Prosím o kontrolu

[martin@vojtech.cz]

Dobrý den
kamarád včera otevřel zazipovaný soubor s virem, můžete prosím pomoci?

zde je log

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:06:00, on 23. 2. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17568)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\USB Camera\VM331STI.EXE
C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13-comm.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE
O4 - HKLM\..\Run: [Fastboot] "C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" /analysis
O4 - HKLM\..\Run: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Tomáš Chmelíř\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [jpmefuqxrchw] C:\windows\system32\cmd.exe /c start "" "C:\Users\Tomáš Chmelíř\Documents\pfnprrmyndxa.exe"
O4 - HKCU\..\Run: [kixbkitcjswk] C:\windows\system32\cmd.exe /c start "" "C:\Users\Tomáš Chmelíř\Documents\udfxceoqtmvy.exe"
O4 - HKCU\..\Run: [kffuaueaclir] C:\windows\system32\cmd.exe /c start "" "C:\Users\Tomáš Chmelíř\Documents\udfxceoqtmvy.exe"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5860.0512] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5860.0512"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6201.1019"
O4 - Startup: Dropbox.lnk = ?
O4 - Startup: Recovery+vihto.html
O4 - Startup: Recovery+vihto.png
O4 - Startup: Recovery+vihto.txt
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat do Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Odeslat do Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O9 - Extra 'Tools' menuitem: Odeslat do Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: AVControlCenter - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FastbootService - Lenovo - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem33.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Small Business Advantage (intelsba) - Intel Corporation - C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo QuickSnip Service - LENOVO INCORPORATED. - C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe
O23 - Service: Lenovo Settings Service - Lenovo Group Limited - C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
O23 - Service: Lenovo AVFramework Camera Privacy Controller (LENOVO.CAMMUTE) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\CamMute.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo AVFramework Microphone Volume Controller and Dolby Interface (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo AVFramework Virtual Camera Controller Service (LENOVO.TVTVCAM) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LnvMHService (LnvHotSpotSvc) - Lenovo - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
O23 - Service: LocationTaskManager - Unknown owner - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: Lenovo Settings Power Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: ValBioService - Validity Sensors, Inc. - C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
O23 - Service: Validity WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\windows\system32\valWBFPolicyService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: CryptoPlus XME Engine Service (xmengine service) - Monet+, a.s. - C:\windows\SysWOW64\xmesrv.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 19915 bytes

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[martin@vojtech.cz]

Zde je log. Mám ale zásadní problém, že nedokážu otevřít soubory.
Nabíhá mi po spuštění PC hláška o nějakém kryptování souborů.
Díky za radu.



# AdwCleaner v5.036 - Logfile created 23/02/2016 at 20:34:47
# Updated 22/02/2016 by Xplode
# Database : 2016-02-22.2 [Server]
# Operating system : Windows 8 Pro (x64)
# Username : Tomáš Chmelíř - LENOVO-PC
# Running from : C:\Users\Tomáš Chmelíř\Downloads\adwcleaner_5.036.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [801 bytes] - [23/02/2016 20:34:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [853 bytes] - [23/02/2016 20:30:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [945 bytes] ##########

[Rudy]

Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[martin@vojtech.cz]

tady to je


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
Ran by Tomáš Chmelíř (administrator) on LENOVO-PC (23-02-2016 22:58:15)
Running from C:\Users\Tomáš Chmelíř\Downloads
Loaded Profiles: Tomáš Chmelíř (Available Profiles: UpdatusUser & Tomáš Chmelíř)
Platform: Windows 8 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [TpShocks] => C:\windows\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937968 2014-08-12] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-20] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [738032 2013-11-02] (Lenovo)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SpIDerMail] => C:\Program Files (x86)\DrWeb\spiderml.exe [501080 2008-06-10] (Doctor Web, Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [Dropbox Update] => C:\Users\Tomáš Chmelíř\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [jpmefuqxrchw] => C:\windows\system32\cmd.exe /c start "" "C:\Users\Tomáš Chmelíř\Documents\pfnprrmyndxa.exe"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [kixbkitcjswk] => C:\windows\system32\cmd.exe /c start "" "C:\Users\Tomáš Chmelíř\Documents\udfxceoqtmvy.exe"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [kffuaueaclir] => C:\windows\system32\cmd.exe /c start "" "C:\Users\Tomáš Chmelíř\Documents\udfxceoqtmvy.exe"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\OneDrive\17.3.5860.0512] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5860.0512"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6201.1019"
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-10-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [156256 2013-10-31] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64\FileSyncShell64.dll [2016-02-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64\FileSyncShell64.dll [2016-02-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64\FileSyncShell64.dll [2016-02-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll [2016-02-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll [2016-02-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll [2016-02-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+vihto.png [2016-02-22] ()
Startup: C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2015-01-05]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.1.100.2
Tcpip\..\Interfaces\{6A6BF29D-F8AA-4C82-8895-C9CE0FDB14ED}: [DhcpNameServer] 10.1.100.2

Internet Explorer:
==================
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-1620661979-891840341-3484461041-1002 -> DefaultScope {5061AA94-AA7E-49BC-AC3B-A2E4A9B9587C} URL =
SearchScopes: HKU\S-1-5-21-1620661979-891840341-3484461041-1002 -> {5061AA94-AA7E-49BC-AC3B-A2E4A9B9587C} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1620661979-891840341-3484461041-1002: @servis24.cz/PKIComponent -> C:\Users\Tomáš Chmelíř\AppData\Roaming\CSAS\lib\x86\npPKIComponentNPAPI.dll [2015-02-16] (Česká spořitelna, a.s.)
FF Plugin HKU\S-1-5-21-1620661979-891840341-3484461041-1002: @servis24.cz/PKIComponent-x64 -> C:\Users\Tomáš Chmelíř\AppData\Roaming\CSAS\lib\x64\npPKIComponentNPAPI.dll [2014-10-01] (Česká spořitelna, a.s.)
FF Plugin HKU\S-1-5-21-1620661979-891840341-3484461041-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-22]
CHR Extension: (Disk Google) - C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-22]
CHR Extension: (YouTube) - C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-22]
CHR Extension: (Vyhledávání Google) - C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-22]
CHR Extension: (Komponenta pro aplikaci SERVIS 24) - C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default\Extensions\gincjcoomijeeoddomaaimknmflggfnb [2016-02-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-22]
CHR Extension: (Gmail) - C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [599024 2014-08-05] (Lenovo Corporation)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-11-02] (Lenovo)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-20] (Intel Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-04-10] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-20] (Intel Corporation)
S2 Lenovo QuickSnip Service; C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe [220488 2013-05-14] (LENOVO INCORPORATED.)
S2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2014664 2014-09-16] (Lenovo Group Limited)
S2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [562504 2013-05-14] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [727536 2014-08-05] (Lenovo Corporation)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-11] (Lenovo Group Limited)
S2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [474608 2014-08-12] (Lenovo)
S2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [470000 2014-06-10] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-02-23] (Enigma Software Group USA, LLC.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
S2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22776 2015-03-03] (Validity Sensors, Inc.)
S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-03-03] (Synaptics Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S2 xmengine service; C:\windows\SysWOW64\xmesrv.exe [34696 2015-01-12] (Monet+, a.s.)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1342848 2012-12-03] (Motorola Solutions, Inc.)
R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-23] ()
S2 eusk2par; C:\windows\system32\Drivers\eusk2par-amd64.sys [32336 2008-12-18] (Aladdin Knowledge Systems Ltd.)
R0 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [66288 2013-11-02] (Windows (R) Win 7 DDK provider)
S3 GemCCID; C:\Windows\system32\DRIVERS\GemCCID.sys [130944 2014-11-10] (Gemalto)
S3 kmloop; C:\Windows\system32\DRIVERS\loop.sys [15872 2012-07-26] (Microsoft Corporation)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-07] (Lenovo)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288992 2013-01-08] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-24] (Synaptics Incorporated)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-02] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-23 22:58 - 2016-02-23 22:58 - 00027579 _____ C:\Users\Tomáš Chmelíř\Downloads\FRST.txt
2016-02-23 22:58 - 2016-02-23 22:58 - 00000000 ____D C:\FRST
2016-02-23 22:57 - 2016-02-23 22:57 - 02371072 _____ (Farbar) C:\Users\Tomáš Chmelíř\Downloads\FRST64.exe
2016-02-23 22:30 - 2016-02-23 22:30 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Tomáš Chmelíř\Downloads\ShadowExplorer-0.9-setup (1).exe
2016-02-23 22:21 - 2016-02-23 22:21 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Tomáš Chmelíř\Downloads\ShadowExplorer-0.9-setup.exe
2016-02-23 22:15 - 2016-02-23 22:15 - 00000000 _____ C:\autoexec.bat
2016-02-23 22:14 - 2016-02-23 22:14 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys
2016-02-23 22:14 - 2016-02-23 22:14 - 00001098 _____ C:\Users\Tomáš Chmelíř\Desktop\SpyHunter.lnk
2016-02-23 22:14 - 2016-02-23 22:14 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Enigma Software Group
2016-02-23 22:14 - 2016-02-23 22:14 - 00000000 ____D C:\sh4ldr
2016-02-23 22:13 - 2016-02-23 22:13 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Tomáš Chmelíř\Downloads\SpyHunter-Installer.exe
2016-02-23 22:13 - 2016-02-23 22:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-02-23 22:00 - 2016-02-23 22:01 - 00003164 _____ C:\windows\System32\Tasks\ParetoLogic Registration3
2016-02-23 22:00 - 2016-02-23 22:00 - 00003334 _____ C:\windows\System32\Tasks\PC Health Advisor
2016-02-23 22:00 - 2016-02-23 22:00 - 00003306 _____ C:\windows\System32\Tasks\PC Health Advisor Defrag
2016-02-23 22:00 - 2016-02-23 22:00 - 00003290 _____ C:\windows\System32\Tasks\ParetoLogic Update Version3
2016-02-23 22:00 - 2016-02-23 22:00 - 00002952 _____ C:\windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2016-02-23 22:00 - 2016-02-23 22:00 - 00001108 _____ C:\Users\Tomáš Chmelíř\Desktop\ParetoLogic PC Health Advisor.lnk
2016-02-23 22:00 - 2016-02-23 22:00 - 00000530 _____ C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2016-02-23 22:00 - 2016-02-23 22:00 - 00000504 _____ C:\windows\Tasks\ParetoLogic Registration3.job
2016-02-23 22:00 - 2016-02-23 22:00 - 00000478 _____ C:\windows\Tasks\ParetoLogic Update Version3.job
2016-02-23 22:00 - 2016-02-23 22:00 - 00000436 _____ C:\windows\Tasks\PC Health Advisor Defrag.job
2016-02-23 22:00 - 2016-02-23 22:00 - 00000418 _____ C:\windows\Tasks\PC Health Advisor.job
2016-02-23 22:00 - 2016-02-23 22:00 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\ParetoLogic
2016-02-23 22:00 - 2016-02-23 22:00 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2016-02-23 22:00 - 2016-02-23 22:00 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\DriverCure
2016-02-23 22:00 - 2016-02-23 22:00 - 00000000 ____D C:\ProgramData\ParetoLogic
2016-02-23 22:00 - 2016-02-23 22:00 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2016-02-23 21:59 - 2016-02-23 22:00 - 05964208 _____ (ParetoLogic Inc.) C:\Users\Tomáš Chmelíř\Downloads\ParetoLogic PC Health Advisor (1).exe
2016-02-23 21:59 - 2016-02-23 21:59 - 05964208 _____ (ParetoLogic Inc.) C:\Users\Tomáš Chmelíř\Downloads\ParetoLogic PC Health Advisor.exe
2016-02-23 21:59 - 2016-02-23 21:59 - 02936816 _____ (ParetoLogic) C:\Users\Tomáš Chmelíř\Downloads\Pareto_DR_Setup_RW.exe
2016-02-23 20:29 - 2016-02-23 20:34 - 00000000 ____D C:\AdwCleaner
2016-02-23 20:29 - 2016-02-23 20:29 - 01511936 _____ C:\Users\Tomáš Chmelíř\Downloads\adwcleaner_5.036.exe
2016-02-23 10:51 - 2016-02-23 11:10 - 00000000 ____D C:\Users\Tomáš Chmelíř\DoctorWeb
2016-02-23 10:50 - 2016-02-23 10:50 - 00000592 _____ C:\windows\Tasks\Dr.Web automatic update.job
2016-02-23 10:49 - 2016-02-23 11:13 - 00000000 ____D C:\Program Files (x86)\DrWeb
2016-02-23 10:49 - 2016-02-23 10:51 - 00001865 _____ C:\Users\Public\Desktop\Skener Dr.Web.lnk
2016-02-23 10:49 - 2016-02-23 10:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr.Web
2016-02-23 10:49 - 2016-02-23 10:49 - 00077824 ____T (Doctor Web, Ltd.) C:\windows\SysWOW64\DRWEBSP.DLL
2016-02-23 10:47 - 2016-02-23 10:48 - 19410192 _____ (Macrovision Corporation) C:\Users\Tomáš Chmelíř\Downloads\drweb-444-win-cs.exe
2016-02-23 10:44 - 2016-02-23 10:44 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-02-23 10:43 - 2016-02-23 10:43 - 01927008 _____ (Kaspersky Lab) C:\Users\Tomáš Chmelíř\Downloads\kav16.0.0.614abcdcs_9608.exe
2016-02-23 10:24 - 2016-02-23 22:24 - 00484056 _____ C:\windows\ntbtlog.txt
2016-02-23 10:10 - 2016-02-23 10:10 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-23 08:23 - 2016-02-23 08:23 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-23 08:22 - 2016-02-23 08:22 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-23 08:22 - 2016-02-23 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-23 08:22 - 2016-02-23 08:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-23 08:22 - 2016-02-23 08:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-23 08:22 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-02-23 08:22 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-02-23 08:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-02-22 20:45 - 2016-02-23 20:39 - 00000959 _____ C:\Users\Tomáš Chmelíř\AppData\LocaldependencyLog.txt
2016-02-22 18:09 - 2016-02-22 18:09 - 00008289 _____ C:\windows\Tasks\Recovery+vihto.html
2016-02-22 18:09 - 2016-02-22 18:09 - 00002193 _____ C:\windows\Tasks\Recovery+vihto.txt
2016-02-22 18:02 - 2016-02-22 18:26 - 00008289 _____ C:\Users\Tomáš Chmelíř\Recovery+vihto.html
2016-02-22 18:02 - 2016-02-22 18:26 - 00002193 _____ C:\Users\Tomáš Chmelíř\Recovery+vihto.txt
2016-02-22 17:54 - 2016-02-22 18:26 - 00008289 _____ C:\Users\Tomáš Chmelíř\Downloads\Recovery+vihto.html
2016-02-22 17:54 - 2016-02-22 18:26 - 00002193 _____ C:\Users\Tomáš Chmelíř\Downloads\Recovery+vihto.txt
2016-02-22 17:25 - 2016-02-22 18:24 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\Roaming\Recovery+vihto.html
2016-02-22 17:25 - 2016-02-22 18:24 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\Recovery+vihto.html
2016-02-22 17:25 - 2016-02-22 18:24 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\Roaming\Recovery+vihto.txt
2016-02-22 17:25 - 2016-02-22 18:24 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\Recovery+vihto.txt
2016-02-22 17:24 - 2016-02-22 18:24 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+vihto.html
2016-02-22 17:24 - 2016-02-22 18:24 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+vihto.html
2016-02-22 17:24 - 2016-02-22 18:24 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\LocalLow\Recovery+vihto.html
2016-02-22 17:24 - 2016-02-22 18:24 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+vihto.txt
2016-02-22 17:24 - 2016-02-22 18:24 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+vihto.txt
2016-02-22 17:24 - 2016-02-22 18:24 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\LocalLow\Recovery+vihto.txt
2016-02-22 17:13 - 2016-02-22 18:24 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:24 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+vihto.txt
2016-02-22 17:13 - 2016-02-22 18:12 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\Local\Apps\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:12 - 00008289 _____ C:\Users\Public\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:12 - 00008289 _____ C:\Users\Public\Downloads\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:12 - 00008289 _____ C:\Users\Public\AppData\Roaming\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:12 - 00008289 _____ C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:12 - 00008289 _____ C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:12 - 00008289 _____ C:\Users\Public\AppData\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:12 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\Local\Apps\Recovery+vihto.txt
2016-02-22 17:13 - 2016-02-22 18:12 - 00002193 _____ C:\Users\Public\Recovery+vihto.txt
2016-02-22 17:13 - 2016-02-22 18:12 - 00002193 _____ C:\Users\Public\Downloads\Recovery+vihto.txt
2016-02-22 17:13 - 2016-02-22 18:12 - 00002193 _____ C:\Users\Public\AppData\Roaming\Recovery+vihto.txt
2016-02-22 17:13 - 2016-02-22 18:12 - 00002193 _____ C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+vihto.txt
2016-02-22 17:13 - 2016-02-22 18:12 - 00002193 _____ C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+vihto.txt
2016-02-22 17:13 - 2016-02-22 18:12 - 00002193 _____ C:\Users\Public\AppData\Recovery+vihto.txt
2016-02-22 17:10 - 2016-02-22 17:13 - 00008289 _____ C:\ProgramData\Recovery+vihto.html
2016-02-22 17:10 - 2016-02-22 17:13 - 00002193 _____ C:\ProgramData\Recovery+vihto.txt
2016-02-22 16:43 - 2016-02-22 16:43 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+kspto.html
2016-02-22 16:43 - 2016-02-22 16:43 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+kspto.txt
2016-02-22 16:42 - 2016-02-22 16:42 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\Local\Apps\Recovery+kspto.html
2016-02-22 16:42 - 2016-02-22 16:42 - 00008289 _____ C:\Users\Public\Recovery+kspto.html
2016-02-22 16:42 - 2016-02-22 16:42 - 00008289 _____ C:\Users\Public\Downloads\Recovery+kspto.html
2016-02-22 16:42 - 2016-02-22 16:42 - 00008289 _____ C:\Users\Public\AppData\Roaming\Recovery+kspto.html
2016-02-22 16:42 - 2016-02-22 16:42 - 00008289 _____ C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+kspto.html
2016-02-22 16:42 - 2016-02-22 16:42 - 00008289 _____ C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+kspto.html
2016-02-22 16:42 - 2016-02-22 16:42 - 00008289 _____ C:\Users\Public\AppData\Recovery+kspto.html
2016-02-22 16:42 - 2016-02-22 16:42 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\Local\Apps\Recovery+kspto.txt
2016-02-22 16:42 - 2016-02-22 16:42 - 00002193 _____ C:\Users\Public\Recovery+kspto.txt
2016-02-22 16:42 - 2016-02-22 16:42 - 00002193 _____ C:\Users\Public\Downloads\Recovery+kspto.txt
2016-02-22 16:42 - 2016-02-22 16:42 - 00002193 _____ C:\Users\Public\AppData\Roaming\Recovery+kspto.txt
2016-02-22 16:42 - 2016-02-22 16:42 - 00002193 _____ C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+kspto.txt
2016-02-22 16:42 - 2016-02-22 16:42 - 00002193 _____ C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+kspto.txt
2016-02-22 16:42 - 2016-02-22 16:42 - 00002193 _____ C:\Users\Public\AppData\Recovery+kspto.txt
2016-02-22 16:41 - 2016-02-22 16:42 - 00008289 _____ C:\ProgramData\Recovery+kspto.html
2016-02-22 16:41 - 2016-02-22 16:42 - 00002193 _____ C:\ProgramData\Recovery+kspto.txt
2016-02-17 09:52 - 2016-02-22 17:24 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-16 10:49 - 2016-02-16 10:49 - 00306792 _____ C:\windows\Minidump\021616-98484-01.dmp
2016-02-08 15:45 - 2016-02-23 22:28 - 01714430 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-01 17:19 - 2016-02-01 17:19 - 00025343 _____ C:\Users\Tomáš Chmelíř\Desktop\imgres.htm
2016-01-27 12:52 - 2016-02-22 17:10 - 00000000 ____D C:\SprachErsetzungen

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-23 22:28 - 2013-11-02 04:24 - 00726246 _____ C:\windows\system32\perfh005.dat
2016-02-23 22:28 - 2013-11-02 04:24 - 00147800 _____ C:\windows\system32\perfc005.dat
2016-02-23 22:28 - 2012-07-26 06:37 - 00000000 ____D C:\windows\Inf
2016-02-23 22:22 - 2013-11-02 03:57 - 839483392 ___SH C:\windows\lenovo_fastboot.img
2016-02-23 22:14 - 2013-11-02 04:42 - 00000000 ____D C:\Users\Tomáš Chmelíř
2016-02-23 21:32 - 2013-11-01 14:28 - 00000980 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-23 21:26 - 2015-06-16 12:14 - 00000970 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1620661979-891840341-3484461041-1002UA.job
2016-02-23 20:44 - 2012-07-26 08:59 - 00000000 ____D C:\windows\CbsTemp
2016-02-23 20:39 - 2013-11-02 04:43 - 00000290 _____ C:\Users\Tomáš Chmelíř\AppData\Local\RegisteredPackageInformation.xml
2016-02-23 20:39 - 2013-11-02 04:43 - 00000022 _____ C:\Users\Tomáš Chmelíř\AppData\LocalUserGuideLog.txt
2016-02-23 20:39 - 2013-11-02 04:43 - 00000000 _____ C:\Users\Tomáš Chmelíř\AppData\LocalMachineInfoLog.txt
2016-02-23 20:38 - 2013-11-26 08:06 - 00000000 ___RD C:\Users\Tomáš Chmelíř\Dropbox
2016-02-23 20:38 - 2013-11-04 19:02 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox
2016-02-23 20:37 - 2013-11-01 14:28 - 00000976 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-23 20:36 - 2013-11-02 03:57 - 00000000 ____D C:\ProgramData\Validity
2016-02-23 20:36 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-23 14:08 - 2012-07-26 06:26 - 00524288 ___SH C:\windows\system32\config\BBI
2016-02-23 10:49 - 2013-11-02 03:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-23 10:24 - 2016-01-10 19:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-02-23 10:24 - 2013-11-21 07:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-23 08:54 - 2012-07-26 09:12 - 00000000 __RSD C:\windows\Media
2016-02-23 08:25 - 2015-06-16 12:14 - 00000918 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1620661979-891840341-3484461041-1002Core.job
2016-02-22 21:08 - 2014-11-21 23:04 - 00000000 ___HD C:\$Windows.~BT
2016-02-22 20:28 - 2014-01-10 10:28 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Dokumenty 2014
2016-02-22 20:28 - 2013-11-04 20:11 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Dokumenty 2012
2016-02-22 20:28 - 2013-11-04 19:35 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Dokumenty 2013
2016-02-22 20:28 - 2013-11-04 19:33 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Dokumenty 2011
2016-02-22 20:27 - 2014-12-29 10:27 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Dokumenty 2015
2016-02-22 20:26 - 2016-01-04 10:10 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Dokumenty 2016
2016-02-22 18:09 - 2012-07-26 09:12 - 00000000 ____D C:\windows\tracing
2016-02-22 18:09 - 2012-07-26 09:12 - 00000000 ____D C:\windows\SysWOW64\FxsTmp
2016-02-22 18:02 - 2013-11-04 16:53 - 00000000 ____D C:\Users\Tomáš Chmelíř\PDF
2016-02-22 18:02 - 2013-11-04 14:23 - 00000000 ____D C:\Users\Tomáš Chmelíř\Soubory Outlook
2016-02-22 18:02 - 2013-11-04 14:03 - 00000000 ____D C:\Users\Tomáš Chmelíř\EasternGraphics
2016-02-22 18:02 - 2013-11-04 13:39 - 00000000 ___RD C:\Users\Tomáš Chmelíř\SkyDrive
2016-02-22 18:02 - 2013-11-04 10:56 - 00000000 ___RD C:\Users\Tomáš Chmelíř\Virtual
2016-02-22 17:54 - 2016-01-06 10:10 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\TM_photo_lr (1)
2016-02-22 17:54 - 2015-01-12 13:01 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\pki_cs
2016-02-22 17:54 - 2014-08-11 15:19 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Nová složka
2016-02-22 17:54 - 2014-01-20 18:09 - 00000000 ___RD C:\Users\Tomáš Chmelíř\Documents\Scanned Documents
2016-02-22 17:54 - 2014-01-20 18:09 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Fax
2016-02-22 17:54 - 2014-01-09 12:27 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Dokumenty PaperPort
2016-02-22 17:54 - 2013-12-09 09:17 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\MyWebPages
2016-02-22 17:54 - 2013-11-04 17:06 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Poznámkové bloky aplikace OneNote
2016-02-22 17:25 - 2015-12-02 20:09 - 00187792 _____ C:\Users\Tomáš Chmelíř\Desktop\dopis pro zákazníky - finální verze.pdf
2016-02-22 17:25 - 2015-04-20 21:58 - 00062592 _____ C:\Users\Tomáš Chmelíř\Desktop\ROTO-otočné-návod.pdf
2016-02-22 17:25 - 2015-01-12 14:14 - 00000000 ____D C:\Users\Tomáš Chmelíř\Desktop\Banka
2016-02-22 17:25 - 2014-09-29 10:27 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\CyberLink
2016-02-22 17:25 - 2014-05-06 19:22 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\byt_140
2016-02-22 17:25 - 2014-01-09 12:27 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Zeon
2016-02-22 17:25 - 2013-11-28 22:07 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\wargaming.net
2016-02-22 17:25 - 2013-11-25 09:29 - 00000000 ____D C:\Users\Tomáš Chmelíř\Desktop\SQLBase 8.5.0
2016-02-22 17:25 - 2013-11-04 14:04 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\VariCAD-Viewer.cz
2016-02-22 17:25 - 2013-11-04 11:16 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Thunderbird
2016-02-22 17:25 - 2013-11-04 10:38 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Windows Live Writer
2016-02-22 17:24 - 2015-09-09 13:01 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\LSC
2016-02-22 17:24 - 2015-01-12 13:04 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\CSAS
2016-02-22 17:24 - 2013-12-09 09:26 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\FLEXnet
2016-02-22 17:24 - 2013-12-09 09:18 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Nuance
2016-02-22 17:24 - 2013-12-07 16:31 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\LocalLow\Google
2016-02-22 17:24 - 2013-11-26 13:57 - 00000000 ___RD C:\Users\Tomáš Chmelíř\AppData\Roaming\Brother
2016-02-22 17:24 - 2013-11-26 13:57 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\LocalLow\Brother
2016-02-22 17:24 - 2013-11-26 13:52 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\ControlCenter4
2016-02-22 17:24 - 2013-11-26 13:43 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\InstallShield
2016-02-22 17:24 - 2013-11-25 09:34 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gupta
2016-02-22 17:24 - 2013-11-04 20:05 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Autodesk
2016-02-22 17:24 - 2013-11-04 14:03 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\EasternGraphics
2016-02-22 17:24 - 2013-11-04 11:16 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Mozilla
2016-02-22 17:24 - 2013-11-04 10:54 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Intel WiDi
2016-02-22 17:24 - 2013-11-04 10:51 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\TeamViewer
2016-02-22 17:24 - 2013-11-04 10:45 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\CyberLink
2016-02-22 17:24 - 2013-11-04 10:38 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Windows Live Writer
2016-02-22 17:24 - 2013-11-04 10:34 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Windows Live
2016-02-22 17:24 - 2013-11-02 04:44 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Lenovo
2016-02-22 17:24 - 2013-11-02 04:43 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Adobe
2016-02-22 17:24 - 2013-11-02 04:42 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Macromedia
2016-02-22 17:24 - 2013-11-02 04:42 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Intel
2016-02-22 17:24 - 2013-11-02 04:42 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\VirtualStore
2016-02-22 17:24 - 2013-11-01 14:57 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\GHISLER
2016-02-22 17:22 - 2013-11-04 11:16 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Thunderbird
2016-02-22 17:22 - 2013-11-04 07:55 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Tvsukernel
2016-02-22 17:18 - 2013-11-02 04:43 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Power2Go
2016-02-22 17:18 - 2013-11-02 04:42 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Packages
2016-02-22 17:17 - 2013-11-04 07:59 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft Help
2016-02-22 17:14 - 2014-03-10 17:47 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Lenovo
2016-02-22 17:14 - 2013-11-04 14:02 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\InstallAware Installation Information
2016-02-22 17:14 - 2013-11-04 10:54 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Intel WiDi
2016-02-22 17:14 - 2013-11-04 10:54 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Intel
2016-02-22 17:14 - 2013-11-02 04:54 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\LSC
2016-02-22 17:14 - 2013-11-01 14:28 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Google
2016-02-22 17:13 - 2015-06-16 12:14 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Dropbox
2016-02-22 17:13 - 2015-01-12 13:05 - 00000000 ____D C:\ProgramData\SmartCard Reader Installation
2016-02-22 17:13 - 2014-09-29 10:27 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Cyberlink
2016-02-22 17:13 - 2013-12-09 09:18 - 00000000 ____D C:\ProgramData\zeon
2016-02-22 17:13 - 2013-12-09 09:18 - 00000000 ____D C:\ProgramData\ScanSoft
2016-02-22 17:13 - 2013-11-04 20:06 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Autodesk
2016-02-22 17:13 - 2013-11-04 20:06 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2016-02-22 17:13 - 2013-11-04 14:03 - 00000000 ___HD C:\ProgramData\{E4059467-2DA5-4195-89B6-1BB15CAD489C}
2016-02-22 17:13 - 2013-11-04 14:03 - 00000000 ___HD C:\ProgramData\{9559969E-5786-48CA-87AB-B7695EC37420}
2016-02-22 17:13 - 2013-11-04 10:45 - 00000000 ____D C:\Users\Public\CyberLink
2016-02-22 17:13 - 2013-11-04 07:25 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\GHISLER
2016-02-22 17:13 - 2013-11-02 04:55 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Adobe
2016-02-22 17:13 - 2013-11-02 04:43 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Absolute_Software
2016-02-22 17:13 - 2013-11-02 04:38 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-22 17:13 - 2013-11-02 04:06 - 00000000 ____D C:\Users\Public\Symantec
2016-02-22 17:13 - 2013-11-02 04:03 - 00000000 ____D C:\Users\Public\Lenovo
2016-02-22 17:13 - 2013-11-02 03:57 - 00000000 ____D C:\ProgramData\Temp
2016-02-22 17:13 - 2013-11-02 03:42 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-02-22 17:13 - 2013-11-02 03:42 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-22 17:13 - 2013-11-01 16:12 - 00000000 ____D C:\ProgramData\StartW8
2016-02-22 17:13 - 2013-11-01 14:27 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Deployment
2016-02-22 17:13 - 2013-11-01 14:27 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Apps\2.0
2016-02-22 17:13 - 2013-03-25 22:03 - 00000000 ____D C:\ProgramData\PRICache
2016-02-22 17:13 - 2012-07-26 09:12 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-22 17:12 - 2013-12-09 09:17 - 00000000 ____D C:\ProgramData\Nuance
2016-02-22 17:12 - 2013-11-21 07:57 - 00000000 ____D C:\ProgramData\Mozilla
2016-02-22 17:12 - 2013-11-04 13:39 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-02-22 17:12 - 2013-11-02 04:04 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-02-22 17:12 - 2013-11-02 04:04 - 00000000 ____D C:\ProgramData\Norton
2016-02-22 17:12 - 2013-11-02 04:03 - 00000000 ____D C:\ProgramData\NoiseSuppressionTips
2016-02-22 17:11 - 2015-06-16 12:14 - 00000000 ____D C:\ProgramData\Dropbox
2016-02-22 17:11 - 2013-12-09 09:17 - 00000000 ____D C:\ProgramData\FLEXnet
2016-02-22 17:11 - 2013-11-04 14:02 - 00000000 ____D C:\ProgramData\EasternGraphics
2016-02-22 17:11 - 2013-11-02 04:19 - 00000000 ____D C:\ProgramData\Lenovo
2016-02-22 17:11 - 2013-11-02 04:00 - 00000000 ____D C:\ProgramData\install_clap
2016-02-22 17:11 - 2013-11-02 03:40 - 00000000 ____D C:\ProgramData\Intel
2016-02-22 17:10 - 2015-01-12 13:01 - 00000000 ____D C:\ProgramData\CPInstall
2016-02-22 17:10 - 2014-05-06 07:45 - 00000000 ____D C:\SprachErsetzungen alt
2016-02-22 17:10 - 2013-11-26 13:44 - 00000000 ____D C:\ProgramData\ControlCenter4
2016-02-22 17:10 - 2013-11-25 21:01 - 00000000 ____D C:\ProgramData\Brother
2016-02-22 17:10 - 2013-11-04 20:05 - 00000000 ____D C:\ProgramData\Autodesk
2016-02-22 17:10 - 2013-11-02 03:57 - 00000000 ____D C:\ProgramData\CyberLink
2016-02-22 17:10 - 2013-11-02 03:57 - 00000000 ____D C:\ProgramData\CLSK
2016-02-22 17:10 - 2013-11-02 03:56 - 00000000 ____D C:\ProgramData\Adobe
2016-02-22 17:10 - 2013-11-02 03:45 - 00000000 ____D C:\ProgramData\Conexant
2016-02-22 17:10 - 2013-11-01 14:57 - 00000000 ____D C:\totalcmd
2016-02-22 17:06 - 2013-11-25 09:34 - 00000000 ____D C:\price
2016-02-22 17:03 - 2015-03-25 07:41 - 00000000 ___HD C:\OneDriveTemp
2016-02-22 17:03 - 2014-11-03 13:43 - 00000000 ____D C:\4MCAD12CLASSIC
2016-02-22 17:03 - 2014-06-30 12:40 - 00000000 ____D C:\Games
2016-02-22 17:03 - 2014-04-03 15:13 - 00000000 ____D C:\FOTO nezařaz
2016-02-22 17:03 - 2013-11-26 13:44 - 00000000 ____D C:\Brother
2016-02-22 17:03 - 2013-11-25 09:35 - 00000000 ____D C:\32bitpri
2016-02-22 17:03 - 2013-11-25 09:33 - 00000000 ____D C:\Centura
2016-02-22 17:03 - 2013-11-04 20:04 - 00000000 ____D C:\Autodesk
2016-02-22 17:03 - 2013-11-02 03:40 - 00000000 ____D C:\Intel
2016-02-20 09:41 - 2013-11-01 14:32 - 00002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-18 17:02 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2016-02-16 12:30 - 2012-07-26 09:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-16 10:49 - 2014-03-21 17:04 - 840793415 _____ C:\windows\MEMORY.DMP
2016-02-16 10:49 - 2014-03-21 17:04 - 00000000 ____D C:\windows\Minidump
2016-02-13 18:23 - 2014-02-20 11:11 - 00002347 _____ C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-12 09:22 - 2012-07-26 06:26 - 00000167 _____ C:\windows\win.ini
2016-02-12 09:21 - 2013-11-01 14:36 - 00000000 ____D C:\windows\system32\MRT
2016-02-12 09:15 - 2013-11-01 14:36 - 146614896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-02-02 13:27 - 2013-11-01 14:28 - 00003952 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 13:27 - 2013-11-01 14:28 - 00003716 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-29 09:33 - 2014-07-15 13:36 - 00002053 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-01-29 09:33 - 2014-07-15 13:36 - 00002051 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-01-29 09:33 - 2014-07-15 13:36 - 00002041 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-01-29 09:33 - 2014-07-15 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-01-27 17:12 - 2014-01-08 09:53 - 00000000 ____D C:\windows\SysWOW64\NV
2016-01-27 17:09 - 2014-01-08 09:53 - 00000000 ____D C:\windows\system32\NV

==================== Files in the root of some directories =======

2013-11-02 04:43 - 2013-11-02 04:43 - 0000000 _____ () C:\Users\Tomáš Chmelíř\AppData\Roaming\AbsoluteReminder.xml
2016-02-22 17:25 - 2016-02-22 18:24 - 0008289 _____ () C:\Users\Tomáš Chmelíř\AppData\Roaming\Recovery+vihto.html
2016-02-22 17:25 - 2016-02-22 18:24 - 0070070 _____ () C:\Users\Tomáš Chmelíř\AppData\Roaming\Recovery+vihto.png
2016-02-22 17:25 - 2016-02-22 18:24 - 0002193 _____ () C:\Users\Tomáš Chmelíř\AppData\Roaming\Recovery+vihto.txt
2016-02-22 17:24 - 2016-02-22 18:24 - 0008289 _____ () C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Recovery+vihto.html
2016-02-22 17:24 - 2016-02-22 18:24 - 0070070 _____ () C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Recovery+vihto.png
2016-02-22 17:24 - 2016-02-22 18:24 - 0002193 _____ () C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Recovery+vihto.txt
2016-01-27 12:57 - 2016-01-14 11:11 - 0032313 _____ () C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\SprachErsetzungen.dotm
2016-02-22 16:43 - 2016-02-22 16:43 - 0008289 _____ () C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+kspto.html
2016-02-22 16:43 - 2016-02-22 16:43 - 0070070 _____ () C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+kspto.png
2016-02-22 16:43 - 2016-02-22 16:43 - 0002193 _____ () C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+kspto.txt
2016-02-22 17:13 - 2016-02-22 18:24 - 0008289 _____ () C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:24 - 0070070 _____ () C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+vihto.png
2016-02-22 17:13 - 2016-02-22 18:24 - 0002193 _____ () C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+vihto.txt
2013-11-02 04:43 - 2016-02-23 20:39 - 0000290 _____ () C:\Users\Tomáš Chmelíř\AppData\Local\RegisteredPackageInformation.xml
2013-11-02 03:46 - 2013-11-02 03:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-02-22 16:41 - 2016-02-22 16:42 - 0008289 _____ () C:\ProgramData\Recovery+kspto.html
2016-02-22 16:41 - 2016-02-22 16:42 - 0070070 _____ () C:\ProgramData\Recovery+kspto.png
2016-02-22 16:41 - 2016-02-22 16:42 - 0002193 _____ () C:\ProgramData\Recovery+kspto.txt
2016-02-22 17:10 - 2016-02-22 17:13 - 0008289 _____ () C:\ProgramData\Recovery+vihto.html
2016-02-22 17:10 - 2016-02-22 17:13 - 0070070 _____ () C:\ProgramData\Recovery+vihto.png
2016-02-22 17:10 - 2016-02-22 17:13 - 0002193 _____ () C:\ProgramData\Recovery+vihto.txt
2013-11-02 04:00 - 2013-11-02 04:00 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2013-11-02 03:57 - 2013-11-02 03:59 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-11-02 03:59 - 2013-11-02 04:00 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2013-11-02 04:00 - 2013-11-02 04:00 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Some files in TEMP:
====================
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\4194304.exe
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\AcDeltree.exe
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1os10e.dll
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\GUR8603.exe
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\GURD6A1.exe
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\ose00000.exe
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\sqlite3.dll
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\_isD61A.exe
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\_isD63B.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-15 13:01

==================== End of FRST.txt ============================

[martin@vojtech.cz]

tady to je


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
Ran by Tomáš Chmelíř (administrator) on LENOVO-PC (23-02-2016 22:58:15)
Running from C:\Users\Tomáš Chmelíř\Downloads
Loaded Profiles: Tomáš Chmelíř (Available Profiles: UpdatusUser & Tomáš Chmelíř)
Platform: Windows 8 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [TpShocks] => C:\windows\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937968 2014-08-12] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] => rundll32.exe "C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll",AVStartupStub
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-20] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [738032 2013-11-02] (Lenovo)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SpIDerMail] => C:\Program Files (x86)\DrWeb\spiderml.exe [501080 2008-06-10] (Doctor Web, Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [Dropbox Update] => C:\Users\Tomáš Chmelíř\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [jpmefuqxrchw] => C:\windows\system32\cmd.exe /c start "" "C:\Users\Tomáš Chmelíř\Documents\pfnprrmyndxa.exe"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [kixbkitcjswk] => C:\windows\system32\cmd.exe /c start "" "C:\Users\Tomáš Chmelíř\Documents\udfxceoqtmvy.exe"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [kffuaueaclir] => C:\windows\system32\cmd.exe /c start "" "C:\Users\Tomáš Chmelíř\Documents\udfxceoqtmvy.exe"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\OneDrive\17.3.5860.0512] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5860.0512"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\RunOnce: [Uninstall C:\Users\Tom�a Chmel�Y\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6201.1019"
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-10-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [156256 2013-10-31] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64\FileSyncShell64.dll [2016-02-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64\FileSyncShell64.dll [2016-02-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64\FileSyncShell64.dll [2016-02-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll [2016-02-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll [2016-02-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll [2016-02-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+vihto.png [2016-02-22] ()
Startup: C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2015-01-05]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.1.100.2
Tcpip\..\Interfaces\{6A6BF29D-F8AA-4C82-8895-C9CE0FDB14ED}: [DhcpNameServer] 10.1.100.2

Internet Explorer:
==================
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\S-1-5-21-1620661979-891840341-3484461041-1002 -> DefaultScope {5061AA94-AA7E-49BC-AC3B-A2E4A9B9587C} URL =
SearchScopes: HKU\S-1-5-21-1620661979-891840341-3484461041-1002 -> {5061AA94-AA7E-49BC-AC3B-A2E4A9B9587C} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1620661979-891840341-3484461041-1002: @servis24.cz/PKIComponent -> C:\Users\Tomáš Chmelíř\AppData\Roaming\CSAS\lib\x86\npPKIComponentNPAPI.dll [2015-02-16] (Česká spořitelna, a.s.)
FF Plugin HKU\S-1-5-21-1620661979-891840341-3484461041-1002: @servis24.cz/PKIComponent-x64 -> C:\Users\Tomáš Chmelíř\AppData\Roaming\CSAS\lib\x64\npPKIComponentNPAPI.dll [2014-10-01] (Česká spořitelna, a.s.)
FF Plugin HKU\S-1-5-21-1620661979-891840341-3484461041-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-22]
CHR Extension: (Disk Google) - C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-22]
CHR Extension: (YouTube) - C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-22]
CHR Extension: (Vyhledávání Google) - C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-22]
CHR Extension: (Komponenta pro aplikaci SERVIS 24) - C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default\Extensions\gincjcoomijeeoddomaaimknmflggfnb [2016-02-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-22]
CHR Extension: (Gmail) - C:\Users\Tomáš Chmelíř\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [599024 2014-08-05] (Lenovo Corporation)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-11-02] (Lenovo)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-20] (Intel Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-04-10] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-20] (Intel Corporation)
S2 Lenovo QuickSnip Service; C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe [220488 2013-05-14] (LENOVO INCORPORATED.)
S2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2014664 2014-09-16] (Lenovo Group Limited)
S2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [562504 2013-05-14] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [727536 2014-08-05] (Lenovo Corporation)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-11] (Lenovo Group Limited)
S2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [474608 2014-08-12] (Lenovo)
S2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [470000 2014-06-10] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-02-23] (Enigma Software Group USA, LLC.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
S2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22776 2015-03-03] (Validity Sensors, Inc.)
S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-03-03] (Synaptics Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S2 xmengine service; C:\windows\SysWOW64\xmesrv.exe [34696 2015-01-12] (Monet+, a.s.)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1342848 2012-12-03] (Motorola Solutions, Inc.)
R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-23] ()
S2 eusk2par; C:\windows\system32\Drivers\eusk2par-amd64.sys [32336 2008-12-18] (Aladdin Knowledge Systems Ltd.)
R0 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [66288 2013-11-02] (Windows (R) Win 7 DDK provider)
S3 GemCCID; C:\Windows\system32\DRIVERS\GemCCID.sys [130944 2014-11-10] (Gemalto)
S3 kmloop; C:\Windows\system32\DRIVERS\loop.sys [15872 2012-07-26] (Microsoft Corporation)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-07] (Lenovo)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288992 2013-01-08] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-24] (Synaptics Incorporated)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-02] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-23 22:58 - 2016-02-23 22:58 - 00027579 _____ C:\Users\Tomáš Chmelíř\Downloads\FRST.txt
2016-02-23 22:58 - 2016-02-23 22:58 - 00000000 ____D C:\FRST
2016-02-23 22:57 - 2016-02-23 22:57 - 02371072 _____ (Farbar) C:\Users\Tomáš Chmelíř\Downloads\FRST64.exe
2016-02-23 22:30 - 2016-02-23 22:30 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Tomáš Chmelíř\Downloads\ShadowExplorer-0.9-setup (1).exe
2016-02-23 22:21 - 2016-02-23 22:21 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Tomáš Chmelíř\Downloads\ShadowExplorer-0.9-setup.exe
2016-02-23 22:15 - 2016-02-23 22:15 - 00000000 _____ C:\autoexec.bat
2016-02-23 22:14 - 2016-02-23 22:14 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys
2016-02-23 22:14 - 2016-02-23 22:14 - 00001098 _____ C:\Users\Tomáš Chmelíř\Desktop\SpyHunter.lnk
2016-02-23 22:14 - 2016-02-23 22:14 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Enigma Software Group
2016-02-23 22:14 - 2016-02-23 22:14 - 00000000 ____D C:\sh4ldr
2016-02-23 22:13 - 2016-02-23 22:13 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Tomáš Chmelíř\Downloads\SpyHunter-Installer.exe
2016-02-23 22:13 - 2016-02-23 22:13 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-02-23 22:00 - 2016-02-23 22:01 - 00003164 _____ C:\windows\System32\Tasks\ParetoLogic Registration3
2016-02-23 22:00 - 2016-02-23 22:00 - 00003334 _____ C:\windows\System32\Tasks\PC Health Advisor
2016-02-23 22:00 - 2016-02-23 22:00 - 00003306 _____ C:\windows\System32\Tasks\PC Health Advisor Defrag
2016-02-23 22:00 - 2016-02-23 22:00 - 00003290 _____ C:\windows\System32\Tasks\ParetoLogic Update Version3
2016-02-23 22:00 - 2016-02-23 22:00 - 00002952 _____ C:\windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2016-02-23 22:00 - 2016-02-23 22:00 - 00001108 _____ C:\Users\Tomáš Chmelíř\Desktop\ParetoLogic PC Health Advisor.lnk
2016-02-23 22:00 - 2016-02-23 22:00 - 00000530 _____ C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2016-02-23 22:00 - 2016-02-23 22:00 - 00000504 _____ C:\windows\Tasks\ParetoLogic Registration3.job
2016-02-23 22:00 - 2016-02-23 22:00 - 00000478 _____ C:\windows\Tasks\ParetoLogic Update Version3.job
2016-02-23 22:00 - 2016-02-23 22:00 - 00000436 _____ C:\windows\Tasks\PC Health Advisor Defrag.job
2016-02-23 22:00 - 2016-02-23 22:00 - 00000418 _____ C:\windows\Tasks\PC Health Advisor.job
2016-02-23 22:00 - 2016-02-23 22:00 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\ParetoLogic
2016-02-23 22:00 - 2016-02-23 22:00 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2016-02-23 22:00 - 2016-02-23 22:00 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\DriverCure
2016-02-23 22:00 - 2016-02-23 22:00 - 00000000 ____D C:\ProgramData\ParetoLogic
2016-02-23 22:00 - 2016-02-23 22:00 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2016-02-23 21:59 - 2016-02-23 22:00 - 05964208 _____ (ParetoLogic Inc.) C:\Users\Tomáš Chmelíř\Downloads\ParetoLogic PC Health Advisor (1).exe
2016-02-23 21:59 - 2016-02-23 21:59 - 05964208 _____ (ParetoLogic Inc.) C:\Users\Tomáš Chmelíř\Downloads\ParetoLogic PC Health Advisor.exe
2016-02-23 21:59 - 2016-02-23 21:59 - 02936816 _____ (ParetoLogic) C:\Users\Tomáš Chmelíř\Downloads\Pareto_DR_Setup_RW.exe
2016-02-23 20:29 - 2016-02-23 20:34 - 00000000 ____D C:\AdwCleaner
2016-02-23 20:29 - 2016-02-23 20:29 - 01511936 _____ C:\Users\Tomáš Chmelíř\Downloads\adwcleaner_5.036.exe
2016-02-23 10:51 - 2016-02-23 11:10 - 00000000 ____D C:\Users\Tomáš Chmelíř\DoctorWeb
2016-02-23 10:50 - 2016-02-23 10:50 - 00000592 _____ C:\windows\Tasks\Dr.Web automatic update.job
2016-02-23 10:49 - 2016-02-23 11:13 - 00000000 ____D C:\Program Files (x86)\DrWeb
2016-02-23 10:49 - 2016-02-23 10:51 - 00001865 _____ C:\Users\Public\Desktop\Skener Dr.Web.lnk
2016-02-23 10:49 - 2016-02-23 10:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr.Web
2016-02-23 10:49 - 2016-02-23 10:49 - 00077824 ____T (Doctor Web, Ltd.) C:\windows\SysWOW64\DRWEBSP.DLL
2016-02-23 10:47 - 2016-02-23 10:48 - 19410192 _____ (Macrovision Corporation) C:\Users\Tomáš Chmelíř\Downloads\drweb-444-win-cs.exe
2016-02-23 10:44 - 2016-02-23 10:44 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-02-23 10:43 - 2016-02-23 10:43 - 01927008 _____ (Kaspersky Lab) C:\Users\Tomáš Chmelíř\Downloads\kav16.0.0.614abcdcs_9608.exe
2016-02-23 10:24 - 2016-02-23 22:24 - 00484056 _____ C:\windows\ntbtlog.txt
2016-02-23 10:10 - 2016-02-23 10:10 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-23 08:23 - 2016-02-23 08:23 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-23 08:22 - 2016-02-23 08:22 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-23 08:22 - 2016-02-23 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-23 08:22 - 2016-02-23 08:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-23 08:22 - 2016-02-23 08:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-23 08:22 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-02-23 08:22 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-02-23 08:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-02-22 20:45 - 2016-02-23 20:39 - 00000959 _____ C:\Users\Tomáš Chmelíř\AppData\LocaldependencyLog.txt
2016-02-22 18:09 - 2016-02-22 18:09 - 00008289 _____ C:\windows\Tasks\Recovery+vihto.html
2016-02-22 18:09 - 2016-02-22 18:09 - 00002193 _____ C:\windows\Tasks\Recovery+vihto.txt
2016-02-22 18:02 - 2016-02-22 18:26 - 00008289 _____ C:\Users\Tomáš Chmelíř\Recovery+vihto.html
2016-02-22 18:02 - 2016-02-22 18:26 - 00002193 _____ C:\Users\Tomáš Chmelíř\Recovery+vihto.txt
2016-02-22 17:54 - 2016-02-22 18:26 - 00008289 _____ C:\Users\Tomáš Chmelíř\Downloads\Recovery+vihto.html
2016-02-22 17:54 - 2016-02-22 18:26 - 00002193 _____ C:\Users\Tomáš Chmelíř\Downloads\Recovery+vihto.txt
2016-02-22 17:25 - 2016-02-22 18:24 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\Roaming\Recovery+vihto.html
2016-02-22 17:25 - 2016-02-22 18:24 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\Recovery+vihto.html
2016-02-22 17:25 - 2016-02-22 18:24 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\Roaming\Recovery+vihto.txt
2016-02-22 17:25 - 2016-02-22 18:24 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\Recovery+vihto.txt
2016-02-22 17:24 - 2016-02-22 18:24 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+vihto.html
2016-02-22 17:24 - 2016-02-22 18:24 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+vihto.html
2016-02-22 17:24 - 2016-02-22 18:24 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\LocalLow\Recovery+vihto.html
2016-02-22 17:24 - 2016-02-22 18:24 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+vihto.txt
2016-02-22 17:24 - 2016-02-22 18:24 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+vihto.txt
2016-02-22 17:24 - 2016-02-22 18:24 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\LocalLow\Recovery+vihto.txt
2016-02-22 17:13 - 2016-02-22 18:24 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:24 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+vihto.txt
2016-02-22 17:13 - 2016-02-22 18:12 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\Local\Apps\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:12 - 00008289 _____ C:\Users\Public\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:12 - 00008289 _____ C:\Users\Public\Downloads\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:12 - 00008289 _____ C:\Users\Public\AppData\Roaming\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:12 - 00008289 _____ C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:12 - 00008289 _____ C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:12 - 00008289 _____ C:\Users\Public\AppData\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:12 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\Local\Apps\Recovery+vihto.txt
2016-02-22 17:13 - 2016-02-22 18:12 - 00002193 _____ C:\Users\Public\Recovery+vihto.txt
2016-02-22 17:13 - 2016-02-22 18:12 - 00002193 _____ C:\Users\Public\Downloads\Recovery+vihto.txt
2016-02-22 17:13 - 2016-02-22 18:12 - 00002193 _____ C:\Users\Public\AppData\Roaming\Recovery+vihto.txt
2016-02-22 17:13 - 2016-02-22 18:12 - 00002193 _____ C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+vihto.txt
2016-02-22 17:13 - 2016-02-22 18:12 - 00002193 _____ C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+vihto.txt
2016-02-22 17:13 - 2016-02-22 18:12 - 00002193 _____ C:\Users\Public\AppData\Recovery+vihto.txt
2016-02-22 17:10 - 2016-02-22 17:13 - 00008289 _____ C:\ProgramData\Recovery+vihto.html
2016-02-22 17:10 - 2016-02-22 17:13 - 00002193 _____ C:\ProgramData\Recovery+vihto.txt
2016-02-22 16:43 - 2016-02-22 16:43 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+kspto.html
2016-02-22 16:43 - 2016-02-22 16:43 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+kspto.txt
2016-02-22 16:42 - 2016-02-22 16:42 - 00008289 _____ C:\Users\Tomáš Chmelíř\AppData\Local\Apps\Recovery+kspto.html
2016-02-22 16:42 - 2016-02-22 16:42 - 00008289 _____ C:\Users\Public\Recovery+kspto.html
2016-02-22 16:42 - 2016-02-22 16:42 - 00008289 _____ C:\Users\Public\Downloads\Recovery+kspto.html
2016-02-22 16:42 - 2016-02-22 16:42 - 00008289 _____ C:\Users\Public\AppData\Roaming\Recovery+kspto.html
2016-02-22 16:42 - 2016-02-22 16:42 - 00008289 _____ C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+kspto.html
2016-02-22 16:42 - 2016-02-22 16:42 - 00008289 _____ C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+kspto.html
2016-02-22 16:42 - 2016-02-22 16:42 - 00008289 _____ C:\Users\Public\AppData\Recovery+kspto.html
2016-02-22 16:42 - 2016-02-22 16:42 - 00002193 _____ C:\Users\Tomáš Chmelíř\AppData\Local\Apps\Recovery+kspto.txt
2016-02-22 16:42 - 2016-02-22 16:42 - 00002193 _____ C:\Users\Public\Recovery+kspto.txt
2016-02-22 16:42 - 2016-02-22 16:42 - 00002193 _____ C:\Users\Public\Downloads\Recovery+kspto.txt
2016-02-22 16:42 - 2016-02-22 16:42 - 00002193 _____ C:\Users\Public\AppData\Roaming\Recovery+kspto.txt
2016-02-22 16:42 - 2016-02-22 16:42 - 00002193 _____ C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+kspto.txt
2016-02-22 16:42 - 2016-02-22 16:42 - 00002193 _____ C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+kspto.txt
2016-02-22 16:42 - 2016-02-22 16:42 - 00002193 _____ C:\Users\Public\AppData\Recovery+kspto.txt
2016-02-22 16:41 - 2016-02-22 16:42 - 00008289 _____ C:\ProgramData\Recovery+kspto.html
2016-02-22 16:41 - 2016-02-22 16:42 - 00002193 _____ C:\ProgramData\Recovery+kspto.txt
2016-02-17 09:52 - 2016-02-22 17:24 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-16 10:49 - 2016-02-16 10:49 - 00306792 _____ C:\windows\Minidump\021616-98484-01.dmp
2016-02-08 15:45 - 2016-02-23 22:28 - 01714430 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-01 17:19 - 2016-02-01 17:19 - 00025343 _____ C:\Users\Tomáš Chmelíř\Desktop\imgres.htm
2016-01-27 12:52 - 2016-02-22 17:10 - 00000000 ____D C:\SprachErsetzungen

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-23 22:28 - 2013-11-02 04:24 - 00726246 _____ C:\windows\system32\perfh005.dat
2016-02-23 22:28 - 2013-11-02 04:24 - 00147800 _____ C:\windows\system32\perfc005.dat
2016-02-23 22:28 - 2012-07-26 06:37 - 00000000 ____D C:\windows\Inf
2016-02-23 22:22 - 2013-11-02 03:57 - 839483392 ___SH C:\windows\lenovo_fastboot.img
2016-02-23 22:14 - 2013-11-02 04:42 - 00000000 ____D C:\Users\Tomáš Chmelíř
2016-02-23 21:32 - 2013-11-01 14:28 - 00000980 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-23 21:26 - 2015-06-16 12:14 - 00000970 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1620661979-891840341-3484461041-1002UA.job
2016-02-23 20:44 - 2012-07-26 08:59 - 00000000 ____D C:\windows\CbsTemp
2016-02-23 20:39 - 2013-11-02 04:43 - 00000290 _____ C:\Users\Tomáš Chmelíř\AppData\Local\RegisteredPackageInformation.xml
2016-02-23 20:39 - 2013-11-02 04:43 - 00000022 _____ C:\Users\Tomáš Chmelíř\AppData\LocalUserGuideLog.txt
2016-02-23 20:39 - 2013-11-02 04:43 - 00000000 _____ C:\Users\Tomáš Chmelíř\AppData\LocalMachineInfoLog.txt
2016-02-23 20:38 - 2013-11-26 08:06 - 00000000 ___RD C:\Users\Tomáš Chmelíř\Dropbox
2016-02-23 20:38 - 2013-11-04 19:02 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Dropbox
2016-02-23 20:37 - 2013-11-01 14:28 - 00000976 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-23 20:36 - 2013-11-02 03:57 - 00000000 ____D C:\ProgramData\Validity
2016-02-23 20:36 - 2012-07-26 08:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-23 14:08 - 2012-07-26 06:26 - 00524288 ___SH C:\windows\system32\config\BBI
2016-02-23 10:49 - 2013-11-02 03:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-23 10:24 - 2016-01-10 19:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-02-23 10:24 - 2013-11-21 07:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-23 08:54 - 2012-07-26 09:12 - 00000000 __RSD C:\windows\Media
2016-02-23 08:25 - 2015-06-16 12:14 - 00000918 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1620661979-891840341-3484461041-1002Core.job
2016-02-22 21:08 - 2014-11-21 23:04 - 00000000 ___HD C:\$Windows.~BT
2016-02-22 20:28 - 2014-01-10 10:28 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Dokumenty 2014
2016-02-22 20:28 - 2013-11-04 20:11 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Dokumenty 2012
2016-02-22 20:28 - 2013-11-04 19:35 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Dokumenty 2013
2016-02-22 20:28 - 2013-11-04 19:33 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Dokumenty 2011
2016-02-22 20:27 - 2014-12-29 10:27 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Dokumenty 2015
2016-02-22 20:26 - 2016-01-04 10:10 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Dokumenty 2016
2016-02-22 18:09 - 2012-07-26 09:12 - 00000000 ____D C:\windows\tracing
2016-02-22 18:09 - 2012-07-26 09:12 - 00000000 ____D C:\windows\SysWOW64\FxsTmp
2016-02-22 18:02 - 2013-11-04 16:53 - 00000000 ____D C:\Users\Tomáš Chmelíř\PDF
2016-02-22 18:02 - 2013-11-04 14:23 - 00000000 ____D C:\Users\Tomáš Chmelíř\Soubory Outlook
2016-02-22 18:02 - 2013-11-04 14:03 - 00000000 ____D C:\Users\Tomáš Chmelíř\EasternGraphics
2016-02-22 18:02 - 2013-11-04 13:39 - 00000000 ___RD C:\Users\Tomáš Chmelíř\SkyDrive
2016-02-22 18:02 - 2013-11-04 10:56 - 00000000 ___RD C:\Users\Tomáš Chmelíř\Virtual
2016-02-22 17:54 - 2016-01-06 10:10 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\TM_photo_lr (1)
2016-02-22 17:54 - 2015-01-12 13:01 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\pki_cs
2016-02-22 17:54 - 2014-08-11 15:19 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Nová složka
2016-02-22 17:54 - 2014-01-20 18:09 - 00000000 ___RD C:\Users\Tomáš Chmelíř\Documents\Scanned Documents
2016-02-22 17:54 - 2014-01-20 18:09 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Fax
2016-02-22 17:54 - 2014-01-09 12:27 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Dokumenty PaperPort
2016-02-22 17:54 - 2013-12-09 09:17 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\MyWebPages
2016-02-22 17:54 - 2013-11-04 17:06 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\Poznámkové bloky aplikace OneNote
2016-02-22 17:25 - 2015-12-02 20:09 - 00187792 _____ C:\Users\Tomáš Chmelíř\Desktop\dopis pro zákazníky - finální verze.pdf
2016-02-22 17:25 - 2015-04-20 21:58 - 00062592 _____ C:\Users\Tomáš Chmelíř\Desktop\ROTO-otočné-návod.pdf
2016-02-22 17:25 - 2015-01-12 14:14 - 00000000 ____D C:\Users\Tomáš Chmelíř\Desktop\Banka
2016-02-22 17:25 - 2014-09-29 10:27 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\CyberLink
2016-02-22 17:25 - 2014-05-06 19:22 - 00000000 ____D C:\Users\Tomáš Chmelíř\Documents\byt_140
2016-02-22 17:25 - 2014-01-09 12:27 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Zeon
2016-02-22 17:25 - 2013-11-28 22:07 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\wargaming.net
2016-02-22 17:25 - 2013-11-25 09:29 - 00000000 ____D C:\Users\Tomáš Chmelíř\Desktop\SQLBase 8.5.0
2016-02-22 17:25 - 2013-11-04 14:04 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\VariCAD-Viewer.cz
2016-02-22 17:25 - 2013-11-04 11:16 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Thunderbird
2016-02-22 17:25 - 2013-11-04 10:38 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Windows Live Writer
2016-02-22 17:24 - 2015-09-09 13:01 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\LSC
2016-02-22 17:24 - 2015-01-12 13:04 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\CSAS
2016-02-22 17:24 - 2013-12-09 09:26 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\FLEXnet
2016-02-22 17:24 - 2013-12-09 09:18 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Nuance
2016-02-22 17:24 - 2013-12-07 16:31 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\LocalLow\Google
2016-02-22 17:24 - 2013-11-26 13:57 - 00000000 ___RD C:\Users\Tomáš Chmelíř\AppData\Roaming\Brother
2016-02-22 17:24 - 2013-11-26 13:57 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\LocalLow\Brother
2016-02-22 17:24 - 2013-11-26 13:52 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\ControlCenter4
2016-02-22 17:24 - 2013-11-26 13:43 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\InstallShield
2016-02-22 17:24 - 2013-11-25 09:34 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gupta
2016-02-22 17:24 - 2013-11-04 20:05 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Autodesk
2016-02-22 17:24 - 2013-11-04 14:03 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\EasternGraphics
2016-02-22 17:24 - 2013-11-04 11:16 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Mozilla
2016-02-22 17:24 - 2013-11-04 10:54 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Intel WiDi
2016-02-22 17:24 - 2013-11-04 10:51 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\TeamViewer
2016-02-22 17:24 - 2013-11-04 10:45 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\CyberLink
2016-02-22 17:24 - 2013-11-04 10:38 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Windows Live Writer
2016-02-22 17:24 - 2013-11-04 10:34 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Windows Live
2016-02-22 17:24 - 2013-11-02 04:44 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Lenovo
2016-02-22 17:24 - 2013-11-02 04:43 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Adobe
2016-02-22 17:24 - 2013-11-02 04:42 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Macromedia
2016-02-22 17:24 - 2013-11-02 04:42 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\Intel
2016-02-22 17:24 - 2013-11-02 04:42 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\VirtualStore
2016-02-22 17:24 - 2013-11-01 14:57 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Roaming\GHISLER
2016-02-22 17:22 - 2013-11-04 11:16 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Thunderbird
2016-02-22 17:22 - 2013-11-04 07:55 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Tvsukernel
2016-02-22 17:18 - 2013-11-02 04:43 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Power2Go
2016-02-22 17:18 - 2013-11-02 04:42 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Packages
2016-02-22 17:17 - 2013-11-04 07:59 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Microsoft Help
2016-02-22 17:14 - 2014-03-10 17:47 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Lenovo
2016-02-22 17:14 - 2013-11-04 14:02 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\InstallAware Installation Information
2016-02-22 17:14 - 2013-11-04 10:54 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Intel WiDi
2016-02-22 17:14 - 2013-11-04 10:54 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Intel
2016-02-22 17:14 - 2013-11-02 04:54 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\LSC
2016-02-22 17:14 - 2013-11-01 14:28 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Google
2016-02-22 17:13 - 2015-06-16 12:14 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Dropbox
2016-02-22 17:13 - 2015-01-12 13:05 - 00000000 ____D C:\ProgramData\SmartCard Reader Installation
2016-02-22 17:13 - 2014-09-29 10:27 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Cyberlink
2016-02-22 17:13 - 2013-12-09 09:18 - 00000000 ____D C:\ProgramData\zeon
2016-02-22 17:13 - 2013-12-09 09:18 - 00000000 ____D C:\ProgramData\ScanSoft
2016-02-22 17:13 - 2013-11-04 20:06 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Autodesk
2016-02-22 17:13 - 2013-11-04 20:06 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2016-02-22 17:13 - 2013-11-04 14:03 - 00000000 ___HD C:\ProgramData\{E4059467-2DA5-4195-89B6-1BB15CAD489C}
2016-02-22 17:13 - 2013-11-04 14:03 - 00000000 ___HD C:\ProgramData\{9559969E-5786-48CA-87AB-B7695EC37420}
2016-02-22 17:13 - 2013-11-04 10:45 - 00000000 ____D C:\Users\Public\CyberLink
2016-02-22 17:13 - 2013-11-04 07:25 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\GHISLER
2016-02-22 17:13 - 2013-11-02 04:55 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Adobe
2016-02-22 17:13 - 2013-11-02 04:43 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Absolute_Software
2016-02-22 17:13 - 2013-11-02 04:38 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-22 17:13 - 2013-11-02 04:06 - 00000000 ____D C:\Users\Public\Symantec
2016-02-22 17:13 - 2013-11-02 04:03 - 00000000 ____D C:\Users\Public\Lenovo
2016-02-22 17:13 - 2013-11-02 03:57 - 00000000 ____D C:\ProgramData\Temp
2016-02-22 17:13 - 2013-11-02 03:42 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-02-22 17:13 - 2013-11-02 03:42 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-22 17:13 - 2013-11-01 16:12 - 00000000 ____D C:\ProgramData\StartW8
2016-02-22 17:13 - 2013-11-01 14:27 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Deployment
2016-02-22 17:13 - 2013-11-01 14:27 - 00000000 ____D C:\Users\Tomáš Chmelíř\AppData\Local\Apps\2.0
2016-02-22 17:13 - 2013-03-25 22:03 - 00000000 ____D C:\ProgramData\PRICache
2016-02-22 17:13 - 2012-07-26 09:12 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-22 17:12 - 2013-12-09 09:17 - 00000000 ____D C:\ProgramData\Nuance
2016-02-22 17:12 - 2013-11-21 07:57 - 00000000 ____D C:\ProgramData\Mozilla
2016-02-22 17:12 - 2013-11-04 13:39 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-02-22 17:12 - 2013-11-02 04:04 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-02-22 17:12 - 2013-11-02 04:04 - 00000000 ____D C:\ProgramData\Norton
2016-02-22 17:12 - 2013-11-02 04:03 - 00000000 ____D C:\ProgramData\NoiseSuppressionTips
2016-02-22 17:11 - 2015-06-16 12:14 - 00000000 ____D C:\ProgramData\Dropbox
2016-02-22 17:11 - 2013-12-09 09:17 - 00000000 ____D C:\ProgramData\FLEXnet
2016-02-22 17:11 - 2013-11-04 14:02 - 00000000 ____D C:\ProgramData\EasternGraphics
2016-02-22 17:11 - 2013-11-02 04:19 - 00000000 ____D C:\ProgramData\Lenovo
2016-02-22 17:11 - 2013-11-02 04:00 - 00000000 ____D C:\ProgramData\install_clap
2016-02-22 17:11 - 2013-11-02 03:40 - 00000000 ____D C:\ProgramData\Intel
2016-02-22 17:10 - 2015-01-12 13:01 - 00000000 ____D C:\ProgramData\CPInstall
2016-02-22 17:10 - 2014-05-06 07:45 - 00000000 ____D C:\SprachErsetzungen alt
2016-02-22 17:10 - 2013-11-26 13:44 - 00000000 ____D C:\ProgramData\ControlCenter4
2016-02-22 17:10 - 2013-11-25 21:01 - 00000000 ____D C:\ProgramData\Brother
2016-02-22 17:10 - 2013-11-04 20:05 - 00000000 ____D C:\ProgramData\Autodesk
2016-02-22 17:10 - 2013-11-02 03:57 - 00000000 ____D C:\ProgramData\CyberLink
2016-02-22 17:10 - 2013-11-02 03:57 - 00000000 ____D C:\ProgramData\CLSK
2016-02-22 17:10 - 2013-11-02 03:56 - 00000000 ____D C:\ProgramData\Adobe
2016-02-22 17:10 - 2013-11-02 03:45 - 00000000 ____D C:\ProgramData\Conexant
2016-02-22 17:10 - 2013-11-01 14:57 - 00000000 ____D C:\totalcmd
2016-02-22 17:06 - 2013-11-25 09:34 - 00000000 ____D C:\price
2016-02-22 17:03 - 2015-03-25 07:41 - 00000000 ___HD C:\OneDriveTemp
2016-02-22 17:03 - 2014-11-03 13:43 - 00000000 ____D C:\4MCAD12CLASSIC
2016-02-22 17:03 - 2014-06-30 12:40 - 00000000 ____D C:\Games
2016-02-22 17:03 - 2014-04-03 15:13 - 00000000 ____D C:\FOTO nezařaz
2016-02-22 17:03 - 2013-11-26 13:44 - 00000000 ____D C:\Brother
2016-02-22 17:03 - 2013-11-25 09:35 - 00000000 ____D C:\32bitpri
2016-02-22 17:03 - 2013-11-25 09:33 - 00000000 ____D C:\Centura
2016-02-22 17:03 - 2013-11-04 20:04 - 00000000 ____D C:\Autodesk
2016-02-22 17:03 - 2013-11-02 03:40 - 00000000 ____D C:\Intel
2016-02-20 09:41 - 2013-11-01 14:32 - 00002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-18 17:02 - 2012-07-26 09:12 - 00000000 ____D C:\windows\AUInstallAgent
2016-02-16 12:30 - 2012-07-26 09:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-16 10:49 - 2014-03-21 17:04 - 840793415 _____ C:\windows\MEMORY.DMP
2016-02-16 10:49 - 2014-03-21 17:04 - 00000000 ____D C:\windows\Minidump
2016-02-13 18:23 - 2014-02-20 11:11 - 00002347 _____ C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-12 09:22 - 2012-07-26 06:26 - 00000167 _____ C:\windows\win.ini
2016-02-12 09:21 - 2013-11-01 14:36 - 00000000 ____D C:\windows\system32\MRT
2016-02-12 09:15 - 2013-11-01 14:36 - 146614896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-02-02 13:27 - 2013-11-01 14:28 - 00003952 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 13:27 - 2013-11-01 14:28 - 00003716 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-29 09:33 - 2014-07-15 13:36 - 00002053 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-01-29 09:33 - 2014-07-15 13:36 - 00002051 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-01-29 09:33 - 2014-07-15 13:36 - 00002041 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-01-29 09:33 - 2014-07-15 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-01-27 17:12 - 2014-01-08 09:53 - 00000000 ____D C:\windows\SysWOW64\NV
2016-01-27 17:09 - 2014-01-08 09:53 - 00000000 ____D C:\windows\system32\NV

==================== Files in the root of some directories =======

2013-11-02 04:43 - 2013-11-02 04:43 - 0000000 _____ () C:\Users\Tomáš Chmelíř\AppData\Roaming\AbsoluteReminder.xml
2016-02-22 17:25 - 2016-02-22 18:24 - 0008289 _____ () C:\Users\Tomáš Chmelíř\AppData\Roaming\Recovery+vihto.html
2016-02-22 17:25 - 2016-02-22 18:24 - 0070070 _____ () C:\Users\Tomáš Chmelíř\AppData\Roaming\Recovery+vihto.png
2016-02-22 17:25 - 2016-02-22 18:24 - 0002193 _____ () C:\Users\Tomáš Chmelíř\AppData\Roaming\Recovery+vihto.txt
2016-02-22 17:24 - 2016-02-22 18:24 - 0008289 _____ () C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Recovery+vihto.html
2016-02-22 17:24 - 2016-02-22 18:24 - 0070070 _____ () C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Recovery+vihto.png
2016-02-22 17:24 - 2016-02-22 18:24 - 0002193 _____ () C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\Recovery+vihto.txt
2016-01-27 12:57 - 2016-01-14 11:11 - 0032313 _____ () C:\Users\Tomáš Chmelíř\AppData\Roaming\Microsoft\SprachErsetzungen.dotm
2016-02-22 16:43 - 2016-02-22 16:43 - 0008289 _____ () C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+kspto.html
2016-02-22 16:43 - 2016-02-22 16:43 - 0070070 _____ () C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+kspto.png
2016-02-22 16:43 - 2016-02-22 16:43 - 0002193 _____ () C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+kspto.txt
2016-02-22 17:13 - 2016-02-22 18:24 - 0008289 _____ () C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+vihto.html
2016-02-22 17:13 - 2016-02-22 18:24 - 0070070 _____ () C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+vihto.png
2016-02-22 17:13 - 2016-02-22 18:24 - 0002193 _____ () C:\Users\Tomáš Chmelíř\AppData\Local\Recovery+vihto.txt
2013-11-02 04:43 - 2016-02-23 20:39 - 0000290 _____ () C:\Users\Tomáš Chmelíř\AppData\Local\RegisteredPackageInformation.xml
2013-11-02 03:46 - 2013-11-02 03:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-02-22 16:41 - 2016-02-22 16:42 - 0008289 _____ () C:\ProgramData\Recovery+kspto.html
2016-02-22 16:41 - 2016-02-22 16:42 - 0070070 _____ () C:\ProgramData\Recovery+kspto.png
2016-02-22 16:41 - 2016-02-22 16:42 - 0002193 _____ () C:\ProgramData\Recovery+kspto.txt
2016-02-22 17:10 - 2016-02-22 17:13 - 0008289 _____ () C:\ProgramData\Recovery+vihto.html
2016-02-22 17:10 - 2016-02-22 17:13 - 0070070 _____ () C:\ProgramData\Recovery+vihto.png
2016-02-22 17:10 - 2016-02-22 17:13 - 0002193 _____ () C:\ProgramData\Recovery+vihto.txt
2013-11-02 04:00 - 2013-11-02 04:00 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2013-11-02 03:57 - 2013-11-02 03:59 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-11-02 03:59 - 2013-11-02 04:00 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2013-11-02 04:00 - 2013-11-02 04:00 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Some files in TEMP:
====================
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\4194304.exe
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\AcDeltree.exe
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1os10e.dll
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\GUR8603.exe
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\GURD6A1.exe
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\ose00000.exe
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\sqlite3.dll
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\_isD61A.exe
C:\Users\Tomáš Chmelíř\AppData\Local\Temp\_isD63B.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-15 13:01

==================== End of FRST.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [jpmefuqxrchw] => C:\windows\system32\cmd.exe /c start "" "C:\Users\Tomáš Chmelíř\Documents\pfnprrmyndxa.exe"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [kixbkitcjswk] => C:\windows\system32\cmd.exe /c start "" "C:\Users\Tomáš Chmelíř\Documents\udfxceoqtmvy.exe"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [kffuaueaclir] => C:\windows\system32\cmd.exe /c start "" "C:\Users\Tomáš Chmelíř\Documents\udfxceoqtmvy.exe"
C:\Users\Tomáš Chmelíř\Documents\pfnprrmyndxa.exe
C:\Users\Tomáš Chmelíř\Documents\udfxceoqtmvy.exe
C:\Users\Tomáš Chmelíř\Documents\udfxceoqtmvy.exe
SearchScopes: HKU\S-1-5-21-1620661979-891840341-3484461041-1002 -> DefaultScope {5061AA94-AA7E-49BC-AC3B-A2E4A9B9587C} URL =
SearchScopes: HKU\S-1-5-21-1620661979-891840341-3484461041-1002 -> {5061AA94-AA7E-49BC-AC3B-A2E4A9B9587C} URL =
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\{E4059467-2DA5-4195-89B6-1BB15CAD489C}
C:\ProgramData\{9559969E-5786-48CA-87AB-B7695EC37420}
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\DP45977C.lfl
C:\Users\Tomáš Chmelíř\AppData\Local\Temp
End

Uložte do C:\Users\Tomáš Chmelíř\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[martin@vojtech.cz]

Tady to je

Fix result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
Ran by Tomáš Chmelíř (2016-02-24 15:10:04) Run:1
Running from C:\Users\Tomáš Chmelíř\Downloads
Loaded Profiles: Tomáš Chmelíř (Available Profiles: UpdatusUser & Tomáš Chmelíř)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [jpmefuqxrchw] => C:\windows\system32\cmd.exe /c start "" "C:\Users\Tomáš Chmelíř\Documents\pfnprrmyndxa.exe"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [kixbkitcjswk] => C:\windows\system32\cmd.exe /c start "" "C:\Users\Tomáš Chmelíř\Documents\udfxceoqtmvy.exe"
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\...\Run: [kffuaueaclir] => C:\windows\system32\cmd.exe /c start "" "C:\Users\Tomáš Chmelíř\Documents\udfxceoqtmvy.exe"
C:\Users\Tomáš Chmelíř\Documents\pfnprrmyndxa.exe
C:\Users\Tomáš Chmelíř\Documents\udfxceoqtmvy.exe
C:\Users\Tomáš Chmelíř\Documents\udfxceoqtmvy.exe
SearchScopes: HKU\S-1-5-21-1620661979-891840341-3484461041-1002 -> DefaultScope {5061AA94-AA7E-49BC-AC3B-A2E4A9B9587C} URL =
SearchScopes: HKU\S-1-5-21-1620661979-891840341-3484461041-1002 -> {5061AA94-AA7E-49BC-AC3B-A2E4A9B9587C} URL =
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\{E4059467-2DA5-4195-89B6-1BB15CAD489C}
C:\ProgramData\{9559969E-5786-48CA-87AB-B7695EC37420}
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\DP45977C.lfl
C:\Users\Tomáš Chmelíř\AppData\Local\Temp
End
*****************

HKU\S-1-5-21-1620661979-891840341-3484461041-1002\Software\Microsoft\Windows\CurrentVersion\Run\\jpmefuqxrchw => value removed successfully
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\Software\Microsoft\Windows\CurrentVersion\Run\\kixbkitcjswk => value removed successfully
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\Software\Microsoft\Windows\CurrentVersion\Run\\kffuaueaclir => value removed successfully
"C:\Users\Tomáš Chmelíř\Documents\pfnprrmyndxa.exe" => not found.
"C:\Users\Tomáš Chmelíř\Documents\udfxceoqtmvy.exe" => not found.
"C:\Users\Tomáš Chmelíř\Documents\udfxceoqtmvy.exe" => not found.
HKU\S-1-5-21-1620661979-891840341-3484461041-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1620661979-891840341-3484461041-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5061AA94-AA7E-49BC-AC3B-A2E4A9B9587C}" => key removed successfully
HKCR\CLSID\{5061AA94-AA7E-49BC-AC3B-A2E4A9B9587C} => key not found.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\ProgramData\{E4059467-2DA5-4195-89B6-1BB15CAD489C} => moved successfully
C:\ProgramData\{9559969E-5786-48CA-87AB-B7695EC37420} => moved successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

"C:\Users\Tomáš Chmelíř\AppData\Local\Temp" folder move:

Could not move "C:\Users\Tomáš Chmelíř\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-24 15:13:47)

C:\Users\Tomáš Chmelíř\AppData\Local\Temp => moved successfully

==== End of Fixlog 15:13:48 ====

[Rudy]

Smazáno. Vše v pořádku?

[martin@vojtech.cz]

Jak se to vezme, pc se chová celkem běžně, ale je problém že mi to přejmenovalo všechny soubory s příponami pdf, xls, doc atd. přidalo to tam příponu mp3 a já je nemůžu otevřít.

[Rudy]

No, měl jste tam rootkity. Když je přejmenujete správně, jdou pak otevřít?

[martin@vojtech.cz]

Otevřít to bohužel nejde ani po přejmenování.

Tento soubor nelze otevřít

vyskytly se potíže s formátem souborů.


Někde jsem se dočetl že je to snad kryptováno tím virem.

je to možné?


Díky za odpověď

[Rudy]

Je to doknce pravděpodobné. Dekryptování lze v některých případech provést, bohužel ale ne přes fórum. Je třeba, aby měl rádce přímý přístup do PC, což nemáme právně ošetřeno. Toto dělají naši kolegové zde: https://neslape.cz/?utm_campaign=neslap ... ium=banner . Druhá možnost je obnvit ze zálohy, pokud nějakou máte. PC je odvirován.

[martin@vojtech.cz]

Díky za pomoc, zkusím se obrátit na kolegy.

[Rudy]

Nemáte zač!