Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Stažený vir

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Neznaboh
Návštěvník
Návštěvník
Příspěvky: 28
Registrován: 15 zář 2008 16:43

Stažený vir

#1 Příspěvek od Neznaboh »

Dobrý den,

společně s titulky k seriálu se mi podařilo stáhnout vir - antivir jej zablokoval, ovšem zmizely všechny ikony z plochy (kromě koše a souborů, které byly přímo na ploše uloženy). Od té doby je počítač dost zpomalený, proto bych chtěla poprosit o kontrolu logu (ten přidávám jako přílohu, text byl příliš dlouhý).

Předem děkuji.
Přílohy
log.zip
(14.08 KiB) Staženo 59 x
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Stažený vir

#2 Příspěvek od Márty84 »

Logfile of random's system information tool 1.10 (written by random/random)
Run by EvNa at 2015-04-29 15:04:04
Microsoft Windows 8.1
System drive C: has 186 GB (40%) free of 461 GB
Total RAM: 3994 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:04:14, on 29. 4. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
C:\Program Files (x86)\USB Camera\VM331STI.EXE
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\syswow64\wwahost.exe
C:\Users\EvNa\Downloads\uTorrent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\EvNa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... XXW3710GEK
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&t ... XXW3710GEK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... XXW3710GEK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type= ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&t ... XXW3710GEK
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [331BigDog] "C:\Program Files (x86)\USB Camera\VM331STI.EXE"
O4 - HKLM\..\Run: [Fastboot] "C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" /analysis
O4 - HKLM\..\Run: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [uTorrent] "C:\Users\EvNa\Downloads\uTorrent.exe" /MINIMIZED
O4 - Startup: Lingea Update Center.lnk = C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AVControlCenter - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: FastbootService - Lenovo - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @oem43.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo QuickSnip Service - LENOVO INCORPORATED. - C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe
O23 - Service: Lenovo Settings Service - Lenovo Group Limited - C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
O23 - Service: Lenovo AVFramework Camera Privacy Controller (LENOVO.CAMMUTE) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\cammute.exe
O23 - Service: Lenovo AVFramework Microphone Volume Controller and Dolby Interface (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
O23 - Service: Lenovo AVFramework Virtual Camera Controller Service (LENOVO.TVTVCAM) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Location Task Manager (LocationTaskManager) - Unknown owner - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Lenovo Settings Power Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Lenovo QuickControl Master Service (QuickControlMasterSvc) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe
O23 - Service: Lenovo QuickControl Service (QuickControlService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: ValBioService - Validity Sensors, Inc. - C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
O23 - Service: Validity WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\WINDOWS\system32\valWBFPolicyService.exe (file missing)
O23 - Service: @oem13.inf,%BioSyncService_SvcDesc%;BiometricSensorDataSynchronization (valWbioSyncSvc) - Unknown owner - C:\WINDOWS\system32\valWbioSyncSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13397 bytes

======Listing Processes======




c:\PROGRA~2\AVG\AVG2015\avgrsa.exe /boot

wininit.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\ibmpmsvc.exe
"C:\WINDOWS\system32\nvvsvc.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-b3477c5f-39b0-4a90-b190-ca6d1160c3ec -SystemEventPortName:HostProcess-05e18857-878e-4d85-869d-ed2ea3398092 -IoCancelEventPortName:HostProcess-fbbbdb4d-2aa7-4bc3-b3ba-4c05d56b58b9 -NonStateChangingEventPortName:HostProcess-5c777f9d-cd9d-4ee1-8209-854ecec77c12 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:366d27a3-f022-4f13-9e0b-8c533f208870 -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-35cf291d-85d6-4ca3-b261-4859342199f0 -SystemEventPortName:HostProcess-92e1ac13-4e57-4bf6-b7ed-7e29c65facc5 -IoCancelEventPortName:HostProcess-00783ddf-effb-4a85-897b-c8136738c080 -NonStateChangingEventPortName:HostProcess-589b8bbd-7487-44ac-a2c0-99acca235f70 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:43153325-840b-4bba-821c-07d2aa873332 -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ef0fdb5d-a8b1-4956-9641-8fe733a8e33c -SystemEventPortName:HostProcess-1064cfc6-cc9e-4eab-a276-61055c61f4a3 -IoCancelEventPortName:HostProcess-87f91d62-8b45-4af3-8337-d3b5ca11dc60 -NonStateChangingEventPortName:HostProcess-1114eafc-c254-4009-878b-d7fde4d4c60c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:ca5aac8e-9e33-4469-a578-7086993a14c6 -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-c9a53499-8f8b-445d-abe7-827d03ae16e1 -SystemEventPortName:HostProcess-b2b2ee38-3988-4930-96c0-956e38b1d613 -IoCancelEventPortName:HostProcess-f0129304-14ee-4001-a545-da9d157ae2e2 -NonStateChangingEventPortName:HostProcess-eefb1067-a614-49c3-a0e5-ef3f2cf0cae7 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5516c1ad-e5c6-468f-9dca-2beb826d2145 -DeviceGroupId:
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\WLANExt.exe 125006628496
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe"
"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe"
dashost.exe {6c6a654d-4d31-4150-aa72451f02f7fc7e}
"C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe"
"C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe"
C:\WINDOWS\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe"
taskeng.exe {FCE03FD9-1F00-42A5-B880-9F174F0C31BE}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe"
"C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe"
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
"C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgemca.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe"
C:\WINDOWS\system32\valWBFPolicyService.exe
C:\WINDOWS\system32\valWbioSyncSvc.exe
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
"C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe"
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE"
C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "0x9a4_0x16b8_0x5f3b6c04"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe /pipeName=c2feea3f-0200-0000-a7ba-852376af2259 /binaryPath="C:\Program Files (x86)\AVG\AVG2015\"

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
-hiberboot
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\WINDOWS\system32\nvvsvc.exe -session
"C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe"
"C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe" -default
\??\C:\WINDOWS\system32\conhost.exe 0x4
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\Explorer.EXE
"C:\Program Files\Synaptics\SynFp\Shared\SensorDBSynch.exe"
"C:\Program Files\lenovo\QuickSnipService\QuickSnipInput.exe"
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
"C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe"
"C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe"
C:\Windows\System32\skydrive.exe -Embedding
\??\C:\WINDOWS\system32\conhost.exe 0x4
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
taskhostex.exe
C:\Program Files\LENOVO\HOTKEY\tpnumlkd.exe
C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.MediaKey
C:\PROGRA~1\Lenovo\HOTKEY\TPOSD.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.ShortcutKey
"C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe" ytidilav
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Windows\System32\igfxtray.exe"
"C:\WINDOWS\system32\igfxsrvc.exe" -Embedding
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Lenovo\HOTKEY\extapsup.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
"C:\Program Files (x86)\USB Camera\VM331STI.EXE"
"C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" /analysis
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
"C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
ctfmon.exe
"C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe" /showasync
"C:\Program Files\Lenovo\Communications Utility\tpknrres.exe"
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --profile-directory=Default
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="8804.0.1245435207\1702005821" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,18,41 --gpu-vendor-id=0x8086 --gpu-device-id=0x0416 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3316 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Bootstrap/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHQPExperimentsControlR3/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Disabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=8804 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="8804.3.1053448307\487556394" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Bootstrap/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHQPExperimentsControlR3/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Disabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=8804 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="8804.4.620245479\86947267" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Bootstrap/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHQPExperimentsControlR3/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Disabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=8804 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="8804.6.1046787597\420848437" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Bootstrap/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHQPExperimentsControlR3/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Disabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=8804 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="8804.7.802959750\1203119041" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Bootstrap/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHQPExperimentsControlR3/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Disabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=8804 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="8804.9.430005506\1873898414" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="8804.10.2006862492\538220086" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Bootstrap/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHQPExperimentsControlR3/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Disabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=8804 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="8804.11.442827905\647381106" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Bootstrap/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHQPExperimentsControlR3/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Disabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=8804 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="8804.12.892315321\886033307" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="8804.13.305127225\979940259" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Bootstrap/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHQPExperimentsControlR3/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Disabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=8804 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="8804.16.1239938805\1087620807" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Bootstrap/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHQPExperimentsControlR3/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/*SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Disabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=8804 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="8804.128.2065354410\1625640920" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Bootstrap/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHQPExperimentsControlR3/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/*SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Disabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=8804 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="8804.130.340313045\1212745633" /prefetch:673131151
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\WINDOWS\syswow64\wwahost.exe" -ServerName:App.wwa
"C:\Users\EvNa\Downloads\uTorrent.exe" "magnet:?xt=urn:btih:6A6TJ4VKEJYH7VCD5L6FJODDWIVYCSNI&dn=Greys.Anatomy.S11E17.HDTV.x264-KILLERS&tr=udp://open.demonii.com:80&tr=udp://tracker.coppersurfer.tk:80&tr=udp://tracker.leechers-paradise.org:6969&tr=udp://exodus.desync.com:6969"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Bootstrap/ExtensionUseSafeInstallation/Default/*GoogleNow/Enable/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevHQPExperimentsControlR3/*PasswordGeneration/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Disabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/*SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SafeBrowsingIncidentReportingService/Default/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*ShowAppLauncherPromo/ShowPromoUntilDismissed/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Disabled/*UwSInterstitialStatus/On/*V8CacheOptions/default/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=8804 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="8804.160.327223460\660769055" /prefetch:673131151
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe156_ Global\UsGthrCtrlFltPipeMssGthrPipe156 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 576 580 588 65536 584
"C:\Users\EvNa\Downloads\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\EvNa\AppData\Roaming\Mozilla\Firefox\Profiles\0zscuxly.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2013-10-04 391128]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2013-10-04 771032]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2013-10-04 769496]
"LenovoOptMouseUpdate"=C:\Program Files\Lenovo\HOTKEY\extapsup.exe [2013-06-21 255480]
"BtServer"=C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [2013-10-21 280576]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll [2013-11-25 74288]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-06-04 2985712]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [2013-09-19 7818040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Users\EvNa\Downloads\uTorrent.exe [2015-04-29 1685072]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"=C:\Program Files (x86)\USB Camera\VM331STI.EXE [2013-05-14 552960]
"Fastboot"=C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [2013-10-28 738032]
"PWMTRV"=rundll32 C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2015\avgui.exe [2015-03-25 3723728]

C:\Users\EvNa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Lingea Update Center.lnk - C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\windows\system32\nvinitx.dll, C:\WINDOWS\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2013-10-04 623616]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-04-29 15:04:04 ----D---- C:\rsit
2015-04-26 11:03:01 ----D---- C:\Users\EvNa\AppData\Roaming\Mozilla
2015-04-26 11:02:55 ----D---- C:\ProgramData\Mozilla
2015-04-26 11:02:54 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-26 11:02:44 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-04-22 16:28:52 ----D---- C:\WINDOWS\PCHEALTH
2015-04-22 16:27:09 ----RD---- C:\Program Files (x86)\Skype
2015-04-19 13:05:25 ----D---- C:\Program Files\Microsoft Silverlight
2015-04-19 13:05:25 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-04-19 12:05:41 ----A---- C:\WINDOWS\system32\generaltel.dll
2015-04-19 12:05:41 ----A---- C:\WINDOWS\system32\appraiser.dll
2015-04-19 12:05:41 ----A---- C:\WINDOWS\system32\aepdu.dll
2015-04-19 12:05:41 ----A---- C:\WINDOWS\system32\aeinv.dll
2015-04-19 12:05:41 ----A---- C:\WINDOWS\system32\acmigration.dll
2015-04-19 12:05:40 ----A---- C:\WINDOWS\system32\invagent.dll
2015-04-19 12:05:40 ----A---- C:\WINDOWS\system32\devinv.dll
2015-04-17 21:55:23 ----D---- C:\ProgramData\11309799271620032324
2015-04-17 21:55:23 ----D---- C:\Program Files (x86)\SalEPlus
2015-04-17 21:55:02 ----D---- C:\ProgramData\likdndkofmkhdkcpbdflfolojhmhlden
2015-04-17 21:54:29 ----D---- C:\ProgramData\{2b85663e-03f5-3cd6-2b85-5663e03f98f8}
2015-04-17 14:26:14 ----A---- C:\WINDOWS\SYSWOW64\msctf.dll
2015-04-17 14:26:14 ----A---- C:\WINDOWS\system32\msctf.dll
2015-04-15 13:53:46 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 13:53:44 ----A---- C:\WINDOWS\system32\ntdll.dll
2015-04-15 13:53:43 ----A---- C:\WINDOWS\SYSWOW64\tdh.dll
2015-04-15 13:53:43 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2015-04-15 13:53:43 ----A---- C:\WINDOWS\system32\tdh.dll
2015-04-15 13:53:42 ----A---- C:\WINDOWS\SYSWOW64\sechost.dll
2015-04-15 13:53:42 ----A---- C:\WINDOWS\system32\wow64.dll
2015-04-15 13:53:42 ----A---- C:\WINDOWS\system32\tracerpt.exe
2015-04-15 13:53:42 ----A---- C:\WINDOWS\system32\sechost.dll
2015-04-15 13:53:42 ----A---- C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 13:53:41 ----A---- C:\WINDOWS\SYSWOW64\tracerpt.exe
2015-04-15 13:53:41 ----A---- C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 13:53:30 ----A---- C:\WINDOWS\system32\lsm.dll
2015-04-15 13:53:17 ----A---- C:\WINDOWS\system32\mshtml.dll
2015-04-15 13:53:13 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2015-04-15 13:53:06 ----A---- C:\WINDOWS\system32\jscript9.dll
2015-04-15 13:53:04 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2015-04-15 13:53:03 ----A---- C:\WINDOWS\system32\ieframe.dll
2015-04-15 13:53:02 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2015-04-15 13:53:00 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2015-04-15 13:53:00 ----A---- C:\WINDOWS\system32\wininet.dll
2015-04-15 13:53:00 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 13:52:59 ----A---- C:\WINDOWS\system32\iertutil.dll
2015-04-15 13:52:56 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2015-04-15 13:52:55 ----A---- C:\WINDOWS\system32\mshtmled.dll
2015-04-15 13:52:55 ----A---- C:\WINDOWS\system32\inetcomm.dll
2015-04-15 13:52:54 ----A---- C:\WINDOWS\system32\urlmon.dll
2015-04-15 13:52:53 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2015-04-15 13:52:52 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2015-04-15 13:52:52 ----A---- C:\WINDOWS\system32\msfeeds.dll
2015-04-15 13:52:51 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2015-04-15 13:52:51 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2015-04-15 13:52:51 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2015-04-15 13:52:51 ----A---- C:\WINDOWS\system32\vbscript.dll
2015-04-15 13:52:51 ----A---- C:\WINDOWS\system32\jscript.dll
2015-04-15 13:52:50 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2015-04-15 13:52:50 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 13:51:41 ----A---- C:\WINDOWS\SYSWOW64\pku2u.dll
2015-04-15 13:51:41 ----A---- C:\WINDOWS\system32\pku2u.dll
2015-04-15 13:51:41 ----A---- C:\WINDOWS\system32\drivers\http.sys
2015-04-15 13:51:38 ----A---- C:\WINDOWS\SYSWOW64\clfsw32.dll
2015-04-15 13:51:38 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2015-04-15 13:51:38 ----A---- C:\WINDOWS\system32\clfsw32.dll
2015-04-15 13:51:29 ----A---- C:\WINDOWS\system32\wuaueng.dll
2015-04-15 13:51:28 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2015-04-15 13:51:28 ----A---- C:\WINDOWS\system32\wups.dll
2015-04-15 13:51:28 ----A---- C:\WINDOWS\system32\wucltux.dll
2015-04-15 13:51:28 ----A---- C:\WINDOWS\system32\wuauclt.exe
2015-04-15 13:51:28 ----A---- C:\WINDOWS\system32\wuapi.dll
2015-04-15 13:51:28 ----A---- C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 13:51:28 ----A---- C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 13:51:27 ----A---- C:\WINDOWS\SYSWOW64\wuwebv.dll
2015-04-15 13:51:27 ----A---- C:\WINDOWS\SYSWOW64\wups.dll
2015-04-15 13:51:27 ----A---- C:\WINDOWS\SYSWOW64\wudriver.dll
2015-04-15 13:51:27 ----A---- C:\WINDOWS\SYSWOW64\wuapp.exe
2015-04-15 13:51:27 ----A---- C:\WINDOWS\system32\wuwebv.dll
2015-04-15 13:51:27 ----A---- C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 13:51:27 ----A---- C:\WINDOWS\system32\wups2.dll
2015-04-15 13:51:27 ----A---- C:\WINDOWS\system32\wudriver.dll
2015-04-15 13:51:27 ----A---- C:\WINDOWS\system32\wuapp.exe
2015-04-15 13:51:27 ----A---- C:\WINDOWS\system32\storewuauth.dll
2015-04-05 11:18:24 ----SD---- C:\WINDOWS\SYSWOW64\GWX
2015-04-05 11:18:24 ----SD---- C:\WINDOWS\system32\GWX

======List of files/folders modified in the last 1 month======

2015-04-29 15:04:12 ----D---- C:\Program Files\trend micro
2015-04-29 15:04:10 ----D---- C:\Users\EvNa\AppData\Roaming\uTorrent
2015-04-29 15:04:09 ----D---- C:\WINDOWS\Prefetch
2015-04-29 15:02:00 ----D---- C:\WINDOWS\system32\sru
2015-04-29 15:01:20 ----D---- C:\WINDOWS\Temp
2015-04-29 14:39:40 ----D---- C:\Users\EvNa\AppData\Roaming\Skype
2015-04-29 14:34:59 ----RD---- C:\Program Files
2015-04-29 14:34:59 ----D---- C:\WINDOWS\system32\Tasks
2015-04-29 11:21:14 ----D---- C:\ProgramData\MFAData
2015-04-28 19:27:33 ----D---- C:\WINDOWS\Microsoft.NET
2015-04-28 15:45:28 ----SHD---- C:\WINDOWS\Installer
2015-04-28 15:45:27 ----HD---- C:\Config.Msi
2015-04-28 06:31:34 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2015-04-26 16:01:55 ----RD---- C:\WINDOWS\System32
2015-04-26 16:01:55 ----D---- C:\WINDOWS\Inf
2015-04-26 16:01:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-26 11:02:55 ----HD---- C:\ProgramData
2015-04-26 11:02:54 ----RD---- C:\Program Files (x86)
2015-04-26 09:51:28 ----SD---- C:\Users\EvNa\AppData\Roaming\Microsoft
2015-04-26 01:36:12 ----D---- C:\WINDOWS\system32\config
2015-04-26 01:04:11 ----D---- C:\WINDOWS\AppCompat
2015-04-24 07:18:43 ----D---- C:\ProgramData\Validity
2015-04-24 00:35:38 ----D---- C:\ProgramData\Microsoft Help
2015-04-24 00:35:36 ----D---- C:\WINDOWS\SysWOW64
2015-04-24 00:35:05 ----D---- C:\WINDOWS\system32\MRT
2015-04-24 00:30:35 ----A---- C:\WINDOWS\system32\MRT.exe
2015-04-24 00:28:43 ----RSD---- C:\WINDOWS\Fonts
2015-04-23 21:04:08 ----D---- C:\Users\EvNa\AppData\Roaming\LSC
2015-04-23 19:12:41 ----RSD---- C:\WINDOWS\assembly
2015-04-23 18:31:15 ----D---- C:\Program Files (x86)\Common Files
2015-04-23 11:02:56 ----D---- C:\Program Files (x86)\Lingea
2015-04-23 09:41:35 ----A---- C:\IFRToolLog.txt
2015-04-22 16:28:52 ----D---- C:\Windows
2015-04-22 16:27:13 ----D---- C:\ProgramData\Skype
2015-04-22 15:16:06 ----D---- C:\WINDOWS\system32\wbem
2015-04-22 15:11:41 ----D---- C:\Program Files\Windows Journal
2015-04-22 15:11:41 ----D---- C:\Program Files\Common Files\microsoft shared
2015-04-22 15:11:35 ----D---- C:\Program Files\Internet Explorer
2015-04-22 15:11:35 ----D---- C:\Program Files (x86)\Internet Explorer
2015-04-22 15:11:34 ----D---- C:\Program Files\Windows Defender
2015-04-22 15:11:34 ----D---- C:\Program Files\MPC-HC
2015-04-22 15:11:34 ----AD---- C:\ProgramData\Lenovo
2015-04-22 15:11:28 ----D---- C:\WINDOWS\apppatch
2015-04-22 15:11:28 ----D---- C:\Users\EvNa\AppData\Roaming\PhotoFiltre 7
2015-04-22 15:11:18 ----RSD---- C:\WINDOWS\Media
2015-04-22 15:11:18 ----D---- C:\WINDOWS\system32\catroot2
2015-04-22 15:11:18 ----D---- C:\WINDOWS\system32\appraiser
2015-04-22 15:11:18 ----D---- C:\WINDOWS\ShellNew
2015-04-22 15:11:18 ----D---- C:\WINDOWS\servicing
2015-04-22 15:11:18 ----D---- C:\WINDOWS\PolicyDefinitions
2015-04-22 15:11:14 ----SD---- C:\WINDOWS\system32\CompatTel
2015-04-22 15:11:14 ----D---- C:\WINDOWS\system32\migration
2015-04-22 15:11:14 ----D---- C:\WINDOWS\system32\drivers
2015-04-22 15:11:14 ----D---- C:\WINDOWS\system32\cs-CZ
2015-04-22 15:11:13 ----D---- C:\WINDOWS\SYSWOW64\config
2015-04-22 15:11:13 ----D---- C:\WINDOWS\system32\Sysprep
2015-04-22 15:11:12 ----D---- C:\WINDOWS\WinStore
2015-04-22 15:11:12 ----D---- C:\WINDOWS\Tasks
2015-04-22 15:11:12 ----D---- C:\WINDOWS\SYSWOW64\migration
2015-04-22 15:11:12 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2015-04-22 15:11:11 ----D---- C:\WINDOWS\WinSxS
2015-04-22 14:58:30 ----D---- C:\WINDOWS\registration
2015-04-22 14:27:19 ----SHD---- C:\System Volume Information
2015-04-22 14:25:22 ----D---- C:\WINDOWS\Logs
2015-04-20 08:16:41 ----D---- C:\WINDOWS\system32\catroot
2015-04-19 13:05:34 ----SD---- C:\ProgramData\Microsoft
2015-04-19 12:42:06 ----D---- C:\WINDOWS\CbsTemp
2015-04-17 21:56:30 ----D---- C:\The KMPlayer
2015-04-17 18:14:33 ----D---- C:\WINDOWS\AppReadiness
2015-04-17 14:29:40 ----HD---- C:\Program Files\WindowsApps
2015-04-15 18:40:23 ----D---- C:\WINDOWS\rescache
2015-04-14 01:24:21 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2015-04-11 19:52:42 ----A---- C:\WINDOWS\system32\wuaext.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\WINDOWS\system32\DRIVERS\avgidsha.sys [2014-11-18 203544]
R0 Avgloga;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avgloga.sys [2015-02-03 341472]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx64.sys [2015-02-05 133088]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx64.sys [2014-06-18 31512]
R0 Fastboot;Fastboot; C:\WINDOWS\System32\DRIVERS\fastboot.sys [2013-10-28 66288]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2013-07-24 666984]
R0 IntelHSWPcc;IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [2013-07-03 74344]
R0 nvpciflt;nvpciflt; C:\WINDOWS\system32\DRIVERS\nvpciflt.sys [2013-09-05 30496]
R1 Avgdiska;AVG Disk Driver; C:\WINDOWS\system32\DRIVERS\avgdiska.sys [2014-06-18 153368]
R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdrivera.sys [2015-03-25 281056]
R1 Avgldx64;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx64.sys [2014-08-28 243480]
R1 Avgwfpa;AVG Firewall Driver; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [2015-03-19 289248]
R1 SMIDriver;SMIDriver; C:\WINDOWS\system32\drivers\smi.sys [2014-07-21 19760]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwr64v.sys [2013-11-21 20736]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2014-10-29 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\BthLEEnum.sys [2013-12-04 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2014-07-24 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 btmaux;@oem17.inf,%BTMAUX.ServiceDesc%;Intel Bluetooth Auxiliary Service; C:\WINDOWS\system32\DRIVERS\btmaux.sys [2013-07-22 140600]
R3 DFX11_1;@oem49.inf,%DFX_Device.SvcDesc%;DFX Audio Enhancer 11.1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [2012-12-13 28008]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2013-11-07 54528]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2013-10-04 4185600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2013-09-24 3667416]
R3 iwdbus;@oem35.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2013-09-26 27032]
R3 MEIx64;@oem14.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2013-07-03 64624]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2013-09-05 11273504]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2015-01-30 167424]
R3 RtkBtFilter;@oem1.inf,%BtFilt.SvcDesc%;Realtek Bluetooth Filter Driver; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [2013-11-18 555224]
R3 RTL8168;@oem18.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-06-21 816344]
R3 RTWlanE;@oem11.inf,%RTWlanE.DeviceDesc.DispName%;Realtek Wireless LAN 802.11n PCI-E Network Adapter; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [2013-08-21 2944216]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2013-06-04 33008]
R3 SynTP;@oem20.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2013-06-04 532720]
R3 vm331avs;@oem4.inf,%USBCamera.DeviceDesc2%;Digital Camera 1; C:\WINDOWS\System32\Drivers\vm331avs.sys [2013-04-30 1049984]
S0 Avgboota;AVG Early Launch Anti-Malware Driver; C:\WINDOWS\system32\DRIVERS\avgboota.sys [2013-09-04 20496]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2014-10-29 1198080]
S3 dg_ssudbus;@oem45.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 dot4;@oem36.inf,%Dot4_Name%;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2012-10-19 151968]
S3 Dot4Print;@oem37.inf,%Dot4Print_Name%;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\drivers\Dot4Prt.sys [2012-10-19 27040]
S3 dot4usb;@oem36.inf,%DOT4USB_NAME%;Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2012-10-19 49056]
S3 intaud_WaveExtensible;@oem34.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2013-09-26 39320]
S3 IntcDAud;@oem29.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2013-05-22 452088]
S3 RSUSBSTOR;@oem21.inf,%RSUSBSTOR.SvcDesc%;RtsUStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUStor.sys [2013-06-15 262872]
S3 ssudmdm;@oem46.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 ssudserd;@oem47.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudserd.sys [2014-01-22 206080]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\WINDOWS\System32\drivers\usbscan.sys [2014-10-29 44544]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-03-25 3416016]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-03-25 309232]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-08-26 1137016]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-08-26 1157496]
R2 BTDevManager;BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [2013-11-06 66560]
R2 DragonUpdater;COMODO Dragon Update Service; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-03-20 2135232]
R2 FastbootService;FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2013-10-28 140016]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2014-10-29 38792]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2014-10-29 38792]
R2 IBMPMSVC;@oem43.inf,%ibm.svcDesc0%;Lenovo PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2013-11-07 66856]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-05-12 733696]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-07-03 131544]
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-09-18 157128]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-07-03 169432]
R2 Lenovo QuickSnip Service;Lenovo QuickSnip Service; C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe [2013-06-06 219976]
R2 Lenovo Settings Service;Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2014-01-20 2085184]
R2 Lenovo System Agent Service;Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [2013-06-06 562504]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2012-08-11 136288]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-07-03 366552]
R2 LocationTaskManager;Location Task Manager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [2013-12-11 468288]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2013-08-30 920864]
R2 QuickControlMasterSvc;Lenovo QuickControl Master Service; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [2013-07-17 59384]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2014-06-10 124400]
R2 ValBioService;ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [2013-05-23 24112]
R2 valWBFPolicyService;Validity WBF Policy Service; C:\WINDOWS\system32\valWBFPolicyService.exe [2014-07-21 49040]
R2 valWbioSyncSvc;@oem13.inf,%BioSyncService_SvcDesc%;BiometricSensorDataSynchronization; C:\WINDOWS\system32\valWbioSyncSvc.exe [2014-07-21 32256]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2014-10-29 38792]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Power Manager DBC Service;Lenovo Settings Power Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2013-11-21 1669928]
R3 QuickControlService;Lenovo QuickControl Service; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [2013-07-17 138232]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-09-05 1364256]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AVControlCenter;AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [2013-11-25 573488]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2013-10-04 279000]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-05-12 822232]
S3 iumsvc;Intel(R) Update Manager; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28 174368]
S3 LENOVO.CAMMUTE;Lenovo AVFramework Camera Privacy Controller; C:\Program Files\Lenovo\Communications Utility\cammute.exe [2013-11-25 512048]
S3 LENOVO.TPKNRSVC;Lenovo AVFramework Microphone Volume Controller and Dolby Interface; C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe [2013-11-25 527920]
S3 LENOVO.TVTVCAM;Lenovo AVFramework Virtual Camera Controller Service; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2013-11-25 702512]
S3 LSCWinService;LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2015-03-09 272440]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-04-16 148080]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 149352]
S3 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2015-01-15 49648]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2014-04-07 110128]

-----------------EOF-----------------
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Stažený vir

#3 Příspěvek od Márty84 »

Zdravim :)

Nezda se mi az tak dlouhy, mi se tu vlezl :-D

Havet tam je. Jake ikony vam chybi? Uz jste si je dala zpet?

:arrow: Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Neznaboh
Návštěvník
Návštěvník
Příspěvky: 28
Registrován: 15 zář 2008 16:43

Re: Stažený vir

#4 Příspěvek od Neznaboh »

Tak v tom případě se omlouvám, nevím, jak je možné, že se mi jej sem nepodařilo vložit :oops: .

Zmizely všechny zástupce - od PhotoFiltre, přes Word, Excel, PSPad, Google Chrome až po Tento počítač. Některé jsem si vytvořila znovu, bohužel si ani sama nepamatuju, které všechny zástupce to byly, tak asi nebyly až tak důležité :) .

Tady je log z AdwCleaneru:

# AdwCleaner v4.202 - Log vytvořen 30/04/2015 v 09:31:08
# Aktualizováno 23/04/2015 by Xplode
# Databáze : 2015-04-27.1 [Server]
# Operační system : Windows 8.1 (x64)
# Uživatelské jméno : EvNa - EVA-PC
# Spuštěno z : C:\Users\EvNa\Desktop\adwcleaner_4.202.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\{2b85663e-03f5-3cd6-2b85-5663e03f98f8}
Složka Smazáno : C:\Program Files (x86)\SalEPlus
Složka Smazáno : C:\ProgramData\likdndkofmkhdkcpbdflfolojhmhlden
Soubor Smazáno : C:\Users\EvNa\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage
Soubor Smazáno : C:\Users\EvNa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pconverter.dl.tb.ask.com_0.localstorage
Soubor Smazáno : C:\Users\EvNa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pconverter.dl.tb.ask.com_0.localstorage-journal

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Data Obnoveno : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč Smazáno : HKCU\Software\APN PIP
Klíč Smazáno : HKCU\Software\HomeTab
Klíč Smazáno : HKCU\Software\simplytech
Klíč Smazáno : HKCU\Software\TNT2
Klíč Smazáno : HKCU\Software\WajIntEnhance
Klíč Smazáno : HKCU\Software\SearchProtectWS
Klíč Smazáno : HKCU\Software\Local AppWizard-Generated Applications
Klíč Smazáno : HKCU\Software\Linkey
Klíč Smazáno : HKLM\SOFTWARE\AskPartnerNetwork
Klíč Smazáno : HKLM\SOFTWARE\Conduit
Klíč Smazáno : HKLM\SOFTWARE\Iminent
Klíč Smazáno : HKLM\SOFTWARE\SearchProtect
Klíč Smazáno : HKLM\SOFTWARE\mystartsearchSoftware
Klíč Smazáno : HKLM\SOFTWARE\WajIntEnhance
Klíč Smazáno : HKLM\SOFTWARE\SpeedBit
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17416

Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v37.0.2 (x86 cs)


-\\ Google Chrome v42.0.2311.90

[C:\Users\EvNa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
[C:\Users\EvNa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Homepage] : hxxp://www.mystartsearch.com/?type=hp&ts=14293 ... XXW3710GEK
[C:\Users\EvNa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Startup_URLs] : hxxp://www.mystartsearch.com/?type=hp&ts=14293 ... XXW3710GEK

-\\ Comodo Dragon v31.1.2.0

[C:\Users\EvNa\AppData\Local\Comodo\Dragon\User Data\Default\Preferences] - Smazáno [Extension] : likdndkofmkhdkcpbdflfolojhmhlden

*************************

AdwCleaner[R0].txt - [7146 bytů] - [30/04/2015 09:27:45]
AdwCleaner[S0].txt - [5117 bytů] - [30/04/2015 09:31:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5175 bytů] ##########
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Stažený vir

#5 Příspěvek od Márty84 »

Nevim, proc to neslo, ale nic se nedeje, hlavne ze ho vidim :)


:arrow: Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Neznaboh
Návštěvník
Návštěvník
Příspěvky: 28
Registrován: 15 zář 2008 16:43

Re: Stažený vir

#6 Příspěvek od Neznaboh »

Log z MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 1. 5. 2015
Čas skenování: 8:53:35
Protokol: mbam.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.05.01.01
Databáze rootkitů: v2015.04.21.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: EvNa

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 772825
Uplynulý čas: 2 hod, 20 min, 32 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 5
PUP.Optional.MultiPlug.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SalEPlus\WN2KOKB39TSyGb.x64.dll.vir, , [195c90fefd8dc571d9e8c1824fb38e72],
PUP.Optional.MultiPlug, C:\System Volume Information\SystemRestore\FRStaging\$Recycle.Bin\S-1-5-21-3177187913-545152391-116011665-1002\$RI7RKLZ.exe, , [babb325cf397cd69a47dce81ca3842be],
PUP.Optional.MultiPlug, C:\System Volume Information\SystemRestore\FRStaging\ProgramData\{2b85663e-03f5-3cd6-2b85-5663e03f98f8}\Pretty Little Liars - 05x25 - Welcome to the Dollhouse.exe, , [3d385c326624cc6a1a07a6a907fb52ae],
PUP.Optional.MultiPlug, C:\System Volume Information\SystemRestore\FRStaging\Users\EvNa\AppData\Local\Temp\1340.exe, , [d69fe1ad365446f05dc4430ced1506fa],
PUP.Optional.SkyTech.A, C:\Users\EvNa\AppData\Local\Microsoft\Windows\INetCache\IE\C71IIY01\1[1].zip, , [cbaa226cdbaf2a0c17f2ea1c0cf6c53b],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Stažený vir

#7 Příspěvek od Márty84 »

Havet je i v bodech obnovy.


:!: Postupujte presne v tomto poradi.
1) MBAM nezavirejte, jen minimalizujte.
2) Vymazte/Vypnete vytvareni bodu obnovy http://forum.viry.cz/viewtopic.php?f=46&t=47040 , ale nerestartujte pc.
3) Ted nechte nalezy MBAM odstranit a restartujte pc.
4) Zopakujte test s MBAM a napiste jeho vysledek a podle toho zvolim dalsi postup.

Pokud bude cisto, zapnete zase funkci vytvareni bodu obnovy, at pak na to nezapomenem.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Neznaboh
Návštěvník
Návštěvník
Příspěvky: 28
Registrován: 15 zář 2008 16:43

Re: Stažený vir

#8 Příspěvek od Neznaboh »

Log z MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 1. 5. 2015
Čas skenování: 21:44:13
Protokol: mbam.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.05.01.06
Databáze rootkitů: v2015.04.21.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: EvNa

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 771239
Uplynulý čas: 2 hod, 11 min, 51 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Stažený vir

#9 Příspěvek od Márty84 »

:arrow: MBAM muzete odinstalovat.

:arrow: Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach :)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Neznaboh
Návštěvník
Návštěvník
Příspěvky: 28
Registrován: 15 zář 2008 16:43

Re: Stažený vir

#10 Příspěvek od Neznaboh »

Log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by EvNa (administrator) on EVA-PC on 04-05-2015 12:00:52
Running from C:\Users\EvNa\Desktop
Loaded Profiles: EvNa (Available profiles: UpdatusUser & EvNa)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\QuickSnipService\QuickSnipService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlInput.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\EvNa\Desktop\FRSTLauncher (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-21] (Lenovo Group Limited)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-10-21] (Realtek Semiconductor Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2985712 2013-06-04] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [738032 2013-10-28] (Lenovo)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3177187913-545152391-116011665-1002\...\Run: [uTorrent] => C:\Users\EvNa\Downloads\uTorrent.exe [1685072 2015-04-29] (BitTorrent Inc.)
HKU\S-1-5-21-3177187913-545152391-116011665-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-29] (Microsoft Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\EvNa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lingea Update Center.lnk [2015-04-23]
ShortcutTarget: Lingea Update Center.lnk -> C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe (Lingea)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-19] (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3177187913-545152391-116011665-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3177187913-545152391-116011665-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3177187913-545152391-116011665-1002 -> {C4B6B286-1CD6-410A-8D81-E35134F634AF} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36

FireFox:
========
FF ProfilePath: C:\Users\EvNa\AppData\Roaming\Mozilla\Firefox\Profiles\0zscuxly.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll [2014-05-20] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-05-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\EvNa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\EvNa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-29]
CHR Extension: (Google Search) - C:\Users\EvNa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-29]
CHR Extension: (Bookmark Manager) - C:\Users\EvNa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-19]
CHR Extension: (Awesome Reload All Tabs Button) - C:\Users\EvNa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kamfkajbgmjkfmfgcikbmbmpjfokfijk [2014-09-08]
CHR Extension: (Google Wallet) - C:\Users\EvNa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-19]
CHR Extension: (Gmail) - C:\Users\EvNa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573488 2013-11-25] (Lenovo Corporation)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [66560 2013-11-06] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-03-20] ()
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-10-28] (Lenovo)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-03] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-03] (Intel Corporation)
R2 Lenovo QuickSnip Service; C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe [219976 2013-06-06] (LENOVO INCORPORATED.)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2085184 2014-01-20] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [562504 2013-06-06] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [702512 2013-11-25] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-11] (Lenovo Group Limited)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [468288 2013-12-11] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [59384 2013-07-17] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [138232 2013-07-17] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49648 2015-01-15] ()
R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [24112 2013-05-23] (Validity Sensors, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49040 2014-07-21] (Synaptics Incorporated)
R2 valWbioSyncSvc; C:\Windows\system32\valWbioSyncSvc.exe [32256 2014-07-21] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-03-19] (AVG Technologies CZ, s.r.o.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [66288 2013-10-28] (Windows (R) Win 7 DDK provider)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [555224 2013-11-18] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-04] (Synaptics Incorporated)
R1 SMIDriver; C:\Windows\System32\drivers\smi.sys [19760 2014-07-21] (Windows (R) Win 7 DDK provider)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-04-30] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-04 12:00 - 2015-05-04 12:01 - 00021523 _____ () C:\Users\EvNa\Desktop\FRST.txt
2015-05-04 12:00 - 2015-05-04 12:00 - 00000000 ____D () C:\FRST
2015-05-04 11:58 - 2015-05-04 11:58 - 00112640 _____ (forum.viry.cz) C:\Users\EvNa\Desktop\FRSTLauncher (1).exe
2015-05-04 11:56 - 2015-05-04 11:56 - 00112640 _____ (forum.viry.cz) C:\Users\EvNa\Downloads\Nepotvrzeno 656314.crdownload
2015-05-04 11:52 - 2015-05-04 11:52 - 02101248 _____ (Farbar) C:\Users\EvNa\Desktop\FRST64.exe
2015-05-03 12:45 - 2015-05-03 13:16 - 00000000 ____D () C:\Users\EvNa\Desktop\VUT Stavební látky-spočítané příklady 2015
2015-05-03 12:41 - 2015-05-03 12:42 - 22984471 _____ () C:\Users\EvNa\Downloads\VUT-Stavební-látky-spočítané-příklady-2015.rar
2015-05-03 00:28 - 2015-05-03 00:28 - 00321848 _____ (Malwarebytes Corporation) C:\Users\EvNa\Downloads\mbam-clean-2.1.1.1001.exe
2015-05-01 23:56 - 2015-05-01 23:56 - 00001148 _____ () C:\Users\EvNa\Desktop\mbam.txt
2015-05-01 08:50 - 2015-05-01 08:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\EvNa\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-30 09:27 - 2015-04-30 09:31 - 00000000 ____D () C:\AdwCleaner
2015-04-30 09:25 - 2015-04-30 09:25 - 02224640 _____ () C:\Users\EvNa\Desktop\adwcleaner_4.202.exe
2015-04-29 15:04 - 2015-04-29 15:21 - 00000000 ____D () C:\rsit
2015-04-29 15:03 - 2015-04-29 15:03 - 01222144 _____ () C:\Users\EvNa\Downloads\RSITx64.exe
2015-04-29 14:56 - 2015-04-29 14:56 - 00003836 _____ () C:\Users\EvNa\Desktop\uTorrent.exe.lnk
2015-04-29 14:43 - 2015-04-29 14:43 - 01685072 _____ (BitTorrent Inc.) C:\Users\EvNa\Downloads\uTorrent.exe
2015-04-29 14:36 - 2015-04-29 14:36 - 00001544 _____ () C:\Users\EvNa\Desktop\PhotoFiltre7.lnk
2015-04-26 11:03 - 2015-04-26 11:03 - 00000000 ____D () C:\Users\EvNa\AppData\Roaming\Mozilla
2015-04-26 11:03 - 2015-04-26 11:03 - 00000000 ____D () C:\Users\EvNa\AppData\Local\Mozilla
2015-04-26 11:02 - 2015-04-26 11:02 - 00243456 _____ () C:\Users\EvNa\Downloads\Firefox Setup Stub 37.0.2.exe
2015-04-26 11:02 - 2015-04-26 11:02 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-26 11:02 - 2015-04-26 11:02 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-26 11:02 - 2015-04-26 11:02 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-26 11:02 - 2015-04-26 11:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-26 11:02 - 2015-04-26 11:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-23 11:03 - 2015-04-23 11:03 - 00001176 _____ () C:\Users\Public\Desktop\Lingea Lexicon 5.lnk
2015-04-23 11:03 - 2015-04-23 11:03 - 00001171 _____ () C:\Users\Public\Desktop\Lingea LexWin.lnk
2015-04-23 11:03 - 2015-04-23 11:03 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Lingea Lexicon 5.lnk
2015-04-23 11:03 - 2015-04-23 11:03 - 00001143 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Lingea LexWin.lnk
2015-04-23 11:03 - 2015-04-23 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lingea Lexicon 5
2015-04-22 16:29 - 2015-04-22 16:29 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-04-22 16:29 - 2015-04-22 16:29 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-04-22 16:28 - 2015-04-22 16:28 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-04-22 16:27 - 2015-04-22 16:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-22 16:27 - 2015-04-22 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-22 14:21 - 2015-04-22 14:21 - 00000436 _____ () C:\Users\EvNa\Desktop\Tento počítač.lnk
2015-04-19 15:07 - 2015-04-19 15:07 - 13087456 _____ (Microsoft Corporation) C:\Users\EvNa\Downloads\Silverlight_x64 (2).exe
2015-04-19 13:06 - 2015-04-19 13:06 - 13087456 _____ (Microsoft Corporation) C:\Users\EvNa\Downloads\Silverlight_x64 (1).exe
2015-04-19 13:05 - 2015-04-22 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-19 13:05 - 2015-04-22 15:11 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-04-19 13:05 - 2015-04-22 15:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-04-19 13:04 - 2015-04-19 13:04 - 13087456 _____ (Microsoft Corporation) C:\Users\EvNa\Downloads\Silverlight_x64.exe
2015-04-19 12:05 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-19 12:05 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-19 12:05 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-19 12:05 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-19 12:05 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-19 12:05 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-19 12:05 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-17 22:13 - 2015-04-17 22:13 - 00001168 _____ () C:\Users\EvNa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mpc-hc64.lnk
2015-04-17 21:55 - 2015-04-17 21:55 - 00000000 ____D () C:\ProgramData\11309799271620032324
2015-04-17 14:26 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-17 14:26 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 13:53 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 13:53 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 13:53 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 13:53 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 13:53 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 13:53 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 13:53 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 13:53 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 13:53 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 13:53 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 13:53 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 13:53 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 13:53 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 13:53 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 13:53 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 13:53 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 13:53 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 13:53 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 13:53 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 13:53 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 13:53 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 13:53 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 13:52 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 13:52 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 13:52 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 13:52 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 13:52 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 13:52 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 13:52 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 13:52 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 13:52 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 13:52 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 13:52 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 13:52 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 13:52 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 13:52 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 13:52 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 13:51 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 13:51 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 13:51 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 13:51 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 13:51 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 13:51 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 13:51 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 13:51 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 13:51 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 13:51 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 13:51 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 13:51 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 13:51 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 13:51 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 13:51 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 13:51 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 13:51 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 13:51 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 13:51 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 13:51 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 13:51 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 13:51 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 13:51 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 13:51 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-05 11:18 - 2015-04-22 15:11 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-05 11:18 - 2015-04-05 11:18 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-04 12:00 - 2015-03-17 19:32 - 00020035 _____ () C:\WINDOWS\setupact.log
2015-05-04 12:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-04 11:59 - 2015-03-17 19:09 - 01580180 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-04 11:53 - 2013-12-02 16:08 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-04 11:50 - 2013-11-29 14:24 - 00000000 ____D () C:\Users\EvNa\AppData\Roaming\uTorrent
2015-05-04 11:50 - 2013-10-28 03:13 - 839258112 ___SH () C:\WINDOWS\lenovo_fastboot.img
2015-05-04 11:49 - 2014-04-06 11:00 - 00000000 __RDO () C:\Users\EvNa\SkyDrive
2015-05-04 11:49 - 2013-11-29 05:59 - 01421410 _____ () C:\Users\EvNa\AppData\Local\BTServer.log
2015-05-04 11:49 - 2013-11-29 05:59 - 00000466 _____ () C:\Users\EvNa\AppData\Local\RegisteredPackageInformation.xml
2015-05-03 00:36 - 2013-11-29 00:30 - 01745984 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-03 00:36 - 2013-09-30 05:56 - 00739924 _____ () C:\WINDOWS\system32\perfh005.dat
2015-05-03 00:36 - 2013-09-30 05:56 - 00151610 _____ () C:\WINDOWS\system32\perfc005.dat
2015-05-03 00:30 - 2015-03-17 19:31 - 00034172 _____ () C:\WINDOWS\PFRO.log
2015-05-03 00:30 - 2013-10-28 03:13 - 00000000 ____D () C:\ProgramData\Validity
2015-05-03 00:30 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-03 00:29 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-02 14:28 - 2013-11-29 06:56 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3177187913-545152391-116011665-1002
2015-05-02 13:47 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-01 21:34 - 2013-10-28 02:59 - 00000000 ____D () C:\ProgramData\Realtek
2015-05-01 21:33 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-04-29 15:04 - 2015-03-07 20:39 - 00000000 ____D () C:\Program Files\trend micro
2015-04-29 14:39 - 2014-03-10 23:04 - 00000000 ____D () C:\Users\EvNa\AppData\Roaming\Skype
2015-04-27 18:13 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-26 09:51 - 2013-11-29 06:06 - 00000000 ____D () C:\Users\EvNa\AppData\Local\Microsoft Help
2015-04-26 01:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-24 07:18 - 2013-08-22 16:44 - 00457936 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-24 00:35 - 2013-11-29 06:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-24 00:35 - 2013-11-28 19:50 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-24 00:30 - 2013-11-28 19:50 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-23 21:04 - 2014-10-23 12:50 - 00000000 ____D () C:\Users\EvNa\AppData\Roaming\LSC
2015-04-23 11:33 - 2013-12-02 17:40 - 00000000 ____D () C:\Users\EvNa\Documents\Lexicon
2015-04-23 11:02 - 2013-12-02 17:41 - 00000000 ____D () C:\Program Files (x86)\Lingea
2015-04-22 16:27 - 2014-03-10 23:04 - 00000000 ____D () C:\ProgramData\Skype
2015-04-22 15:11 - 2014-12-11 12:19 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-22 15:11 - 2014-07-10 19:26 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-22 15:11 - 2013-12-03 19:31 - 00000000 ____D () C:\Users\EvNa\AppData\Roaming\PhotoFiltre 7
2015-04-22 15:11 - 2013-11-29 11:59 - 00000000 ____D () C:\Program Files\MPC-HC
2015-04-22 15:11 - 2013-10-28 02:59 - 00000000 ____D () C:\ProgramData\Lenovo
2015-04-22 15:11 - 2013-09-30 05:58 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-04-22 15:11 - 2013-09-30 05:58 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-22 15:11 - 2013-08-22 17:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-04-22 15:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-22 15:11 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-22 15:11 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-04-22 15:11 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-04-22 15:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-22 15:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-22 15:11 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-04-22 15:11 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-04-22 14:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2015-04-19 12:42 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-17 21:56 - 2015-03-17 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2015-04-17 21:56 - 2014-11-15 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer
2015-04-17 21:56 - 2014-11-15 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-04-17 21:56 - 2014-06-15 17:28 - 00000000 ____D () C:\Users\EvNa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2015-04-17 21:56 - 2014-06-15 17:27 - 00000000 ____D () C:\The KMPlayer
2015-04-17 21:56 - 2014-04-04 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLABS 12.0
2015-04-17 21:56 - 2014-04-04 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2015-04-17 21:56 - 2014-03-31 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-17 21:56 - 2014-01-10 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Borland Delphi 7
2015-04-17 21:56 - 2014-01-07 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor
2015-04-17 21:56 - 2013-12-12 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-04-17 21:56 - 2013-12-03 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
2015-04-17 21:56 - 2013-12-02 19:55 - 00000000 ____D () C:\Users\EvNa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-17 21:56 - 2013-12-02 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-17 21:56 - 2013-12-02 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lingea Lexicon 2002
2015-04-17 21:56 - 2013-11-29 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-04-17 21:56 - 2013-11-29 14:24 - 00000000 ____D () C:\Users\EvNa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2015-04-17 21:56 - 2013-11-29 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2015-04-17 21:56 - 2013-11-29 06:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-17 21:56 - 2013-11-29 06:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-04-17 21:56 - 2013-10-28 03:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create
2015-04-17 21:56 - 2013-10-28 03:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-04-17 21:56 - 2013-10-28 03:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-04-15 18:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-14 01:24 - 2014-12-11 16:53 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2014-12-11 16:53 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-11 19:52 - 2014-11-12 13:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll

==================== Files in the root of some directories =======

2013-11-29 06:00 - 2013-12-17 23:44 - 0004088 _____ () C:\Users\EvNa\AppData\Roaming\AbsoluteReminder.xml
2013-11-29 05:59 - 2015-05-04 11:49 - 1421410 _____ () C:\Users\EvNa\AppData\Local\BTServer.log
2013-11-29 05:59 - 2015-05-04 11:49 - 0000466 _____ () C:\Users\EvNa\AppData\Local\RegisteredPackageInformation.xml
2013-11-28 22:27 - 2013-11-28 22:27 - 0007602 _____ () C:\Users\EvNa\AppData\Local\Resmon.ResmonCfg
2013-11-29 00:13 - 2013-11-29 00:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-12 18:51 - 2014-08-05 20:13 - 0002471 _____ () C:\ProgramData\hpzinstall.log
2013-10-28 03:16 - 2013-10-28 03:17 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2013-10-28 03:14 - 2013-10-28 03:15 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-10-28 03:15 - 2013-10-28 03:16 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2013-10-28 03:16 - 2013-10-28 03:16 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Some content of TEMP:
====================
C:\Users\EvNa\AppData\Local\Temp\obexpf.dll
C:\Users\EvNa\AppData\Local\Temp\Quarantine.exe
C:\Users\EvNa\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\EvNa\Desktop" je 36 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Stažený vir

#11 Příspěvek od Márty84 »

:arrow: Doporucuji odinstalovat Chrome, smazat vsechny jeho slozky, co pripadne zustanou, a pak znovu nainstalovat. Program hlasi, ze je s nim neco v neporadku, ale skriptem tohle opravit nelze. Pokud nechcete prijit o zalozky, muzete si je zazalohovat pomoci http://www.stahuj.centrum.cz/internet_a ... me-backup/



:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-3177187913-545152391-116011665-1002\...\Run: [uTorrent] => C:\Users\EvNa\Downloads\uTorrent.exe [1685072 2015-04-29] (BitTorrent Inc.)

SearchScopes: HKU\S-1-5-21-3177187913-545152391-116011665-1002 -> {C4B6B286-1CD6-410A-8D81-E35134F634AF} URL =

2015-05-03 00:28 - 2015-05-03 00:28 - 00321848 _____ (Malwarebytes Corporation) C:\Users\EvNa\Downloads\mbam-clean-2.1.1.1001.exe
2015-05-01 23:56 - 2015-05-01 23:56 - 00001148 _____ () C:\Users\EvNa\Desktop\mbam.txt
2015-05-01 08:50 - 2015-05-01 08:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\EvNa\Downloads\mbam-setup-2.1.6.1022.exe

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]

Hosts:
EmptyTemp:
Reboot:
End
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Neznaboh
Návštěvník
Návštěvník
Příspěvky: 28
Registrován: 15 zář 2008 16:43

Re: Stažený vir

#12 Příspěvek od Neznaboh »

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01
Ran by EvNa at 2015-05-07 11:45:18 Run:1
Running from C:\Users\EvNa\Desktop
Loaded Profiles: UpdatusUser & EvNa (Available profiles: UpdatusUser & EvNa)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-3177187913-545152391-116011665-1002\...\Run: [uTorrent] => C:\Users\EvNa\Downloads\uTorrent.exe [1685072 2015-04-29] (BitTorrent Inc.)

SearchScopes: HKU\S-1-5-21-3177187913-545152391-116011665-1002 -> {C4B6B286-1CD6-410A-8D81-E35134F634AF} URL =

2015-05-03 00:28 - 2015-05-03 00:28 - 00321848 _____ (Malwarebytes Corporation) C:\Users\EvNa\Downloads\mbam-clean-2.1.1.1001.exe
2015-05-01 23:56 - 2015-05-01 23:56 - 00001148 _____ () C:\Users\EvNa\Desktop\mbam.txt
2015-05-01 08:50 - 2015-05-01 08:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\EvNa\Downloads\mbam-setup-2.1.6.1022.exe

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-3177187913-545152391-116011665-1002\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully.
"HKU\S-1-5-21-3177187913-545152391-116011665-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4B6B286-1CD6-410A-8D81-E35134F634AF}" => Key deleted successfully.
HKCR\CLSID\{C4B6B286-1CD6-410A-8D81-E35134F634AF} => Key not found.
C:\Users\EvNa\Downloads\mbam-clean-2.1.1.1001.exe => Moved successfully.
C:\Users\EvNa\Desktop\mbam.txt => Moved successfully.
C:\Users\EvNa\Downloads\mbam-setup-2.1.6.1022.exe => Moved successfully.
SkypeUpdate => Service deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.3 GB temporary data.


The system needed a reboot.

==== End of Fixlog 11:46:44 ====
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Stažený vir

#13 Příspěvek od Márty84 »

:!: Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

:arrow:
vyosek píše: :arrow: DelFix https://toolslib.net/downloads/finish/2/
  • Stahnete a spustte
  • Ponechte zatrzitkou pouze u volby Remove disinfection tools
  • Kliknete na Run
:arrow: Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

:arrow: Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




:arrow: Pak napiste, jak je na tom pc.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Neznaboh
Návštěvník
Návštěvník
Příspěvky: 28
Registrován: 15 zář 2008 16:43

Re: Stažený vir

#14 Příspěvek od Neznaboh »

Po provedení všech úkonů funguje počítač bez potíží :) .
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Stažený vir

#15 Příspěvek od Márty84 »

V tom pripade mame hotovo :)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“