13 - 00000000 ___DC C:\Users\MS-BOSS\Downloads\funkce_delay
2017-05-17 15:17 - 2017-05-31 18:27 - 00000000 ___DC C:\Users\MS-BOSS\.dia
2017-05-17 15:16 - 2017-05-17 15:16 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia
2017-05-17 15:16 - 2017-05-17 15:16 - 00000000 ___DC C:\Program Files (x86)\Dia
2017-05-16 20:44 - 2017-05-16 20:44 - 00000000 ___DC C:\Users\Pavlík\Desktop\As2S333
2017-05-16 17:06 - 2017-05-16 17:06 - 00000000 ___DC C:\Users\Pavlík\AppData\Roaming\OpenMPT
2017-05-16 14:49 - 2017-05-16 16:12 - 00001729 ____C C:\Users\Pavlík\Desktop\AsS.run
2017-05-16 14:39 - 2017-05-16 13:41 - 00001507 ____C C:\Users\Pavlík\Desktop\Simulace_MIR_vlakna.ind
2017-05-14 22:48 - 2017-05-14 22:48 - 00000000 ___DC C:\Users\Pavlík\AppData\Local\CrashDumps
2017-05-14 21:39 - 2017-05-14 21:39 - 00000000 ___DC C:\Users\Pavlík\AppData\Local\fontconfig
2017-05-14 21:39 - 2017-05-14 21:39 - 00000000 ___DC C:\Users\Pavlík\.gimp-2.8
2017-05-14 21:38 - 2017-05-14 21:38 - 00000000 ___DC C:\Users\Pavlík\AppData\Local\gegl-0.2
2017-05-14 21:37 - 2017-05-14 21:37 - 00000984 ____C C:\Users\Pavlík\Desktop\h.ind
2017-05-14 21:01 - 2017-05-14 21:01 - 00000000 ___DC C:\Users\Pavlík\AppData\Roaming\Adobe
2017-05-14 21:01 - 2017-05-14 21:01 - 00000000 ___DC C:\Users\Pavlík\AppData\LocalLow\Adobe
2017-05-14 21:01 - 2017-05-14 21:01 - 00000000 ___DC C:\Users\Pavlík\AppData\Local\Adobe
2017-05-11 15:49 - 2017-05-11 15:49 - 00003182 ____C C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-11 13:46 - 2017-05-31 21:41 - 00004375 ____C C:\Users\MS-BOSS\AppData\Roaming\LTspiceXVII.ini
2017-05-11 13:45 - 2017-05-31 18:52 - 00000000 ___DC C:\Users\MS-BOSS\Documents\LTspiceXVII
2017-05-11 13:45 - 2017-05-11 14:13 - 00001324 ____C C:\Users\MS-BOSS\AppData\Roaming\Microsoft\Windows\Start Menu\LTspice XVII.lnk
2017-05-11 13:45 - 2017-05-11 13:45 - 00000000 ___DC C:\Program Files\LTC
2017-05-08 16:47 - 2017-05-31 18:43 - 00000000 ___DC C:\Users\MS-BOSS\Desktop\Štepán Kopřiva - Asfalt audiokniha
2017-05-01 14:46 - 2017-05-01 14:46 - 00001908 ____C C:\Windows\diagwrn.xml
2017-05-01 14:46 - 2017-05-01 14:46 - 00001908 ____C C:\Windows\diagerr.xml
2017-05-01 14:46 - 2017-05-01 14:46 - 00000000 __HDC C:\$WINDOWS.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-31 21:43 - 2016-07-01 09:42 - 00000000 ___DC C:\ProgramData\TDM-GCC
2017-05-31 21:43 - 2016-06-30 19:30 - 00000000 ___DC C:\ProgramData\regid.1991-06.com.microsoft
2017-05-31 21:42 - 2017-01-17 15:14 - 00000000 ___DC C:\Users\MS-BOSS\AppData\Local\Spotify
2017-05-31 21:32 - 2016-06-26 23:39 - 00000000 ___DC C:\Users\MS-BOSS\AppData\Roaming\Skype
2017-05-31 21:22 - 2016-06-23 08:30 - 00000000 ___DC C:\ProgramData\NVIDIA
2017-05-31 20:55 - 2016-09-08 07:20 - 00000910 ____C C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-05-31 20:25 - 2016-06-22 23:28 - 00003852 ____C C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1466630879
2017-05-31 20:25 - 2016-06-22 23:19 - 00000000 ___DC C:\Program Files (x86)\Opera
2017-05-31 19:23 - 2016-09-08 07:20 - 00000000 ___DC C:\Program Files (x86)\Dropbox
2017-05-31 19:21 - 2017-04-13 10:59 - 00000000 ___DC C:\Users\Public\Documents\Lightworks
2017-05-31 19:21 - 2009-07-14 05:20 - 00000000 _RHDC C:\Users\Public\Libraries
2017-05-31 19:20 - 2016-06-30 20:13 - 00000000 __RDC C:\Users\MS-BOSS\OneDrive
2017-05-31 19:20 - 2016-06-22 15:35 - 00000000 ___DC C:\Users\MS-BOSS
2017-05-31 19:05 - 2016-09-08 07:27 - 00000000 __RDC C:\Users\MS-BOSS\Dropbox
2017-05-31 19:01 - 2009-07-14 07:32 - 00000000 ___DC C:\Windows\system32\FxsTmp
2017-05-31 18:54 - 2017-04-13 11:09 - 00000000 ___DC C:\Users\MS-BOSS\Documents\střih
2017-05-31 18:54 - 2017-03-26 14:29 - 00000000 ___DC C:\Users\MS-BOSS\Documents\Planet Centauri
2017-05-31 18:54 - 2016-07-25 09:39 - 00000000 ___DC C:\Users\MS-BOSS\Documents\The Chaos Engine - Remastered
2017-05-31 18:54 - 2016-07-02 15:04 - 00000000 ___DC C:\Users\MS-BOSS\Documents\Petr
2017-05-31 18:54 - 2016-06-26 09:59 - 00000000 ___DC C:\Users\MS-BOSS\Documents\The Witcher 3
2017-05-31 18:52 - 2017-04-13 17:10 - 00000000 ___DC C:\Users\MS-BOSS\Documents\oslavy
2017-05-31 18:52 - 2016-08-12 17:28 - 00000000 ___DC C:\Users\MS-BOSS\Documents\Max Payne 2 Savegames
2017-05-31 18:52 - 2016-08-04 08:42 - 00000000 ___DC C:\Users\MS-BOSS\Documents\Moje webovky
2017-05-31 18:49 - 2016-07-02 15:07 - 00000000 ___DC C:\Users\MS-BOSS\Documents\Knihovna Calibre
2017-05-31 18:45 - 2016-10-08 00:52 - 00000000 ___DC C:\Users\MS-BOSS\Documents\IoT
2017-05-31 18:45 - 2016-07-02 15:48 - 00000000 ___DC C:\Users\MS-BOSS\Documents\GTA San Andreas User Files
2017-05-31 18:45 - 2016-06-28 23:19 - 00000000 ___DC C:\Users\MS-BOSS\Documents\eagle
2017-05-31 18:44 - 2016-06-29 22:41 - 00000000 ___DC C:\Users\MS-BOSS\Documents\Atmel Studio
2017-05-31 18:43 - 2016-07-06 12:01 - 00000000 ___DC C:\Users\MS-BOSS\Documents\Arma 3
2017-05-31 18:43 - 2016-07-02 15:07 - 00000000 ___DC C:\Users\MS-BOSS\Documents\8051
2017-05-31 18:42 - 2017-01-04 11:06 - 00000000 ___DC C:\Users\MS-BOSS\Desktop\Hyperterminal
2017-05-31 18:42 - 2016-11-22 15:41 - 00000000 ___DC C:\Users\MS-BOSS\Desktop\tmp
2017-05-31 18:42 - 2016-06-29 10:36 - 00000000 ___DC C:\Users\MS-BOSS\Desktop\smd
2017-05-31 18:42 - 2016-06-29 10:36 - 00000000 ___DC C:\Users\MS-BOSS\Desktop\Psani Dip
2017-05-31 18:42 - 2016-06-28 23:21 - 00000000 ___DC C:\Users\MS-BOSS\Desktop\Hry
2017-05-31 18:37 - 2016-07-05 21:42 - 00000000 ___DC C:\Users\MS-BOSS\Desktop\fotky
2017-05-31 18:36 - 2017-01-18 18:08 - 00000000 ___DC C:\Users\MS-BOSS\Desktop\Ernest Cline - Ready Player One
2017-05-31 18:36 - 2016-08-12 11:21 - 00000000 ___DC C:\Users\MS-BOSS\Desktop\bkp
2017-05-31 18:36 - 2016-06-29 10:36 - 00000000 ___DC C:\Users\MS-BOSS\Desktop\Derive
2017-05-31 18:34 - 2016-07-01 09:29 - 00000000 ___DC C:\Users\MS-BOSS\Desktop\AMARO, KTE
2017-05-31 18:30 - 2016-06-30 09:28 - 00000000 ___DC C:\Users\MS-BOSS\Desktop\8051
2017-05-31 18:30 - 2016-06-29 10:18 - 00000000 ___DC C:\Users\MS-BOSS\.VirtualBox
2017-05-31 18:28 - 2016-06-29 15:14 - 00000000 ___DC C:\Users\MS-BOSS\.p2
2017-05-31 18:28 - 2016-06-29 14:43 - 00000000 ___DC C:\Users\MS-BOSS\.platformio
2017-05-31 18:27 - 2016-07-06 11:19 - 00000000 ___DC C:\Users\MS-BOSS\.gstreamer-0.10
2017-05-31 18:27 - 2016-06-30 23:02 - 00000000 ___DC C:\Users\MS-BOSS\.objectdb
2017-05-31 18:27 - 2016-06-30 13:01 - 00000000 ___DC C:\Users\MS-BOSS\.gimp-2.8
2017-05-31 18:27 - 2016-06-29 14:14 - 00000000 ___DC C:\Users\MS-BOSS\.idlerc
2017-05-31 18:27 - 2016-06-29 14:02 - 00000000 ___DC C:\Users\MS-BOSS\.atom
2017-05-31 18:27 - 2016-06-29 12:41 - 00000000 ___DC C:\Users\MS-BOSS\.nbi
2017-05-31 18:27 - 2016-06-29 11:28 - 00000000 ___DC C:\Users\MS-BOSS\.oracle_jre_usage
2017-05-31 18:27 - 2016-06-27 13:41 - 00000000 ___DC C:\Users\MS-BOSS\.borland
2017-05-31 18:25 - 2016-12-26 16:20 - 00000000 ___DC C:\Users\MS-BOSS\.android
2017-05-31 18:25 - 2016-11-21 22:39 - 00000000 ___DC C:\Users\Mira\Downloads\setup
2017-05-31 18:25 - 2016-10-23 16:14 - 00000000 ___DC C:\Users\Mira\Downloads\xiaomi.eu_multi_HM3_V8.0.3.0.LAICNDG_v8-5.1
2017-05-31 18:25 - 2016-10-23 16:14 - 00000000 ___DC C:\Users\Mira\Downloads\MiFlash_2016
2017-05-31 18:25 - 2016-09-21 08:41 - 00000000 ___DC C:\Users\Mira
2017-05-31 18:24 - 2016-11-24 00:51 - 00000000 ___DC C:\Users\Mira\Documents\scriptz
2017-05-31 18:24 - 2016-11-21 22:43 - 00000000 ___DC C:\Users\Mira\Desktop\jaguar
2017-05-31 18:24 - 2016-10-03 20:55 - 00000000 ___DC C:\Users\Mira\Documents\skola
2017-05-31 18:24 - 2016-10-02 23:24 - 00000000 ___DC C:\Users\Mira\Downloads\drak_fotaweb
2017-05-31 18:24 - 2016-09-27 08:51 - 00000000 ___DC C:\Users\Mira\Documents\Arma 3
2017-05-31 18:23 - 2016-12-05 21:08 - 00000000 ___DC C:\Users\Mira\Desktop\Call of Duty 2 hra
2017-05-31 18:23 - 2016-10-23 16:14 - 00000000 ___DC C:\Users\Mira\.oracle_jre_usage
2017-05-31 18:23 - 2016-10-02 23:24 - 00000000 ___DC C:\Users\Mira\.gimp-2.8
2017-05-31 18:23 - 2016-09-01 16:15 - 00000000 ___DC C:\Users\Marta\.oracle_jre_usage
2017-05-31 18:23 - 2016-09-01 16:11 - 00000000 ___DC C:\Users\Marta\Documents\GTA San Andreas User Files
2017-05-31 18:23 - 2016-06-30 11:11 - 00000000 ___DC C:\ProgramData\Protexis64
2017-05-31 18:23 - 2016-06-27 14:14 - 00000000 ___DC C:\Users\Marta
2017-05-31 18:23 - 2016-06-27 14:12 - 00000000 ___DC C:\ProgramData\Protexis
2017-05-31 18:23 - 2016-06-23 08:29 - 00000000 ___DC C:\ProgramData\NVIDIA Corporation
2017-05-31 18:21 - 2016-08-21 20:11 - 00000000 ___DC C:\ProgramData\fltk.org
2017-05-31 18:21 - 2016-06-25 21:40 - 00000000 ___DC C:\ProgramData\DAEMON Tools Lite
2017-05-31 18:21 - 2016-06-22 22:57 - 00000000 ___DC C:\TempFiles
2017-05-31 18:05 - 2016-06-29 12:54 - 00000000 ___DC C:\NOSPACE
2017-05-31 17:14 - 2016-06-27 09:15 - 00000000 ___DC C:\745d0c108abae6d5655204fd8a
2017-05-31 17:13 - 2016-09-15 13:40 - 00000000 ___DC C:\Users\MS-BOSS\Downloads\Gods Will Be Watching (2014) (Pirate Empire) cbr
2017-05-31 17:13 - 2016-09-15 13:40 - 00000000 ___DC C:\Users\MS-BOSS\Downloads\[ www.torrenting.com ] - Red.Dwarf.S11E01.WEB.h264-spamTV
2017-05-31 17:11 - 2017-03-17 00:09 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-05-31 17:11 - 2016-06-29 10:52 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-31 16:57 - 2017-01-17 15:14 - 00000000 ___DC C:\Users\MS-BOSS\AppData\Roaming\Spotify
2017-05-31 13:03 - 2016-06-30 09:09 - 00000550 ____C C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job
2017-05-31 11:01 - 2016-06-22 23:04 - 00000830 ____C C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-05-31 07:55 - 2016-09-08 07:20 - 00000906 ____C C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-05-26 07:08 - 2011-04-12 10:34 - 00669904 ____C C:\Windows\system32\perfh005.dat
2017-05-26 07:08 - 2011-04-12 10:34 - 00142062 ____C C:\Windows\system32\perfc005.dat
2017-05-26 07:08 - 2009-07-14 07:13 - 01587976 ____C C:\Windows\system32\PerfStringBackup.INI
2017-05-26 07:08 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\inf
2017-05-26 06:03 - 2016-06-27 20:17 - 00000000 ___DC C:\Program Files (x86)\Microsoft Office
2017-05-25 23:00 - 2016-06-22 23:04 - 00000828 ____C C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-05-25 22:33 - 2016-06-29 10:15 - 00000000 ___DC C:\Program Files (x86)\TeamViewer
2017-05-24 19:03 - 2017-04-17 17:41 - 00000000 ___DC C:\Users\MS-BOSS\AppData\Roaming\Kodi
2017-05-24 19:03 - 2016-06-26 18:26 - 00000000 ___DC C:\Users\MS-BOSS\AppData\Local\CrashDumps
2017-05-24 12:43 - 2016-12-12 12:29 - 00000831 ____C C:\Users\Pavlík\BCADW32.INI
2017-05-22 21:28 - 2016-08-04 08:40 - 00000000 ___DC C:\Users\MS-BOSS\AppData\Roaming\FileZilla
2017-05-22 18:26 - 2017-02-08 17:36 - 00002270 ____C C:\Users\MS-BOSS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-05-22 18:26 - 2017-02-08 17:36 - 00000000 ___DC C:\Users\MS-BOSS\AppData\Local\Vivaldi
2017-05-22 18:10 - 2017-01-31 23:34 - 00000069 ____C C:\Users\Pavlík\WINPLOT.INI
2017-05-22 08:42 - 2017-01-09 11:01 - 00000600 ____C C:\Users\MS-BOSS\AppData\Local\PUTTY.RND
2017-05-19 16:13 - 2016-08-13 00:07 - 00000000 ___DC C:\Users\MS-BOSS\AppData\Local\gtk-2.0
2017-05-17 19:49 - 2016-06-29 11:16 - 00000000 ___DC C:\Program Files (x86)\Zotero Standalone
2017-05-16 16:55 - 2016-06-28 11:19 - 00000000 ___DC C:\Users\remote\AppData\Local\NVIDIA Corporation
2017-05-15 17:10 - 2009-07-14 06:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-15 17:10 - 2009-07-14 06:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-15 17:00 - 2016-06-28 10:34 - 00004914 _RSHC C:\ProgramData\ntuser.pol
2017-05-15 16:59 - 2009-07-14 07:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2017-05-14 21:39 - 2016-10-03 17:18 - 00000000 ___DC C:\Users\Pavlík
2017-05-14 20:59 - 2016-10-03 17:20 - 00000000 ___DC C:\Users\Pavlík\AppData\Local\NVIDIA Corporation
2017-05-14 20:27 - 2016-10-13 19:12 - 00000000 ___DC C:\Users\MS-BOSS\AppData\Roaming\DesktopOK
2017-05-11 15:49 - 2016-06-30 20:13 - 00002193 ____C C:\Users\MS-BOSS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-05-09 17:55 - 2016-10-28 13:18 - 00004396 ____C C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-09 17:55 - 2016-06-30 19:00 - 00803320 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-09 17:55 - 2016-06-30 19:00 - 00144888 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-09 17:55 - 2016-06-30 19:00 - 00004526 ____C C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-09 17:55 - 2016-06-30 19:00 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2017-05-09 17:55 - 2016-06-30 19:00 - 00000000 ___DC C:\Windows\system32\Macromed
2017-05-01 21:30 - 2016-06-30 07:47 - 00000000 ___DC C:\Users\MS-BOSS\AppData\Local\DOSBox
2017-05-01 14:46 - 2016-06-22 13:22 - 00000000 ___DC C:\Windows\Panther

==================== Files in the root of some directories =======

2017-05-31 17:13 - 2017-05-31 21:36 - 0001222 ____C () C:\Users\MS-BOSS\AppData\Roaming\!#_RESTORE_FILES_#!.inf
2017-03-26 18:14 - 2017-03-26 18:14 - 0000003 ____C () C:\Users\MS-BOSS\AppData\Roaming\.ptbt0
2017-05-11 13:46 - 2017-05-31 21:41 - 0004375 ____C () C:\Users\MS-BOSS\AppData\Roaming\LTspiceXVII.ini
2017-05-31 19:20 - 2017-05-31 21:42 - 0001222 ____C () C:\Users\MS-BOSS\AppData\Local\!#_RESTORE_FILES_#!.inf
2017-01-09 11:01 - 2017-05-22 08:42 - 0000600 ____C () C:\Users\MS-BOSS\AppData\Local\PUTTY.RND
2017-05-29 22:29 - 2017-05-29 22:29 - 0011284 ____C () C:\Users\MS-BOSS\AppData\Local\recently-used.xbel
2017-02-28 09:19 - 2017-03-24 18:26 - 0007625 ____C () C:\Users\MS-BOSS\AppData\Local\Resmon.ResmonCfg
2016-06-22 23:14 - 2016-06-22 23:14 - 0000003 ____C () C:\Users\MS-BOSS\AppData\Local\user_data.ini
2017-05-31 18:21 - 2017-05-31 21:43 - 0001222 ____C () C:\ProgramData\!#_RESTORE_FILES_#!.inf

Some files in TEMP:
====================
2016-11-27 18:13 - 2016-11-27 18:13 - 0737856 ____C (Oracle Corporation) C:\Users\MS-BOSS\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-04-23 13:00 - 2017-04-23 13:00 - 0739904 ____C (Oracle Corporation) C:\Users\MS-BOSS\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-03-25 01:25 - 2017-03-25 01:25 - 2974456 ____C () C:\Users\MS-BOSS\AppData\Local\Temp\npp.7.3.3.Installer.x64.exe
2016-06-23 08:30 - 2017-02-23 10:17 - 0754168 ____C (NVIDIA Corporation) C:\Users\MS-BOSS\AppData\Local\Temp\nvSCPAPI.dll
2017-03-12 20:11 - 2017-02-23 10:17 - 0354176 ____C (NVIDIA Corporation) C:\Users\MS-BOSS\AppData\Local\Temp\nvStInst.exe
2016-11-27 18:08 - 2017-03-24 16:19 - 57547224 ____C (Skype Technologies S.A.) C:\Users\MS-BOSS\AppData\Local\Temp\SkypeSetup.exe
2017-02-28 09:16 - 2016-07-06 13:54 - 0129000 ____C () C:\Users\MS-BOSS\AppData\Local\Temp\Uninstall.exe
2017-03-24 16:22 - 2017-03-24 16:22 - 14456872 ____C (Microsoft Corporation) C:\Users\MS-BOSS\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job => C:\Program Files\MATLAB\R2014a\bin\win64\MATLABStartupAccelerator.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

  
***** Velikost "Plochy" *****

Velikost slozky "C:\Users\MS-BOSS\Desktop" je 13404 MB.
 
 
***** Startup Programs *****
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR11
"C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper
"C:\Users\MS-BOSS\AppData\Roaming\Spotify\SpotifyWebHelper.exe"  

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
"C:\Program Files (x86)\Steam\steam.exe" -silent [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTray
C:\Program Files\UAC_TS\ITknowledge24\uTray.exe -auto [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk
C:\PROGRA~2\MICROS~2\Office10\OSA.EXE -b -l [x]

 
***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
 
***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

 
==================== End Of Log ==============================

V tuhle chvíli mám ten proces kissme3005_guarantee_cr64.exe píchnutý na debugger a pozastavený, takže se mu můžu dívat na disassemble i do paměti a teoreticky si s ním i nějak pohrát, ale bohužel v tomhle nejsem zrovna odborník, takže bych uvítal něčí pomoc.

#2 Příspěvek od **Rudy** » 01 čer 2017 16:42

Zdravím!
PC vám odvirovat můžeme, ale k dekryptu je třeba púřímý vstup do PC, což nemáme právně ošetřeno. Vtom se budete muset obrátit na naše kolegy zde: https://neslape.cz/?utm_campaign=neslap ... ium=banner . Neručím za to, že dekryptování bude vůbec možné. Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

VIRY.CZ

Ransomware Master

Ransomware Master

Re: Ransomware Master