Dllhost.exe *32 COM surrogate

[killghostik]

Dobrý večer jsem už zoufalej, prosím o pomoc s tímhle swinským programem "Dllhost.exe *32 COM surrogate" objevilo se mi to v PC, nejdříve jsem měl nějak zpomalený PC pak přestaly složky a programy fungovat a dneska v poledne se mi nb totalně sesypal. Zkoušel jsem tedy tovární nastavení, ale i po něm co se PC tak nějak spustilo jede disk ve správcích souborů na maximální výkon, ramky se pomalu zvyšují, při startu byly na 2,9gb z 8gb a furt to leze nahoru
Prosím potřebuju nějakou radu co s tím, musím na tom NB pracovat a takhle jsem bez práce a náhradní nemám

předem děkuju

[motji]

Dobrý večer,
vložte log z Frstu http://forum.viry.cz/viewtopic.php?f=13&t=133100

[killghostik]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
Ran by Michal (administrator) on GHOSTIK (24-02-2016 05:11:31)
Running from C:\Users\Michal\Downloads
Loaded Profiles: Michal (Available Profiles: Michal)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-06-10] (Realtek semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-03-09] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16093512 2015-03-09] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [8235848 2015-03-09] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [638432 2014-04-04] (McAfee, Inc.)
HKU\S-1-5-21-4214841829-689274777-3306210627-1001\...\Run: [Pokki] => C:\Users\Michal\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe [6513480 2014-10-11] (Pokki)
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-09-26] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [106304 2014-09-26] (Amazon Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-03-09]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2E71816C-9EEB-472F-A344-19B3F1D1EF1C}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-4214841829-689274777-3306210627-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4214841829-689274777-3306210627-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4214841829-689274777-3306210627-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-4214841829-689274777-3306210627-1001 -> DefaultScope {CBF10E4D-242D-40A8-8DE8-D97FD91BFB37} URL =
SearchScopes: HKU\S-1-5-21-4214841829-689274777-3306210627-1001 -> {CBF10E4D-242D-40A8-8DE8-D97FD91BFB37} URL =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-17] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-17] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-17] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-24] (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-24] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-24]
CHR Extension: (Dokumenty Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-24]
CHR Extension: (Disk Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Tabulky Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-24]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0142441456311195mcinstcleanup; C:\windows\TEMP\014244~1.EXE [851136 2014-05-20] (McAfee, Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [980224 2014-12-05] (Broadcom Corporation.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-04-04] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2015-03-09] (Lenovo(beijing) Limited)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-03-09] (Lenovo(beijing) Limited)
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1844024 2014-08-01] (Maxthon)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [556008 2014-04-17] (McAfee, Inc.)
R3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-04-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-04-04] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-04-04] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [599304 2014-04-14] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-04-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-04-04] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-04-04] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-04] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-04-04] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-04-04] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-26] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-26] (PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-03-09] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2015-03-09] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2015-03-09] (Lenovo)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2015-03-09] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7592664 2014-12-05] (Broadcom Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-04] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-04] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-04] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-04] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-04] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9121496 2014-06-10] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-03-07] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-11-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-11-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-24 12:32 - 2016-02-24 12:32 - 00000000 _____ C:\Recovery.txt
2016-02-24 12:02 - 2016-02-24 12:02 - 00001279 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2016-02-24 12:02 - 2016-02-24 12:02 - 00000000 ____D C:\ProgramData\LU
2016-02-24 12:00 - 2016-02-24 05:07 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4214841829-689274777-3306210627-1001
2016-02-24 11:58 - 2016-02-24 12:01 - 00000000 ____D C:\Users\Michal\AppData\Local\Lenovo
2016-02-24 11:57 - 2016-02-24 11:57 - 00000000 ___HD C:\OneDriveTemp
2016-02-24 11:57 - 2016-02-24 11:57 - 00000000 ____D C:\Users\Michal\AppData\Local\DropboxOEM
2016-02-24 11:56 - 2016-02-24 11:56 - 00000000 ____D C:\Users\Michal\OneDrive
2016-02-24 11:56 - 2016-02-24 11:56 - 00000000 ____D C:\Users\Michal\AppData\Local\GWX
2016-02-24 11:55 - 2016-02-24 11:55 - 00000000 ____D C:\Users\Michal\Documents\Bluetooth Exchange Folder
2016-02-24 11:55 - 2016-02-24 11:55 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-02-24 11:55 - 2016-02-24 11:55 - 00000000 ____D C:\Users\Michal\AppData\Local\Broadcom
2016-02-24 11:54 - 2016-02-24 11:56 - 00000000 ____D C:\Users\Michal\AppData\Local\PackageStaging
2016-02-24 11:54 - 2016-02-24 11:54 - 00000000 ____D C:\windows\System32\Tasks\WPD
2016-02-24 11:54 - 2016-02-24 11:54 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Macromedia
2016-02-24 11:53 - 2016-02-24 11:56 - 00000000 ____D C:\Users\Michal\AppData\Local\Packages
2016-02-24 11:53 - 2016-02-24 11:54 - 00000000 ____D C:\Users\Michal\AppData\Local\NVIDIA Corporation
2016-02-24 11:53 - 2016-02-24 11:53 - 00001453 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-24 11:53 - 2016-02-24 11:53 - 00000000 __SHD C:\Users\Michal\IntelGraphicsProfiles
2016-02-24 11:53 - 2016-02-24 11:53 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Adobe
2016-02-24 11:53 - 2016-02-24 11:53 - 00000000 ____D C:\Users\Michal\AppData\Local\VirtualStore
2016-02-24 11:53 - 2016-02-24 11:53 - 00000000 ____D C:\Users\Michal\AppData\Local\NVIDIA
2016-02-24 11:52 - 2016-02-24 11:52 - 00000118 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-24 11:51 - 2016-02-24 11:55 - 00000000 ___SD C:\windows\system32\GWX
2016-02-24 11:51 - 2016-02-24 11:51 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-02-24 11:49 - 2016-02-24 11:55 - 00000000 ____D C:\Users\Michal\AppData\Local\Pokki
2016-02-24 11:49 - 2016-02-24 11:49 - 00000020 ___SH C:\Users\Michal\ntuser.ini
2016-02-24 11:49 - 2016-02-24 11:49 - 00000000 _SHDL C:\Users\Michal\My Documents
2016-02-24 11:49 - 2016-02-24 11:49 - 00000000 _SHDL C:\Users\Michal\Documents\My Videos
2016-02-24 11:49 - 2016-02-24 11:49 - 00000000 _SHDL C:\Users\Michal\Documents\My Pictures
2016-02-24 11:49 - 2016-02-24 11:49 - 00000000 _SHDL C:\Users\Michal\Documents\My Music
2016-02-24 11:49 - 2015-11-14 15:50 - 00133248 _____ (Microsoft Corporation) C:\windows\system32\RestoreOptIn.exe
2016-02-24 11:49 - 2015-11-14 15:50 - 00114160 _____ (Microsoft Corporation) C:\windows\SysWOW64\RestoreOptIn.exe
2016-02-24 11:49 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-02-24 11:49 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-02-24 11:49 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-02-24 11:49 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-02-24 11:49 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2016-02-24 11:49 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-02-24 11:49 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-02-24 11:49 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-02-24 11:49 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-02-24 11:49 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-02-24 11:49 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-02-24 11:49 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-02-24 11:49 - 2015-08-11 03:47 - 02757072 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-02-24 11:49 - 2015-08-11 03:47 - 02414096 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-02-24 11:49 - 2015-07-09 19:40 - 00359936 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-02-24 11:49 - 2015-06-27 04:08 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-02-24 11:49 - 2015-06-27 04:08 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-02-24 11:49 - 2015-06-27 03:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-02-24 11:49 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-02-24 11:49 - 2015-03-09 04:53 - 00000187 _____ C:\Users\Michal\Desktop\Google Play Music.url
2016-02-24 11:49 - 2015-03-09 04:51 - 00000126 _____ C:\Users\Michal\Desktop\Adobe Photo Offer.url
2016-02-24 11:49 - 2014-11-21 05:52 - 00000369 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-02-24 11:49 - 2014-11-21 05:52 - 00000369 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-02-24 11:49 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
2016-02-24 11:49 - 2014-03-26 11:21 - 00000190 _____ C:\Users\Michal\Desktop\FREE CALLS with Voxox.url
2016-02-24 11:48 - 2016-02-24 11:56 - 00000000 ____D C:\Users\Michal
2016-02-24 11:45 - 2016-02-24 11:45 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-24 05:11 - 2016-02-24 05:11 - 00019771 _____ C:\Users\Michal\Downloads\FRST.txt
2016-02-24 05:11 - 2016-02-24 05:11 - 00000000 ____D C:\FRST
2016-02-24 05:10 - 2016-02-24 05:10 - 02371072 _____ (Farbar) C:\Users\Michal\Downloads\FRST64.exe
2016-02-24 05:10 - 2016-02-24 05:10 - 02371072 _____ (Farbar) C:\Users\Michal\Downloads\FRST64 (1).exe
2016-02-24 05:07 - 2016-02-24 05:07 - 00002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-24 05:07 - 2016-02-24 05:07 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-24 05:06 - 2016-02-24 05:11 - 00000968 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-24 05:06 - 2016-02-24 05:11 - 00000964 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-24 05:06 - 2016-02-24 05:07 - 00000000 ____D C:\Users\Michal\AppData\Local\Google
2016-02-24 05:06 - 2016-02-24 05:07 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-24 05:06 - 2016-02-24 05:06 - 00003940 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-24 05:06 - 2016-02-24 05:06 - 00003704 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-24 05:06 - 2016-02-24 05:06 - 00000000 ____D C:\Users\Michal\AppData\Local\Deployment
2016-02-24 05:06 - 2016-02-24 05:06 - 00000000 ____D C:\Users\Michal\AppData\Local\Apps\2.0
2016-02-24 05:04 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\LocalLow\EmieUserList
2016-02-24 05:04 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\LocalLow\EmieBrowserModeList
2016-02-24 05:04 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\Local\EmieUserList
2016-02-24 05:04 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\Local\EmieSiteList
2016-02-24 05:04 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\Local\EmieBrowserModeList
2016-02-24 05:03 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\LocalLow\EmieSiteList
2016-02-24 05:03 - 2016-02-24 05:03 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{EA432727-5BC4-454E-8FE2-D72A3557450F}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-24 12:32 - 2013-08-22 16:36 - 00262144 _____ C:\windows\system32\config\BCD-Template
2016-02-24 12:00 - 2015-03-09 04:54 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2016-02-24 11:58 - 2015-03-09 04:49 - 00000000 ____D C:\ProgramData\Lenovo
2016-02-24 11:57 - 2015-03-09 05:09 - 00000000 ____D C:\ProgramData\Energy Manager
2016-02-24 11:57 - 2015-03-09 04:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-02-24 11:57 - 2015-03-09 04:38 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-02-24 11:56 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-24 11:56 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2016-02-24 11:55 - 2015-03-09 04:57 - 00000000 ____D C:\ProgramData\McAfee
2016-02-24 11:53 - 2014-12-10 02:49 - 00000000 ____D C:\windows\Panther
2016-02-24 11:52 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-24 11:51 - 2015-03-09 04:55 - 00002560 _____ C:\windows\system32\VfService.trf
2016-02-24 11:51 - 2013-08-22 15:44 - 00346656 _____ C:\windows\system32\FNTCACHE.DAT
2016-02-24 11:51 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-02-24 11:50 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2016-02-24 11:50 - 2013-08-22 14:36 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2016-02-24 11:45 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2016-02-24 05:07 - 2015-03-09 03:49 - 00739908 _____ C:\windows\system32\perfh005.dat
2016-02-24 05:07 - 2015-03-09 03:49 - 00151614 _____ C:\windows\system32\perfc005.dat
2016-02-24 05:07 - 2014-11-21 05:44 - 01745984 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-24 05:07 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2016-02-24 05:06 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness

==================== Files in the root of some directories =======

2015-03-09 04:35 - 2015-03-09 04:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-09 04:00

==================== End of FRST.txt ============================

[killghostik]

tady druhý, po tom co mi společnost norton přes vzdálenou pomoc udělali kontrolu PC

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
Ran by Michal (administrator) on GHOSTIK (24-02-2016 17:04:10)
Running from C:\Users\Michal\Downloads
Loaded Profiles: Michal (Available Profiles: Michal)
Platform: Windows 8.1 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Farbar) C:\Users\Michal\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-06-10] (Realtek semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-03-09] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16093512 2015-03-09] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [8235848 2015-03-09] (Lenovo(beijing) Limited)
HKU\S-1-5-21-4214841829-689274777-3306210627-1001\...\Run: [Pokki] => C:\Users\Michal\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe [6513480 2014-10-11] (Pokki)
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-09-26] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [106304 2014-09-26] (Amazon Inc.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-03-09]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2E71816C-9EEB-472F-A344-19B3F1D1EF1C}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-4214841829-689274777-3306210627-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4214841829-689274777-3306210627-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4214841829-689274777-3306210627-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-4214841829-689274777-3306210627-1001 -> DefaultScope {CBF10E4D-242D-40A8-8DE8-D97FD91BFB37} URL =
SearchScopes: HKU\S-1-5-21-4214841829-689274777-3306210627-1001 -> {CBF10E4D-242D-40A8-8DE8-D97FD91BFB37} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-24] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon [2016-02-24]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon

Chrome:
=======
CHR NewTab: Default -> "chrome-extension://ejbdobdndcjhdmljipngpeoekdinlohe/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-24]
CHR Extension: (Dokumenty Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-24]
CHR Extension: (Disk Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-02-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-02-24]
CHR Extension: (Tabulky Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-02-24]
CHR Extension: (Norton Safe) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-02-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-24]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-02-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-02-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 0260891456304788mcinstcleanup; C:\Users\Michal\AppData\Local\Temp\026089~1.EXE [918056 2015-11-27] (McAfee, Inc.)
S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [980224 2014-12-05] (Broadcom Corporation.)
S4 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] ()
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-11-21] (Intel Corporation)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S4 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (Lenovo)
S4 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S4 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2015-03-09] (Lenovo(beijing) Limited)
S4 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-03-09] (Lenovo(beijing) Limited)
S4 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
S4 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [2451880 2016-02-24] (Maxthon)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S4 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-26] (PointGrab LTD)
S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-26] (PointGrab LTD)
S4 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-03-09] (Lenovo)
S4 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2015-03-09] (Lenovo)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S4 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2015-03-09] (Lenovo)
S4 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2015-03-09] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7592664 2014-12-05] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160213.003\BHDrvx64.sys [1665608 2016-02-12] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-02-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-02-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160223.001\IDSvia64.sys [767224 2016-02-23] (Symantec Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160223.033\ENG64.SYS [138488 2015-10-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160223.033\EX64.SYS [2148080 2015-10-16] (Symantec Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9121496 2014-06-10] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-03-07] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [928496 2015-11-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-12] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605050.00F\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-02-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [577768 2015-11-12] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-11-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-11-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-24 12:32 - 2016-02-24 12:32 - 00000000 _____ C:\Recovery.txt
2016-02-24 12:02 - 2016-02-24 10:19 - 00001279 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2016-02-24 12:02 - 2016-02-24 10:19 - 00000000 ____D C:\ProgramData\LU
2016-02-24 12:00 - 2016-02-24 17:04 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4214841829-689274777-3306210627-1001
2016-02-24 11:58 - 2016-02-24 12:01 - 00000000 ____D C:\Users\Michal\AppData\Local\Lenovo
2016-02-24 11:57 - 2016-02-24 11:57 - 00000000 ____D C:\Users\Michal\AppData\Local\DropboxOEM
2016-02-24 11:56 - 2016-02-24 17:00 - 00000000 ___RD C:\Users\Michal\OneDrive
2016-02-24 11:56 - 2016-02-24 11:56 - 00000000 ____D C:\Users\Michal\AppData\Local\GWX
2016-02-24 11:55 - 2016-02-24 11:55 - 00000000 ____D C:\Users\Michal\Documents\Bluetooth Exchange Folder
2016-02-24 11:55 - 2016-02-24 11:55 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-02-24 11:55 - 2016-02-24 11:55 - 00000000 ____D C:\Users\Michal\AppData\Local\Broadcom
2016-02-24 11:54 - 2016-02-24 11:56 - 00000000 ____D C:\Users\Michal\AppData\Local\PackageStaging
2016-02-24 11:54 - 2016-02-24 11:54 - 00000000 ____D C:\windows\System32\Tasks\WPD
2016-02-24 11:54 - 2016-02-24 11:54 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Macromedia
2016-02-24 11:53 - 2016-02-24 11:56 - 00000000 ____D C:\Users\Michal\AppData\Local\Packages
2016-02-24 11:53 - 2016-02-24 11:54 - 00000000 ____D C:\Users\Michal\AppData\Local\NVIDIA Corporation
2016-02-24 11:53 - 2016-02-24 11:53 - 00001453 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-24 11:53 - 2016-02-24 11:53 - 00000000 __SHD C:\Users\Michal\IntelGraphicsProfiles
2016-02-24 11:53 - 2016-02-24 11:53 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Adobe
2016-02-24 11:53 - 2016-02-24 11:53 - 00000000 ____D C:\Users\Michal\AppData\Local\VirtualStore
2016-02-24 11:53 - 2016-02-24 11:53 - 00000000 ____D C:\Users\Michal\AppData\Local\NVIDIA
2016-02-24 11:52 - 2016-02-24 11:52 - 00000118 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-24 11:51 - 2016-02-24 11:55 - 00000000 ___SD C:\windows\system32\GWX
2016-02-24 11:51 - 2016-02-24 11:51 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-02-24 11:49 - 2016-02-24 11:49 - 00000020 ___SH C:\Users\Michal\ntuser.ini
2016-02-24 11:49 - 2016-02-24 11:49 - 00000000 _SHDL C:\Users\Michal\My Documents
2016-02-24 11:49 - 2016-02-24 11:49 - 00000000 _SHDL C:\Users\Michal\Documents\My Videos
2016-02-24 11:49 - 2016-02-24 11:49 - 00000000 _SHDL C:\Users\Michal\Documents\My Pictures
2016-02-24 11:49 - 2016-02-24 11:49 - 00000000 _SHDL C:\Users\Michal\Documents\My Music
2016-02-24 11:49 - 2016-02-24 05:50 - 00000000 ____D C:\Users\Michal\AppData\Local\Pokki
2016-02-24 11:49 - 2015-11-14 15:50 - 00133248 _____ (Microsoft Corporation) C:\windows\system32\RestoreOptIn.exe
2016-02-24 11:49 - 2015-11-14 15:50 - 00114160 _____ (Microsoft Corporation) C:\windows\SysWOW64\RestoreOptIn.exe
2016-02-24 11:49 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-02-24 11:49 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-02-24 11:49 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-02-24 11:49 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-02-24 11:49 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2016-02-24 11:49 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-02-24 11:49 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-02-24 11:49 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-02-24 11:49 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-02-24 11:49 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-02-24 11:49 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-02-24 11:49 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-02-24 11:49 - 2015-08-11 03:47 - 02757072 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-02-24 11:49 - 2015-08-11 03:47 - 02414096 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-02-24 11:49 - 2015-07-09 19:40 - 00359936 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-02-24 11:49 - 2015-06-27 04:08 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-02-24 11:49 - 2015-06-27 04:08 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-02-24 11:49 - 2015-06-27 03:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-02-24 11:49 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-02-24 11:49 - 2015-03-09 04:53 - 00000187 _____ C:\Users\Michal\Desktop\Google Play Music.url
2016-02-24 11:49 - 2015-03-09 04:51 - 00000126 _____ C:\Users\Michal\Desktop\Adobe Photo Offer.url
2016-02-24 11:49 - 2014-11-21 05:52 - 00000369 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-02-24 11:49 - 2014-11-21 05:52 - 00000369 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-02-24 11:49 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
2016-02-24 11:49 - 2014-03-26 11:21 - 00000190 _____ C:\Users\Michal\Desktop\FREE CALLS with Voxox.url
2016-02-24 11:48 - 2016-02-24 10:35 - 00000000 ____D C:\Users\Michal
2016-02-24 11:45 - 2016-02-24 11:45 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-24 10:54 - 2016-02-24 10:54 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-02-24 10:48 - 2016-02-24 10:48 - 00000000 ____D C:\windows\System32\Tasks\Norton Internet Security
2016-02-24 10:47 - 2016-02-24 10:47 - 00003234 _____ C:\windows\System32\Tasks\Norton WSC Integration
2016-02-24 10:36 - 2016-02-24 10:48 - 00003286 _____ C:\windows\ntbtlog.txt
2016-02-24 10:36 - 2016-02-24 10:47 - 00002450 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2016-02-24 10:36 - 2016-02-24 10:36 - 00111344 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2016-02-24 10:36 - 2016-02-24 10:36 - 00008214 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2016-02-24 10:36 - 2016-02-24 10:36 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-02-24 10:35 - 2016-02-24 10:48 - 00000000 ____D C:\windows\system32\Drivers\NISx64
2016-02-24 10:35 - 2016-02-24 10:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-02-24 10:35 - 2016-02-24 10:35 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2016-02-24 10:34 - 2016-02-24 10:34 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-02-24 10:34 - 2016-02-24 10:34 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-02-24 10:24 - 2016-02-24 10:24 - 00034304 ___SH C:\Users\Michal\Desktop\Thumbs.db
2016-02-24 10:24 - 2016-02-24 10:24 - 00001285 _____ C:\Users\Michal\Desktop\Norton Installation Files.lnk
2016-02-24 10:24 - 2016-02-24 10:24 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-02-24 10:23 - 2016-02-24 10:24 - 01110720 _____ (Symantec Corporation) C:\Users\Michal\Downloads\NortonNISDownloader.exe
2016-02-24 10:12 - 2016-02-24 10:12 - 00000000 ____D C:\Users\Michal\AppData\Local\CrashDumps
2016-02-24 10:01 - 2016-02-24 10:01 - 00000248 _____ C:\rescue.info
2016-02-24 09:59 - 2016-02-24 09:59 - 01857576 _____ (LogMeIn, Inc.) C:\Users\Michal\Downloads\Support-LogMeInRescue.exe
2016-02-24 09:59 - 2016-02-24 09:59 - 00002277 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2016-02-24 09:53 - 2016-02-24 09:53 - 00000000 ____D C:\NPE
2016-02-24 09:52 - 2016-02-24 10:38 - 00000000 ____D C:\ProgramData\Norton
2016-02-24 09:52 - 2016-02-24 10:11 - 00000000 ____D C:\Users\Michal\AppData\Local\NPE
2016-02-24 09:51 - 2016-02-24 09:51 - 10107368 _____ (Symantec Corporation) C:\Users\Michal\Downloads\NPE.exe
2016-02-24 08:19 - 2016-02-24 08:19 - 00007604 _____ C:\Users\Michal\AppData\Local\Resmon.ResmonCfg
2016-02-24 08:06 - 2016-02-24 08:06 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2016-02-24 05:51 - 2016-02-24 05:51 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Maxthon3
2016-02-24 05:50 - 2016-02-24 05:50 - 00000000 ____D C:\Users\Public\Pokki
2016-02-24 05:32 - 2016-02-24 10:07 - 00000000 ____D C:\windows\System32\Tasks\McAfee
2016-02-24 05:32 - 2016-02-24 05:32 - 00000000 ____D C:\Users\Michal\Downloads\Kaspersky Rescue2Usb
2016-02-24 05:28 - 2016-02-24 10:54 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-24 05:17 - 2016-02-24 05:20 - 281442304 _____ C:\Users\Michal\Downloads\kav_rescue_10.iso
2016-02-24 05:17 - 2016-02-24 05:17 - 00387584 _____ C:\Users\Michal\Downloads\rescue2usb.exe
2016-02-24 05:12 - 2016-02-24 05:12 - 00023296 _____ C:\Users\Michal\Downloads\Addition.txt
2016-02-24 05:11 - 2016-02-24 17:04 - 00018199 _____ C:\Users\Michal\Downloads\FRST.txt
2016-02-24 05:11 - 2016-02-24 17:04 - 00000000 ____D C:\FRST
2016-02-24 05:10 - 2016-02-24 05:10 - 02371072 _____ (Farbar) C:\Users\Michal\Downloads\FRST64 (1).exe
2016-02-24 05:07 - 2016-02-24 05:07 - 00002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-24 05:07 - 2016-02-24 05:07 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-24 05:06 - 2016-02-24 17:00 - 00000964 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-24 05:06 - 2016-02-24 11:11 - 00000968 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-24 05:06 - 2016-02-24 05:07 - 00000000 ____D C:\Users\Michal\AppData\Local\Google
2016-02-24 05:06 - 2016-02-24 05:07 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-24 05:06 - 2016-02-24 05:06 - 00003940 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-24 05:06 - 2016-02-24 05:06 - 00003704 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-24 05:06 - 2016-02-24 05:06 - 00000000 ____D C:\Users\Michal\AppData\Local\Deployment
2016-02-24 05:06 - 2016-02-24 05:06 - 00000000 ____D C:\Users\Michal\AppData\Local\Apps\2.0
2016-02-24 05:04 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\LocalLow\EmieUserList
2016-02-24 05:04 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\LocalLow\EmieBrowserModeList
2016-02-24 05:04 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\Local\EmieUserList
2016-02-24 05:04 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\Local\EmieSiteList
2016-02-24 05:04 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\Local\EmieBrowserModeList
2016-02-24 05:03 - 2016-02-24 11:03 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{EA432727-5BC4-454E-8FE2-D72A3557450F}
2016-02-24 05:03 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\LocalLow\EmieSiteList

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-24 17:00 - 2015-03-09 03:49 - 00739908 _____ C:\windows\system32\perfh005.dat
2016-02-24 17:00 - 2015-03-09 03:49 - 00151614 _____ C:\windows\system32\perfc005.dat
2016-02-24 17:00 - 2014-11-21 05:44 - 01745984 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-24 17:00 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2016-02-24 12:32 - 2013-08-22 16:36 - 00262144 _____ C:\windows\system32\config\BCD-Template
2016-02-24 11:58 - 2015-03-09 04:49 - 00000000 ____D C:\ProgramData\Lenovo
2016-02-24 11:57 - 2015-03-09 05:09 - 00000000 ____D C:\ProgramData\Energy Manager
2016-02-24 11:57 - 2015-03-09 04:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-02-24 11:57 - 2015-03-09 04:38 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-02-24 11:56 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-24 11:53 - 2014-12-10 02:49 - 00000000 ____D C:\windows\Panther
2016-02-24 11:51 - 2013-08-22 15:44 - 00346656 _____ C:\windows\system32\FNTCACHE.DAT
2016-02-24 11:50 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2016-02-24 11:50 - 2013-08-22 14:36 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2016-02-24 11:45 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2016-02-24 11:29 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-24 11:20 - 2013-08-22 16:36 - 00000000 ___HD C:\windows\ELAMBKUP
2016-02-24 11:19 - 2015-03-09 04:55 - 00002560 _____ C:\windows\system32\VfService.trf
2016-02-24 10:45 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2016-02-24 10:09 - 2015-03-09 04:57 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-02-24 10:08 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-02-24 07:58 - 2015-03-09 04:54 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2016-02-24 05:06 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness

==================== Files in the root of some directories =======

2016-02-24 08:19 - 2016-02-24 08:19 - 0007604 _____ () C:\Users\Michal\AppData\Local\Resmon.ResmonCfg
2015-03-09 04:35 - 2015-03-09 04:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Michal\AppData\Local\Temp\0260891456304788mcinst.exe
C:\Users\Michal\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Michal\AppData\Local\Temp\mccspuninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-24 11:11

==================== End of FRST.txt ============================

[motji]

Ještě poprosím o druhý log z Frstu. mrknu zítra ráno:)

[killghostik]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by Michal (administrator) on GHOSTIK (24-02-2016 19:57:50)
Running from C:\Users\Michal\Downloads
Loaded Profiles: Michal (Available Profiles: Michal)
Platform: Windows 8.1 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-06-10] (Realtek semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-03-09] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16093512 2015-03-09] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [8235848 2015-03-09] (Lenovo(beijing) Limited)
HKU\S-1-5-21-4214841829-689274777-3306210627-1001\...\Run: [Pokki] => C:\Users\Michal\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe [6513480 2014-10-11] (Pokki)
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-09-26] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [106304 2014-09-26] (Amazon Inc.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-03-09]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2E71816C-9EEB-472F-A344-19B3F1D1EF1C}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-4214841829-689274777-3306210627-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4214841829-689274777-3306210627-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-4214841829-689274777-3306210627-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-4214841829-689274777-3306210627-1001 -> DefaultScope {CBF10E4D-242D-40A8-8DE8-D97FD91BFB37} URL =
SearchScopes: HKU\S-1-5-21-4214841829-689274777-3306210627-1001 -> {CBF10E4D-242D-40A8-8DE8-D97FD91BFB37} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-24] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon [2016-02-24]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon

Chrome:
=======
CHR NewTab: Default -> "chrome-extension://ejbdobdndcjhdmljipngpeoekdinlohe/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=apn10506&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-24]
CHR Extension: (Dokumenty Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-24]
CHR Extension: (Disk Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-02-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-02-24]
CHR Extension: (Tabulky Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-24]
CHR Extension: (Norton Identity Safe) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-02-24]
CHR Extension: (Norton Safe) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-02-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-24]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-02-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-02-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 0260891456304788mcinstcleanup; C:\Users\Michal\AppData\Local\Temp\026089~1.EXE [918056 2015-11-27] (McAfee, Inc.)
S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [980224 2014-12-05] (Broadcom Corporation.)
S4 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] ()
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-11-21] (Intel Corporation)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S4 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (Lenovo)
S4 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S4 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2015-03-09] (Lenovo(beijing) Limited)
S4 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-03-09] (Lenovo(beijing) Limited)
S4 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
S4 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [2451880 2016-02-24] (Maxthon)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S4 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-26] (PointGrab LTD)
S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-26] (PointGrab LTD)
S4 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-03-09] (Lenovo)
S4 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2015-03-09] (Lenovo)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S4 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2015-03-09] (Lenovo)
S4 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2015-03-09] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7592664 2014-12-05] (Broadcom Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160213.003\BHDrvx64.sys [1665608 2016-02-12] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-02-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-02-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160223.001\IDSvia64.sys [767224 2016-02-23] (Symantec Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160223.033\ENG64.SYS [138488 2015-10-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160223.033\EX64.SYS [2148080 2015-10-16] (Symantec Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9121496 2014-06-10] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-03-07] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [928496 2015-11-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-12] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605050.00F\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-02-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [577768 2015-11-12] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-11-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-11-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-24 19:56 - 2016-02-24 19:56 - 02371072 _____ (Farbar) C:\Users\Michal\Downloads\FRST64.exe
2016-02-24 17:18 - 2016-02-24 17:18 - 01483336 _____ (Microsoft Corporation) C:\Users\Michal\Downloads\mediacreationtool.exe
2016-02-24 12:32 - 2016-02-24 12:32 - 00000000 _____ C:\Recovery.txt
2016-02-24 12:02 - 2016-02-24 10:19 - 00001279 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2016-02-24 12:02 - 2016-02-24 10:19 - 00000000 ____D C:\ProgramData\LU
2016-02-24 12:00 - 2016-02-24 19:55 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4214841829-689274777-3306210627-1001
2016-02-24 11:58 - 2016-02-24 12:01 - 00000000 ____D C:\Users\Michal\AppData\Local\Lenovo
2016-02-24 11:57 - 2016-02-24 11:57 - 00000000 ____D C:\Users\Michal\AppData\Local\DropboxOEM
2016-02-24 11:56 - 2016-02-24 19:51 - 00000000 ___RD C:\Users\Michal\OneDrive
2016-02-24 11:56 - 2016-02-24 11:56 - 00000000 ____D C:\Users\Michal\AppData\Local\GWX
2016-02-24 11:55 - 2016-02-24 11:55 - 00000000 ____D C:\Users\Michal\Documents\Bluetooth Exchange Folder
2016-02-24 11:55 - 2016-02-24 11:55 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-02-24 11:55 - 2016-02-24 11:55 - 00000000 ____D C:\Users\Michal\AppData\Local\Broadcom
2016-02-24 11:54 - 2016-02-24 11:56 - 00000000 ____D C:\Users\Michal\AppData\Local\PackageStaging
2016-02-24 11:54 - 2016-02-24 11:54 - 00000000 ____D C:\windows\System32\Tasks\WPD
2016-02-24 11:54 - 2016-02-24 11:54 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Macromedia
2016-02-24 11:53 - 2016-02-24 11:56 - 00000000 ____D C:\Users\Michal\AppData\Local\Packages
2016-02-24 11:53 - 2016-02-24 11:54 - 00000000 ____D C:\Users\Michal\AppData\Local\NVIDIA Corporation
2016-02-24 11:53 - 2016-02-24 11:53 - 00001453 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-24 11:53 - 2016-02-24 11:53 - 00000000 __SHD C:\Users\Michal\IntelGraphicsProfiles
2016-02-24 11:53 - 2016-02-24 11:53 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Adobe
2016-02-24 11:53 - 2016-02-24 11:53 - 00000000 ____D C:\Users\Michal\AppData\Local\VirtualStore
2016-02-24 11:53 - 2016-02-24 11:53 - 00000000 ____D C:\Users\Michal\AppData\Local\NVIDIA
2016-02-24 11:52 - 2016-02-24 11:52 - 00000118 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-24 11:51 - 2016-02-24 11:55 - 00000000 ___SD C:\windows\system32\GWX
2016-02-24 11:51 - 2016-02-24 11:51 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-02-24 11:49 - 2016-02-24 11:49 - 00000020 ___SH C:\Users\Michal\ntuser.ini
2016-02-24 11:49 - 2016-02-24 11:49 - 00000000 _SHDL C:\Users\Michal\My Documents
2016-02-24 11:49 - 2016-02-24 11:49 - 00000000 _SHDL C:\Users\Michal\Documents\My Videos
2016-02-24 11:49 - 2016-02-24 11:49 - 00000000 _SHDL C:\Users\Michal\Documents\My Pictures
2016-02-24 11:49 - 2016-02-24 11:49 - 00000000 _SHDL C:\Users\Michal\Documents\My Music
2016-02-24 11:49 - 2016-02-24 05:50 - 00000000 ____D C:\Users\Michal\AppData\Local\Pokki
2016-02-24 11:49 - 2015-11-14 15:50 - 00133248 _____ (Microsoft Corporation) C:\windows\system32\RestoreOptIn.exe
2016-02-24 11:49 - 2015-11-14 15:50 - 00114160 _____ (Microsoft Corporation) C:\windows\SysWOW64\RestoreOptIn.exe
2016-02-24 11:49 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-02-24 11:49 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-02-24 11:49 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-02-24 11:49 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-02-24 11:49 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2016-02-24 11:49 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-02-24 11:49 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-02-24 11:49 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-02-24 11:49 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-02-24 11:49 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-02-24 11:49 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-02-24 11:49 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-02-24 11:49 - 2015-08-11 03:47 - 02757072 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-02-24 11:49 - 2015-08-11 03:47 - 02414096 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-02-24 11:49 - 2015-07-09 19:40 - 00359936 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-02-24 11:49 - 2015-06-27 04:08 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-02-24 11:49 - 2015-06-27 04:08 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-02-24 11:49 - 2015-06-27 03:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-02-24 11:49 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-02-24 11:49 - 2015-03-09 04:53 - 00000187 _____ C:\Users\Michal\Desktop\Google Play Music.url
2016-02-24 11:49 - 2015-03-09 04:51 - 00000126 _____ C:\Users\Michal\Desktop\Adobe Photo Offer.url
2016-02-24 11:49 - 2014-11-21 05:52 - 00000369 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-02-24 11:49 - 2014-11-21 05:52 - 00000369 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-02-24 11:49 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
2016-02-24 11:49 - 2014-03-26 11:21 - 00000190 _____ C:\Users\Michal\Desktop\FREE CALLS with Voxox.url
2016-02-24 11:48 - 2016-02-24 10:35 - 00000000 ____D C:\Users\Michal
2016-02-24 11:45 - 2016-02-24 11:45 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-24 10:54 - 2016-02-24 10:54 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-02-24 10:48 - 2016-02-24 10:48 - 00000000 ____D C:\windows\System32\Tasks\Norton Internet Security
2016-02-24 10:47 - 2016-02-24 10:47 - 00003234 _____ C:\windows\System32\Tasks\Norton WSC Integration
2016-02-24 10:36 - 2016-02-24 10:48 - 00003286 _____ C:\windows\ntbtlog.txt
2016-02-24 10:36 - 2016-02-24 10:36 - 00111344 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2016-02-24 10:36 - 2016-02-24 10:36 - 00008214 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2016-02-24 10:36 - 2016-02-24 10:36 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-02-24 10:35 - 2016-02-24 10:48 - 00000000 ____D C:\windows\system32\Drivers\NISx64
2016-02-24 10:35 - 2016-02-24 10:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-02-24 10:35 - 2016-02-24 10:35 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2016-02-24 10:34 - 2016-02-24 10:34 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-02-24 10:34 - 2016-02-24 10:34 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-02-24 10:24 - 2016-02-24 10:24 - 00034304 ___SH C:\Users\Michal\Desktop\Thumbs.db
2016-02-24 10:24 - 2016-02-24 10:24 - 00001285 _____ C:\Users\Michal\Desktop\Norton Installation Files.lnk
2016-02-24 10:24 - 2016-02-24 10:24 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-02-24 10:23 - 2016-02-24 10:24 - 01110720 _____ (Symantec Corporation) C:\Users\Michal\Downloads\NortonNISDownloader.exe
2016-02-24 10:12 - 2016-02-24 10:12 - 00000000 ____D C:\Users\Michal\AppData\Local\CrashDumps
2016-02-24 10:01 - 2016-02-24 10:01 - 00000248 _____ C:\rescue.info
2016-02-24 09:59 - 2016-02-24 09:59 - 01857576 _____ (LogMeIn, Inc.) C:\Users\Michal\Downloads\Support-LogMeInRescue.exe
2016-02-24 09:59 - 2016-02-24 09:59 - 00002277 _____ C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec.lnk
2016-02-24 09:53 - 2016-02-24 09:53 - 00000000 ____D C:\NPE
2016-02-24 09:52 - 2016-02-24 17:40 - 00000000 ____D C:\Users\Michal\AppData\Local\NPE
2016-02-24 09:52 - 2016-02-24 10:38 - 00000000 ____D C:\ProgramData\Norton
2016-02-24 09:51 - 2016-02-24 09:51 - 10107368 _____ (Symantec Corporation) C:\Users\Michal\Downloads\NPE.exe
2016-02-24 08:19 - 2016-02-24 08:19 - 00007604 _____ C:\Users\Michal\AppData\Local\Resmon.ResmonCfg
2016-02-24 08:06 - 2016-02-24 08:06 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2016-02-24 05:51 - 2016-02-24 05:51 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Maxthon3
2016-02-24 05:50 - 2016-02-24 05:50 - 00000000 ____D C:\Users\Public\Pokki
2016-02-24 05:32 - 2016-02-24 10:07 - 00000000 ____D C:\windows\System32\Tasks\McAfee
2016-02-24 05:32 - 2016-02-24 05:32 - 00000000 ____D C:\Users\Michal\Downloads\Kaspersky Rescue2Usb
2016-02-24 05:28 - 2016-02-24 10:54 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-24 05:17 - 2016-02-24 05:20 - 281442304 _____ C:\Users\Michal\Downloads\kav_rescue_10.iso
2016-02-24 05:17 - 2016-02-24 05:17 - 00387584 _____ C:\Users\Michal\Downloads\rescue2usb.exe
2016-02-24 05:12 - 2016-02-24 05:12 - 00023296 _____ C:\Users\Michal\Downloads\Addition.txt
2016-02-24 05:11 - 2016-02-24 19:57 - 00018818 _____ C:\Users\Michal\Downloads\FRST.txt
2016-02-24 05:11 - 2016-02-24 19:57 - 00000000 ____D C:\FRST
2016-02-24 05:07 - 2016-02-24 05:07 - 00002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-24 05:06 - 2016-02-24 19:51 - 00000964 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-24 05:06 - 2016-02-24 17:11 - 00000968 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-24 05:06 - 2016-02-24 17:11 - 00000000 ____D C:\Users\Michal\AppData\Local\Google
2016-02-24 05:06 - 2016-02-24 05:07 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-24 05:06 - 2016-02-24 05:06 - 00003940 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-24 05:06 - 2016-02-24 05:06 - 00003704 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-24 05:06 - 2016-02-24 05:06 - 00000000 ____D C:\Users\Michal\AppData\Local\Deployment
2016-02-24 05:06 - 2016-02-24 05:06 - 00000000 ____D C:\Users\Michal\AppData\Local\Apps\2.0
2016-02-24 05:04 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\LocalLow\EmieUserList
2016-02-24 05:04 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\LocalLow\EmieBrowserModeList
2016-02-24 05:04 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\Local\EmieUserList
2016-02-24 05:04 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\Local\EmieSiteList
2016-02-24 05:04 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\Local\EmieBrowserModeList
2016-02-24 05:03 - 2016-02-24 17:30 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{EA432727-5BC4-454E-8FE2-D72A3557450F}
2016-02-24 05:03 - 2016-02-24 05:04 - 00000000 __SHD C:\Users\Michal\AppData\LocalLow\EmieSiteList

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-24 19:51 - 2015-03-09 03:49 - 00739908 _____ C:\windows\system32\perfh005.dat
2016-02-24 19:51 - 2015-03-09 03:49 - 00151614 _____ C:\windows\system32\perfc005.dat
2016-02-24 19:51 - 2014-11-21 05:44 - 01745984 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-24 17:40 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2016-02-24 17:39 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-24 17:39 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-02-24 12:32 - 2013-08-22 16:36 - 00262144 _____ C:\windows\system32\config\BCD-Template
2016-02-24 11:58 - 2015-03-09 04:49 - 00000000 ____D C:\ProgramData\Lenovo
2016-02-24 11:57 - 2015-03-09 05:09 - 00000000 ____D C:\ProgramData\Energy Manager
2016-02-24 11:57 - 2015-03-09 04:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-02-24 11:57 - 2015-03-09 04:38 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-02-24 11:56 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-24 11:53 - 2014-12-10 02:49 - 00000000 ____D C:\windows\Panther
2016-02-24 11:51 - 2013-08-22 15:44 - 00346656 _____ C:\windows\system32\FNTCACHE.DAT
2016-02-24 11:50 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2016-02-24 11:50 - 2013-08-22 14:36 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2016-02-24 11:45 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2016-02-24 11:20 - 2013-08-22 16:36 - 00000000 ___HD C:\windows\ELAMBKUP
2016-02-24 11:19 - 2015-03-09 04:55 - 00002560 _____ C:\windows\system32\VfService.trf
2016-02-24 10:45 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2016-02-24 10:09 - 2015-03-09 04:57 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-02-24 07:58 - 2015-03-09 04:54 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2016-02-24 05:06 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness

==================== Files in the root of some directories =======

2016-02-24 08:19 - 2016-02-24 08:19 - 0007604 _____ () C:\Users\Michal\AppData\Local\Resmon.ResmonCfg
2015-03-09 04:35 - 2015-03-09 04:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Michal\AppData\Local\Temp\0260891456304788mcinst.exe
C:\Users\Michal\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Michal\AppData\Local\Temp\mccspuninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-24 11:11

==================== End of FRST.txt ============================

[killghostik]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-02-2016
Ran by Michal (2016-02-24 20:01:21)
Running from C:\Users\Michal\Downloads
Windows 8.1 (X64) (2016-02-24 10:52:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4214841829-689274777-3306210627-500 - Administrator - Disabled)
Guest (S-1-5-21-4214841829-689274777-3306210627-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4214841829-689274777-3306210627-1003 - Limited - Enabled)
Michal (S-1-5-21-4214841829-689274777-3306210627-1001 - Administrator - Enabled) => C:\Users\Michal

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Amazon 1Button App (HKLM-x32\...\{3E69CC95-C0F6-4C74-8F43-74F9046F20B2}) (Version: 1.0.10 - Amazon)
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dropbox 15 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.23 - Lenovo)
Energy Manager (x32 Version: 1.5.0.23 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Host App Service (HKU\S-1-5-21-4214841829-689274777-3306210627-1001\...\Pokki) (Version: 0.269.3.227 - Pokki)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.2.1000 - Intel Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.200 - Broadcom Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10279 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.1.12.0 - Lenovo)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A60E1DE0-2AD1-4BD3-BBCC-4FBB22FB6F85}) (Version: 2.5.1.0225 - PointGrab)
Lenovo Motion Control (x32 Version: 2.5.1.0225 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo)
Lenovo PhoneCompanion (x32 Version: 1.2.0.2 - Lenovo) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Lenovo Settings (HKLM-x32\...\InstallShield_{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.52 - Lenovo)
Lenovo Settings (x32 Version: 1.0.0.52 - Lenovo) Hidden
Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.1.0.61 - Lenovo)
Lenovo Updates (x32 Version: 1.1.0.61 - Lenovo) Hidden
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.1.14.3211 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.35.223.5 - Lenovo)
Magic Transfer (HKLM\...\{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - )
Magic Transfer (HKLM-x32\...\InstallShield_{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo)
Magic Transfer (x32 Version: 1.1.1.11 - Lenovo) Hidden
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.5.15 - Symantec Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 345.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.05 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.8.0 - Lenovo Group Limited)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Start Menu (HKU\S-1-5-21-4214841829-689274777-3306210627-1001\...\Pokki_Start_Menu) (Version: 0.269.3.227 - Pokki)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.81 - Synaptics Incorporated)
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2D1AF659-C249-4AF3-9113-92A3A0A77733} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2016-01-06] (Symantec Corporation)
Task: {2DAAE20D-D4E3-49EE-AE6C-AD412C7DB30D} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {333CBE75-B502-488E-8011-F27FF8290A05} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2014-12-12] ()
Task: {334F3F13-436E-4271-ACD5-6F8C730838FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-24] (Google Inc.)
Task: {54C79D4C-887F-4854-AA12-BE4E8F40B92C} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-02-24] (Lenovo)
Task: {652BC67E-1F35-40C8-AB0F-3AC413A75CBC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\WSCStub.exe [2016-01-06] (Symantec Corporation)
Task: {82DA7F5A-6FBE-47CC-AA80-B0370797CCB4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {8CA04033-491A-48D8-B1A7-B7D8694F7F1F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {8D6F1466-A876-4595-B16A-A0CD5617BFD8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-24] (Google Inc.)
Task: {8F8F657D-2D74-4D64-9C89-0D7E61361F16} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-08-19] (Lenovo)
Task: {A775E547-2FA9-4048-BB60-169E8C09E4DB} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {AE42DC26-0600-4647-9D10-7C502E3F1DF0} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
Task: {B5F94A9F-CE19-470C-BF18-D2FDE5D0F56F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {C27DFB0E-8520-4CC9-A0CB-F9C67A533445} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-07] (Synaptics Incorporated)
Task: {CB2A4953-5DF6-4612-90F2-8B69CFE99568} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-09-11] (Maxthon International ltd.)
Task: {EEE064AB-F0F0-4F65-8336-AC958B5F595A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {F547B715-E18D-425E-BB3C-F32C3AE4A366} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-03-09 04:34 - 2013-10-01 10:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4214841829-689274777-3306210627-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michal\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\tapeta programu windows prohlížeč fotografií.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 0260891456304788mcinstcleanup => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: CCSDK => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: Lenovo EasyPlus Hotspot => 3
MSCONFIG\Services: Lenovo System Agent Service => 2
MSCONFIG\Services: LenovoSetSvr => 2
MSCONFIG\Services: LenovoWiFiHotspotSvr => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: LUService => 2
MSCONFIG\Services: MaxthonUpdateSvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: PGService => 2
MSCONFIG\Services: PG_Service_Launcher => 2
MSCONFIG\Services: PhoneCompanionPusher => 2
MSCONFIG\Services: PhoneCompanionVap => 3
MSCONFIG\Services: RichVideo64 => 2
MSCONFIG\Services: TESHelper => 3
MSCONFIG\Services: VeriFaceSrv => 2
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run: => "Energy Manager"
HKLM\...\StartupApproved\Run: => "OnekeyStudio"
HKLM\...\StartupApproved\Run: => "PhoneCompanion"
HKLM\...\StartupApproved\Run: => "Lenovo Utility"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKU\S-1-5-21-4214841829-689274777-3306210627-1001\...\StartupApproved\Run: => "Pokki"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7E76AB68-D524-4139-BFE1-45710A9A0A2D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BAD280E8-EAC0-4CAB-8885-063046BE48E3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C94E15DB-A794-4AE3-9421-1493E1B3B6E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D12FCAAA-8915-4199-BEBA-F19B0E79D9BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7E097387-6232-4D11-B5CB-C0D5C86F187B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{83A410F0-0750-4FF5-A348-CFEA8852776E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7462A225-E11A-4428-B6ED-AFFAB3346BE5}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{009F14B9-D8D5-45C9-9421-8181C2E29076}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{7FDB7268-6947-41B2-8505-599C9594F4D9}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{96072167-2AD1-42E2-9328-0CE8596F4310}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{76DA29F5-F159-400B-8968-D2A47B1B6578}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{FBF9E4FC-1325-488D-96BC-8F8C15FD9F30}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{53730CBF-41A7-4804-BDC7-82E14F33D499}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{81699150-A4AE-4D70-81D8-11FB79CB81EC}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{571DCF72-4B51-4C24-A0A0-852492BE3CFA}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{6B9C7075-20C5-4C51-BC89-536D814B33F7}] => (Allow) LPort=55100
FirewallRules: [{C8C67513-2139-4F7C-897A-03DAEFE317A9}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{A4609DC3-0C18-44D4-8580-091A50907BA9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-02-2016 09:54:55 Norton_Power_Eraser_20160224095453497
24-02-2016 11:49:56 Windows Modules Installer
24-02-2016 11:50:25 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2016 07:50:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: VfsysLogon.exe, verze: 5.0.0.1, časové razítko: 0x530bffc9
Název chybujícího modulu: VfSysLogonDll.dll, verze: 1.0.0.1, časové razítko: 0x530bffde
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000000453a
ID chybujícího procesu: 0x10ec
Čas spuštění chybující aplikace: 0xVfsysLogon.exe0
Cesta k chybující aplikaci: VfsysLogon.exe1
Cesta k chybujícímu modulu: VfsysLogon.exe2
ID zprávy: VfsysLogon.exe3
Úplný název chybujícího balíčku: VfsysLogon.exe4
ID aplikace související s chybujícím balíčkem: VfsysLogon.exe5

Error: (02/24/2016 05:39:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: VfsysLogon.exe, verze: 5.0.0.1, časové razítko: 0x530bffc9
Název chybujícího modulu: VfSysLogonDll.dll, verze: 1.0.0.1, časové razítko: 0x530bffde
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000000453a
ID chybujícího procesu: 0xa68
Čas spuštění chybující aplikace: 0xVfsysLogon.exe0
Cesta k chybující aplikaci: VfsysLogon.exe1
Cesta k chybujícímu modulu: VfsysLogon.exe2
ID zprávy: VfsysLogon.exe3
Úplný název chybujícího balíčku: VfsysLogon.exe4
ID aplikace související s chybujícím balíčkem: VfsysLogon.exe5

Error: (02/24/2016 04:59:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: LogonUI.exe, verze: 6.3.9600.17415, časové razítko: 0x5450541b
Název chybujícího modulu: VfCredProv.dll_unloaded, verze: 0.0.0.0, časové razítko: 0x532bf21e
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000003516
ID chybujícího procesu: 0x3cc
Čas spuštění chybující aplikace: 0xLogonUI.exe0
Cesta k chybující aplikaci: LogonUI.exe1
Cesta k chybujícímu modulu: LogonUI.exe2
ID zprávy: LogonUI.exe3
Úplný název chybujícího balíčku: LogonUI.exe4
ID aplikace související s chybujícím balíčkem: LogonUI.exe5

Error: (02/24/2016 04:59:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: VfsysLogon.exe, verze: 5.0.0.1, časové razítko: 0x530bffc9
Název chybujícího modulu: VfSysLogonDll.dll, verze: 1.0.0.1, časové razítko: 0x530bffde
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000000453a
ID chybujícího procesu: 0x8b4
Čas spuštění chybující aplikace: 0xVfsysLogon.exe0
Cesta k chybující aplikaci: VfsysLogon.exe1
Cesta k chybujícímu modulu: VfsysLogon.exe2
ID zprávy: VfsysLogon.exe3
Úplný název chybujícího balíčku: VfsysLogon.exe4
ID aplikace související s chybujícím balíčkem: VfsysLogon.exe5

Error: (02/24/2016 04:59:21 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (02/24/2016 11:30:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: VfsysLogon.exe, verze: 5.0.0.1, časové razítko: 0x530bffc9
Název chybujícího modulu: VfSysLogonDll.dll, verze: 1.0.0.1, časové razítko: 0x530bffde
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000000453a
ID chybujícího procesu: 0x838
Čas spuštění chybující aplikace: 0xVfsysLogon.exe0
Cesta k chybující aplikaci: VfsysLogon.exe1
Cesta k chybujícímu modulu: VfsysLogon.exe2
ID zprávy: VfsysLogon.exe3
Úplný název chybujícího balíčku: VfsysLogon.exe4
ID aplikace související s chybujícím balíčkem: VfsysLogon.exe5

Error: (02/24/2016 11:23:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: LogonUI.exe, verze: 6.3.9600.17415, časové razítko: 0x5450541b
Název chybujícího modulu: VfCredProv.dll_unloaded, verze: 0.0.0.0, časové razítko: 0x532bf21e
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000000375b
ID chybujícího procesu: 0x38c
Čas spuštění chybující aplikace: 0xLogonUI.exe0
Cesta k chybující aplikaci: LogonUI.exe1
Cesta k chybujícímu modulu: LogonUI.exe2
ID zprávy: LogonUI.exe3
Úplný název chybujícího balíčku: LogonUI.exe4
ID aplikace související s chybujícím balíčkem: LogonUI.exe5

Error: (02/24/2016 11:22:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: VfsysLogon.exe, verze: 5.0.0.1, časové razítko: 0x530bffc9
Název chybujícího modulu: VfSysLogonDll.dll, verze: 1.0.0.1, časové razítko: 0x530bffde
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000000453a
ID chybujícího procesu: 0xbe8
Čas spuštění chybující aplikace: 0xVfsysLogon.exe0
Cesta k chybující aplikaci: VfsysLogon.exe1
Cesta k chybujícímu modulu: VfsysLogon.exe2
ID zprávy: VfsysLogon.exe3
Úplný název chybujícího balíčku: VfsysLogon.exe4
ID aplikace související s chybujícím balíčkem: VfsysLogon.exe5

Error: (02/24/2016 10:12:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HostAppServiceUpdater.exe, verze: 1.0.0.0, časové razítko: 0x5438749b
Název chybujícího modulu: HostAppServiceUpdater.exe, verze: 1.0.0.0, časové razítko: 0x5438749b
Kód výjimky: 0xc000041d
Posun chyby: 0x000000000005a753
ID chybujícího procesu: 0x90c
Čas spuštění chybující aplikace: 0xHostAppServiceUpdater.exe0
Cesta k chybující aplikaci: HostAppServiceUpdater.exe1
Cesta k chybujícímu modulu: HostAppServiceUpdater.exe2
ID zprávy: HostAppServiceUpdater.exe3
Úplný název chybujícího balíčku: HostAppServiceUpdater.exe4
ID aplikace související s chybujícím balíčkem: HostAppServiceUpdater.exe5

Error: (02/24/2016 10:12:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HostAppServiceUpdater.exe, verze: 1.0.0.0, časové razítko: 0x5438749b
Název chybujícího modulu: HostAppServiceUpdater.exe, verze: 1.0.0.0, časové razítko: 0x5438749b
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000005a753
ID chybujícího procesu: 0x90c
Čas spuštění chybující aplikace: 0xHostAppServiceUpdater.exe0
Cesta k chybující aplikaci: HostAppServiceUpdater.exe1
Cesta k chybujícímu modulu: HostAppServiceUpdater.exe2
ID zprávy: HostAppServiceUpdater.exe3
Úplný název chybujícího balíčku: HostAppServiceUpdater.exe4
ID aplikace související s chybujícím balíčkem: HostAppServiceUpdater.exe5


System errors:
=============
Error: (02/24/2016 07:51:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/24/2016 05:02:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/24/2016 10:58:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/24/2016 10:08:43 AM) (Source: DCOM) (EventID: 10010) (User: GHOSTIK)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (02/24/2016 10:08:43 AM) (Source: DCOM) (EventID: 10010) (User: GHOSTIK)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (02/24/2016 09:52:24 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba NPEService je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/24/2016 09:48:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/24/2016 08:42:54 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 12291) (User: NT AUTHORITY)
Description: Službě SAM se nepodařilo spustit vlákno naslouchání protokolu TCP/IP nebo SPX/IPX.

Error: (02/24/2016 08:18:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/24/2016 07:43:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210H CPU @ 2.90GHz
Percentage of memory in use: 17%
Total physical RAM: 8104.27 MB
Available physical RAM: 6665.38 MB
Total Virtual: 10024.27 MB
Available Virtual: 8601.93 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:888.87 GB) (Free:856.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9AC72A9A)

Partition: GPT.

==================== End of Addition.txt ============================

[motji]

Vy jste měnil antivir?
Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.

[killghostik]

Ano, mam placeny norton.

[killghostik]

Zkoušel jsem stáhnout ten program, ale antvirák, mi hlásí že je nebezpečný. Mám tedy antivirový program na chvíli zastavit?

[cernohous13]

Ahoj, Symantec ho hlásí jako podezřelý https://www.virustotal.com/cs/file/02f8 ... 456406071/
na daném odkazu nehrozí stažení infikovaného souboru
Program odesílá hlášku autorovi
Support : http://toolslib.net/forum

Při problémech se stažením či spuštěním můžeš Norton na tu chvíli odstavit

a já

[killghostik]

Tak probíhá restart cca 30min :/

[killghostik]

# AdwCleaner v5.036 - Logfile created 25/02/2016 at 15:41:54
# Updated 22/02/2016 by Xplode
# Database : 2016-02-24.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Michal - GHOSTIK
# Running from : C:\Users\Michal\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\pokki
[-] Folder Deleted : C:\Users\Michal\AppData\Local\pokki

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKCU\Software\Pokki
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1263 bytes] - [25/02/2016 15:41:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [319 bytes] - [25/02/2016 15:15:06]
C:\AdwCleaner\AdwCleaner[S2].txt - [1378 bytes] - [25/02/2016 15:17:45]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1481 bytes] ##########

[motji]

Vy jste ho spouštěl 2x? Jak je na tom momentálně pc?

[killghostik]

Seklo se to v restartu. Na.pc momentálně probihaji aktualizace a zatim to vypada ze jede