VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

cinska nechtena app+ asi malver?

https://forum.viry.cz:443/viewtopic.php?t=144735

Stránka 1 z 2

cinska nechtena app+ asi malver?

Napsal: 04 čer 2015 13:19
od lalasso
Dobrý den,
pokoušel jsem se zprovoznit starou/novou tiskárnu, nedařilo se, tak sem ze zoufalstvi (páč sem potřeboval skenovat) stáhl ovladače z neověřenýho zdroje. Teď mně vyskakuje nějaká čínská ap na ploše. Zkoušel jsem to neuspěšně odinstalovat. Když jsem zkoušel odinstalovat "support PL 1.1" tak to napsalo, že nelze poněvadž to obsahuje vir.

Děkuju za případnou pomoc, níže log


Logfile of random's system information tool 1.10 (written by random/random)
Run by Vyroba at 2015-06-04 14:09:50
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 403 GB (88%) free of 457 GB
Total RAM: 3690 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:10:03, on 4.6.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
C:\Program Files (x86)\BaiduAn4.0\BaiduAn\4.0.0.5166\BaiduAnSvc.exe
C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.622\BaiduProtect.exe
C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRtp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe
C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\baidusdTray.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
C:\Program Files (x86)\BaiduAn4.0\BaiduAn\4.0.0.5166\baiduanTray.exe
C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
C:\Program Files (x86)\baidu\baidu.exe
C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Users\Vyroba\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\plugins\QMNetMon\QQPCNetFlow.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRealTimeSpeedup.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Vyroba.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=93320414_hao_pg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=93320414_hao_pg
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BDHOOK - {15DEE173-1BE9-4424-81E0-58A87076E9B1} - C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\websafe\WebMonBHO.dll
O2 - BHO: WebGuard BHO Class - {1B2639A9-EE25-4AE7-A2E3-B308F08125C4} - C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\WebGuardBHO.dll
O2 - BHO: QPMIEHelper - {50F4150A-48B2-417A-BE4C-C83F580FB904} - C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
O2 - BHO: PriCeLess - {CE6F826D-16B2-4AD8-8983-C852022C904E} - C:\Program Files (x86)\PriCeLess\CudRtwoxJraJTx.dll
O3 - Toolbar: TrueSuite Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
O4 - HKLM\..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [baidusdTray] "C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdTray.exe" -stmd=3
O4 - HKLM\..\Run: [BaiduAnTray] "C:\Program Files (x86)\BaiduAn4.0\BaiduAn\4.0.0.5166\BaiduAnTray.exe" -stmd=3
O4 - HKLM\..\Run: [ QQPCTray] "C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTRAY.EXE" /regrun /qqrepair
O4 - HKCU\..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe
O4 - HKCU\..\Run: [apphide] C:\Program Files (x86)\baidu\baidu.exe
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Vyroba\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Vyroba\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-245342030-1968866379-2107401713-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-245342030-1968866379-2107401713-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.baidu.com
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: BaiduHips - ????????(??)???? - C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
O23 - Service: BDKVRTP Service (BDKVRTP) - ????????(??)???? - C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
O23 - Service: BDMRTP Service (BDMRTP) - ????????(??)???? - C:\Program Files (x86)\BaiduAn4.0\BaiduAn\4.0.0.5166\BaiduAnSvc.exe
O23 - Service: BDSGRTP Service (BDSGRTP) - ????????(??)???? - C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.622\BaiduProtect.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: DraftSight API Service - Dassault Systemes - C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FastbootService - Lenovo - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: TrueSuiteService (FPLService) - AuthenTec, Inc - C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Small Business Advantage - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: ThinkVantage Virtual Camera Controller (LENOVO.TVTVCAM) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: lmab_device - - C:\Windows\system32\LMabcoms.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: QQPCMgr RTP Service (QQPCRTP) - Tencent - C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRTP.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: TAOFrame - Tencent - C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TAOFrame.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TrueAPI Service component (TrueService) - AuthenTec, Inc. - C:\Program Files\Common Files\AuthenTec\TrueService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIPAppService - Symantec Corporation - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 20580 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe"
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe"
"C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdSvc.exe" -r
"C:\Program Files (x86)\BaiduAn4.0\BaiduAn\4.0.0.5166\BaiduAnSvc.exe" -r
"C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.622\BaiduProtect.exe" -r
"C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRtp.exe" -r
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
"C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ba8ec23e-c962-45b4-b899-d0e9cdf7d1c2 -SystemEventPortName:HostProcess-3e3e9540-dd0c-4d39-b681-182d6a43bc16 -IoCancelEventPortName:HostProcess-dbf5f4d1-7a91-4e8f-abec-a3432131ed3f -NonStateChangingEventPortName:HostProcess-94ecea37-b9dd-402a-96b0-5157ed6c61cb -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:75e6a59e-cd8e-411c-acc7-2cba293ec38a -DeviceGroupId:
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe" C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
C:\Windows\system32\WLANExt.exe 3876976
\??\C:\Windows\system32\conhost.exe "-2072750909386067771-502357078636483253-7625526491138813833-16193199221511162818
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\igfxext.exe -Embedding
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe"
"C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe"
"C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe"
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\LMabcoms.exe -service
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
WLIDSvcM.exe 5464
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
C:\Windows\system32\rundll32.exe "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook
C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.MediaKey
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files\Common Files\AuthenTec\TrueService.exe"
"C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe" /elevated /regrun
"C:\Windows\system32\GWX\GWX.exe"
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
/ChildServer
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\baidusdTray.exe" -stmd=5
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Windows\System32\TpShocks.exe"
"C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"
"C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe"
"C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe"
"C:\Windows\System32\cpuminer-gw64.exe"
\??\C:\Windows\system32\conhost.exe "141262078818698493711016212979-972628730-1649097317-1030705752-1159282380543015
"C:\Program Files (x86)\BaiduAn4.0\BaiduAn\4.0.0.5166\baiduanTray.exe" -stmd=8
"C:\Program Files\Lexmark\ErrorApp\lmab1err.exe"
"C:\Program Files (x86)\baidu\baidu.exe"
"C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe" -Embedding
szndesktop.exe default start
"C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Vyroba\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe "-1300745087-461029199923532561-31663973-139626909318672039961965158896-1976905171
"C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
"C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\plugins\QMNetMon\QQPCNetFlow.exe" /regrun /elevated
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
"C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRealTimeSpeedup.exe"
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
"C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe" -minimized
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe"
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
taskeng.exe {94A98E28-24AB-404B-A1F6-5BF2A13A50CC}
C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "0x2790_0x2bb8_0x766cc5cc"
"C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe" /slient /PLUGIN_管家蓝屏修复 /pcmgr
"taskhost.exe"

taskeng.exe {D9CE2D8A-2DB0-4EA9-A220-F0C884BC54B7}
"C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE"
"C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "http://normanasa.vo.llnwd.net/o29/publi ... leaner.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="16196.0.571751945\1687629645" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,8,20,43 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2639 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/BackgroundRendererProcesses/AllowBelowNormalFromBrowser/BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_HQPDemotion_HUPDecay_Enabled_V2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Disabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/WebRTC-UDPSocketNonBlockingIO/Default/*Win32kLockdown/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=16196 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="16196.1.1092715655\620278746" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_HQPDemotion_HUPDecay_Enabled_V2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Disabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/WebRTC-UDPSocketNonBlockingIO/Default/*Win32kLockdown/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=16196 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="16196.2.1760291888\822803016" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_HQPDemotion_HUPDecay_Enabled_V2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Disabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/WebRTC-UDPSocketNonBlockingIO/Default/*Win32kLockdown/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=16196 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="16196.3.540956139\172029546" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_HQPDemotion_HUPDecay_Enabled_V2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Disabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/WebRTC-UDPSocketNonBlockingIO/Default/*Win32kLockdown/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=16196 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="16196.4.1824310702\1966320378" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_HQPDemotion_HUPDecay_Enabled_V2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Disabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/WebRTC-UDPSocketNonBlockingIO/Default/*Win32kLockdown/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=16196 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="16196.5.1857364428\645523992" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group6 pct:10f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Extension (public)/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Stable_HQPDemotion_HUPDecay_Enabled_V2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Disabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/default/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/*WebRTC-IPv6Default/Enabled/WebRTC-UDPSocketNonBlockingIO/Default/*Win32kLockdown/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=16196 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="16196.10.1725838764\733368654" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe17_ Global\UsGthrCtrlFltPipeMssGthrPipe17 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Vyroba\Downloads\RSITx64.exe"
taskhost.exe $(Arg0)

======Scheduled tasks folder======

C:\Windows\tasks\AmiUpdXp.job - C:\Users\Vyroba\AppData\Local\15091\Updater.exe
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
电脑管家网页防火墙 - C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TSWebMon64.dat [2015-06-04 414560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
Partner BHO Class - C:\ProgramData\Partner\Partner64.dll [2012-06-14 750064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}]
TrueSuite Browser Helper Object - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2013-08-07 2518312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}]
Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-10 2443376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE6F826D-16B2-4AD8-8983-C852022C904E}]
PriCeLess - C:\Program Files (x86)\PriCeLess\CudRtwoxJraJTx.x64.dll [2015-06-04 888832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15DEE173-1BE9-4424-81E0-58A87076E9B1}]
WebMonBHO - C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\websafe\WebMonBHO.dll [2015-06-04 490376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B2639A9-EE25-4AE7-A2E3-B308F08125C4}]
WebGuardBHO - C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\WebGuardBHO.dll [2015-06-04 490376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}]
Ó¦Óñ¦Ň»Ľü°˛×°˛ĺĽţ - C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30 140344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
Partner BHO Class - C:\ProgramData\Partner\Partner.dll [2012-06-14 433648]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}]
TrueSuite Browser Helper Object - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll [2013-08-07 2353448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}]
Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-10 2109040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE6F826D-16B2-4AD8-8983-C852022C904E}]
PriCeLess - C:\Program Files (x86)\PriCeLess\CudRtwoxJraJTx.dll [2015-06-04 820224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C98EE38D-21E4-4A50-907D-2B56FEC7013E} - TrueSuite Toolbar - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2013-08-07 2518312]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{C98EE38D-21E4-4A50-907D-2B56FEC7013E} - TrueSuite Toolbar - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll [2013-08-07 2353448]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-04-02 2899216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-02-09 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-02-09 440600]
"BLEServicesCtrl"=C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [2012-02-18 177936]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2012-02-22 11406608]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2012-03-01 564352]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-02-21 1654400]
"TpShocks"=C:\Windows\system32\TpShocks.exe [2012-02-25 382528]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2012-04-11 283984]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 1337000]
""= []
"LMPSSDMON"=C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe [2010-09-16 753664]
"gpuminer"=C:\Users\Vyroba\AppData\Roaming\cpuminer\sgminer\sgminer.cmd [2015-05-02 96]
"cpuminer"=C:\Windows\system32\cpuminer-gw64.exe [2015-06-03 1353512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LMab1err"=C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [2010-09-16 582312]
"apphide"=C:\Program Files (x86)\baidu\baidu.exe [2015-04-06 65536]
"cz.seznam.software.autoupdate"=C:\Users\Vyroba\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Vyroba\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2012-03-07 133400]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-01-04 291608]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-31 55808]
"Dolby Advanced Audio v2"=C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2011-12-21 507744]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"Fastboot"=C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [2012-01-17 1091376]
"Lenovo Registration"=C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [2011-07-14 4351712]
"IntelSBA"=C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe [2012-02-27 55520]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"baidusdTray"=C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdTray.exe [2015-06-04 2526216]
"BaiduAnTray"=C:\Program Files (x86)\BaiduAn4.0\BaiduAn\4.0.0.5166\BaiduAnTray.exe [2015-06-04 3042312]
" QQPCTray"=C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTRAY.EXE [2015-06-04 355296]

C:\Users\Vyroba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-02-01 430080]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\QQPCRTP]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-06-04 14:09:50 ----D---- C:\rsit
2015-06-04 14:09:50 ----D---- C:\Program Files\trend micro
2015-06-04 09:26:20 ----A---- C:\Windows\SYSWOW64\drivers\TS888x64.sys
2015-06-04 09:25:16 ----D---- C:\ProgramData\TXQMPC
2015-06-04 09:20:03 ----D---- C:\Program Files (x86)\Lexmark ScanBack
2015-06-04 09:19:51 ----D---- C:\Program Files\Lexmark ScanBack
2015-06-04 09:18:29 ----A---- C:\Windows\system32\drivers\TAOAccelerator64.sys
2015-06-04 09:18:25 ----D---- C:\Program Files\Common Files\Tencent
2015-06-04 09:18:19 ----A---- C:\Windows\system32\drivers\TSSKX64.sys
2015-06-04 09:18:15 ----A---- C:\Windows\system32\drivers\TAOKernel64.sys
2015-06-04 09:18:06 ----A---- C:\Windows\system32\drivers\TFsFltX64.sys
2015-06-04 09:16:57 ----D---- C:\Program Files (x86)\Tencent
2015-06-04 09:16:50 ----D---- C:\Users\Vyroba\AppData\Roaming\Tencent
2015-06-04 09:16:49 ----D---- C:\ProgramData\Tencent
2015-06-04 09:14:38 ----A---- C:\Windows\system32\drivers\BDSafeBrowser.sys
2015-06-04 09:14:37 ----A---- C:\Windows\system32\drivers\bd0004.sys
2015-06-04 09:14:37 ----A---- C:\Windows\system32\bd64_x86.dll
2015-06-04 09:14:37 ----A---- C:\Windows\system32\bd64_x64.dll
2015-06-04 09:14:12 ----A---- C:\Windows\system32\drivers\BDMNetMon.sys
2015-06-04 09:13:48 ----D---- C:\Program Files (x86)\BaiduAn4.0
2015-06-04 09:11:57 ----A---- C:\Windows\system32\drivers\BDMWrench_x64.sys
2015-06-04 09:11:57 ----A---- C:\Windows\system32\drivers\BDDefense.sys
2015-06-04 09:11:57 ----A---- C:\Windows\system32\drivers\bd0003.sys
2015-06-04 09:11:56 ----A---- C:\Windows\system32\drivers\BDArKit.SYS
2015-06-04 09:11:54 ----A---- C:\Windows\system32\drivers\bd0002.sys
2015-06-04 09:11:54 ----A---- C:\Windows\system32\drivers\bd0001.sys
2015-06-04 09:11:34 ----D---- C:\Program Files (x86)\BaiduSd4.0
2015-06-04 09:11:30 ----D---- C:\ProgramData\BDSReport
2015-06-04 09:10:58 ----D---- C:\Program Files (x86)\Seznam.cz
2015-06-04 09:10:40 ----D---- C:\Users\Vyroba\AppData\Roaming\NVIDIA
2015-06-04 09:10:39 ----D---- C:\Users\Vyroba\AppData\Roaming\Seznam.cz
2015-06-04 09:10:27 ----D---- C:\Users\Vyroba\AppData\Roaming\cpuminer
2015-06-04 09:10:03 ----D---- C:\Program Files (x86)\SoftwarePlus
2015-06-04 09:09:32 ----D---- C:\ProgramData\13606343631502330683
2015-06-04 09:09:24 ----D---- C:\Program Files (x86)\PriCeLess
2015-06-04 09:09:21 ----D---- C:\Users\Vyroba\AppData\Roaming\Baidu
2015-06-04 09:09:21 ----D---- C:\ProgramData\Baidu
2015-06-04 09:09:11 ----D---- C:\ProgramData\{db247919-028d-c7b4-db24-47919028e464}
2015-06-04 09:09:01 ----D---- C:\Program Files (x86)\baidu
2015-06-04 08:24:18 ----D---- C:\Program Files\Lexmark_HostCD
2015-06-04 08:23:27 ----A---- C:\Windows\system32\lmabusb1.dll
2015-06-04 08:23:27 ----A---- C:\Windows\system32\lmabserv.dll
2015-06-04 08:23:27 ----A---- C:\Windows\system32\lmabpmui.dll
2015-06-04 08:23:27 ----A---- C:\Windows\system32\lmabpar1.dll
2015-06-04 08:23:27 ----A---- C:\Windows\system32\lmablmpm.dll
2015-06-04 08:23:27 ----A---- C:\Windows\system32\lmabiobj.dll
2015-06-04 08:23:26 ----A---- C:\Windows\system32\lmabip1.dll
2015-06-04 08:23:26 ----A---- C:\Windows\system32\lmabinpa.dll
2015-06-04 08:23:26 ----A---- C:\Windows\system32\lmabhcp.dll
2015-06-04 08:23:26 ----A---- C:\Windows\system32\lmabcoms.exe
2015-06-04 08:23:25 ----A---- C:\Windows\system32\lmabcomm.dll
2015-06-04 08:23:25 ----A---- C:\Windows\system32\lmabcomc.dll
2015-06-04 08:23:24 ----A---- C:\Windows\SYSWOW64\lmabserv.dll
2015-06-04 08:23:24 ----A---- C:\Windows\SYSWOW64\lmabhcp.dll
2015-06-04 08:23:24 ----A---- C:\Windows\SYSWOW64\lmabcomm.dll
2015-06-04 08:23:24 ----A---- C:\Windows\system32\lmabiesc.dll
2015-06-04 08:23:23 ----A---- C:\Windows\SYSWOW64\lmabcoms.exe
2015-06-04 08:23:23 ----A---- C:\Windows\SYSWOW64\lmabcomc.dll
2015-06-04 08:23:21 ----A---- C:\Windows\Lexcfi.dll
2015-06-04 08:20:48 ----D---- C:\Lexmark
2015-06-03 17:09:46 ----A---- C:\Windows\system32\cpuminer-gw64.exe
2015-05-26 10:23:50 ----D---- C:\Users\Vyroba\AppData\Roaming\ZipGenius
2015-05-20 09:25:29 ----D---- C:\ProgramData\DriverConfigurations
2015-05-20 09:09:43 ----D---- C:\Program Files\Lexmark Status Monitor Center
2015-05-20 09:09:43 ----A---- C:\Windows\SYSWOW64\lexlog.dll
2015-05-20 09:09:43 ----A---- C:\Windows\system32\lexlog.dll
2015-05-20 09:09:19 ----D---- C:\ProgramData\APP
2015-05-20 09:08:31 ----D---- C:\Program Files (x86)\Lexmark
2015-05-20 08:59:06 ----D---- C:\Program Files\Lexmark
2015-05-20 08:51:47 ----D---- C:\ProgramData\Lexmark Install Logs
2015-05-20 08:50:32 ----D---- C:\ProgramData\Lexmark Package Logs
2015-05-18 15:33:33 ----D---- C:\Program Files (x86)\ZipGenius 6
2015-05-14 03:01:58 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:01:58 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 06:41:43 ----A---- C:\Windows\system32\schannel.dll
2015-05-13 06:41:42 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-05-13 06:41:42 ----A---- C:\Windows\SYSWOW64\certcli.dll
2015-05-13 06:41:42 ----A---- C:\Windows\system32\certcli.dll
2015-05-13 06:41:10 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-05-13 06:41:10 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-05-13 06:41:10 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-05-13 06:41:10 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-05-13 06:41:10 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-05-13 06:41:09 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-05-13 06:41:09 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-05-13 06:41:09 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-05-13 06:41:09 ----A---- C:\Windows\system32\iernonce.dll
2015-05-13 06:41:09 ----A---- C:\Windows\system32\ie4uinit.exe
2015-05-13 06:41:08 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-05-13 06:41:08 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-05-13 06:41:08 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-05-13 06:41:08 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-05-13 06:41:08 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-05-13 06:41:08 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 06:41:07 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-05-13 06:41:07 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-05-13 06:41:07 ----A---- C:\Windows\system32\urlmon.dll
2015-05-13 06:41:07 ----A---- C:\Windows\system32\iedkcs32.dll
2015-05-13 06:41:06 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-05-13 06:41:06 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-05-13 06:41:06 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-05-13 06:41:06 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-05-13 06:41:06 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-05-13 06:41:06 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-05-13 06:41:06 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-05-13 06:41:06 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 06:41:06 ----A---- C:\Windows\system32\msfeeds.dll
2015-05-13 06:41:06 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 06:41:06 ----A---- C:\Windows\system32\dxtrans.dll
2015-05-13 06:41:05 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-05-13 06:41:05 ----A---- C:\Windows\system32\iesetup.dll
2015-05-13 06:41:05 ----A---- C:\Windows\system32\ieapfltr.dll
2015-05-13 06:41:04 ----A---- C:\Windows\system32\iertutil.dll
2015-05-13 06:41:03 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-05-13 06:41:03 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-05-13 06:41:03 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-05-13 06:41:03 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-05-13 06:41:03 ----A---- C:\Windows\system32\vbscript.dll
2015-05-13 06:41:03 ----A---- C:\Windows\system32\jsproxy.dll
2015-05-13 06:41:03 ----A---- C:\Windows\system32\ieUnatt.exe
2015-05-13 06:41:02 ----A---- C:\Windows\system32\ieui.dll
2015-05-13 06:41:02 ----A---- C:\Windows\system32\ieframe.dll
2015-05-13 06:41:02 ----A---- C:\Windows\system32\dxtmsft.dll
2015-05-13 06:41:01 ----A---- C:\Windows\system32\wininet.dll
2015-05-13 06:41:01 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-05-13 06:41:01 ----A---- C:\Windows\system32\mshtmled.dll
2015-05-13 06:41:01 ----A---- C:\Windows\system32\jscript9diag.dll
2015-05-13 06:41:01 ----A---- C:\Windows\system32\jscript9.dll
2015-05-13 06:41:01 ----A---- C:\Windows\system32\jscript.dll
2015-05-13 06:41:00 ----A---- C:\Windows\system32\msrating.dll
2015-05-13 06:41:00 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-05-13 06:41:00 ----A---- C:\Windows\system32\mshtml.dll
2015-05-13 06:40:55 ----A---- C:\Windows\system32\services.exe
2015-05-13 06:40:48 ----A---- C:\Windows\system32\UtcResources.dll
2015-05-13 06:40:48 ----A---- C:\Windows\system32\diagtrack.dll
2015-05-13 06:40:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-05-13 06:40:47 ----A---- C:\Windows\system32\ntdll.dll
2015-05-13 06:40:46 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-05-13 06:40:46 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-05-13 06:40:46 ----A---- C:\Windows\system32\tdh.dll
2015-05-13 06:40:45 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-05-13 06:40:45 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-05-13 06:40:45 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2015-05-13 06:40:45 ----A---- C:\Windows\system32\msv1_0.dll
2015-05-13 06:40:45 ----A---- C:\Windows\system32\lsasrv.dll
2015-05-13 06:40:45 ----A---- C:\Windows\system32\kernel32.dll
2015-05-13 06:40:45 ----A---- C:\Windows\system32\advapi32.dll
2015-05-13 06:40:44 ----A---- C:\Windows\SYSWOW64\tracerpt.exe
2015-05-13 06:40:44 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-05-13 06:40:44 ----A---- C:\Windows\system32\wow64.dll
2015-05-13 06:40:44 ----A---- C:\Windows\system32\tracerpt.exe
2015-05-13 06:40:44 ----A---- C:\Windows\system32\srcore.dll
2015-05-13 06:40:44 ----A---- C:\Windows\system32\sechost.dll
2015-05-13 06:40:44 ----A---- C:\Windows\system32\logman.exe
2015-05-13 06:40:44 ----A---- C:\Windows\system32\KernelBase.dll
2015-05-13 06:40:44 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-05-13 06:40:44 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-05-13 06:40:43 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-05-13 06:40:43 ----A---- C:\Windows\SYSWOW64\typeperf.exe
2015-05-13 06:40:43 ----A---- C:\Windows\SYSWOW64\sechost.dll
2015-05-13 06:40:43 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-05-13 06:40:43 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-05-13 06:40:43 ----A---- C:\Windows\SYSWOW64\logman.exe
2015-05-13 06:40:43 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-05-13 06:40:43 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-05-13 06:40:43 ----A---- C:\Windows\system32\winsrv.dll
2015-05-13 06:40:43 ----A---- C:\Windows\system32\wdigest.dll
2015-05-13 06:40:43 ----A---- C:\Windows\system32\typeperf.exe
2015-05-13 06:40:43 ----A---- C:\Windows\system32\smss.exe
2015-05-13 06:40:43 ----A---- C:\Windows\system32\rstrui.exe
2015-05-13 06:40:43 ----A---- C:\Windows\system32\ncrypt.dll
2015-05-13 06:40:43 ----A---- C:\Windows\system32\kerberos.dll
2015-05-13 06:40:43 ----A---- C:\Windows\system32\conhost.exe
2015-05-13 06:40:42 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-05-13 06:40:42 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-05-13 06:40:42 ----A---- C:\Windows\SYSWOW64\relog.exe
2015-05-13 06:40:42 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-05-13 06:40:42 ----A---- C:\Windows\system32\TSpkg.dll
2015-05-13 06:40:42 ----A---- C:\Windows\system32\sspicli.dll
2015-05-13 06:40:42 ----A---- C:\Windows\system32\relog.exe
2015-05-13 06:40:42 ----A---- C:\Windows\system32\lsass.exe
2015-05-13 06:40:42 ----A---- C:\Windows\system32\diskperf.exe
2015-05-13 06:40:42 ----A---- C:\Windows\system32\csrsrv.dll
2015-05-13 06:40:42 ----A---- C:\Windows\system32\auditpol.exe
2015-05-13 06:40:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 06:40:41 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 06:40:41 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 06:40:41 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 06:40:41 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-05-13 06:40:41 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-05-13 06:40:41 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-05-13 06:40:41 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-05-13 06:40:41 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-05-13 06:40:41 ----A---- C:\Windows\SYSWOW64\diskperf.exe
2015-05-13 06:40:41 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-05-13 06:40:41 ----A---- C:\Windows\system32\wow64win.dll
2015-05-13 06:40:41 ----A---- C:\Windows\system32\wow64cpu.dll
2015-05-13 06:40:41 ----A---- C:\Windows\system32\sspisrv.dll
2015-05-13 06:40:41 ----A---- C:\Windows\system32\srclient.dll
2015-05-13 06:40:41 ----A---- C:\Windows\system32\secur32.dll
2015-05-13 06:40:41 ----A---- C:\Windows\system32\ntvdm64.dll
2015-05-13 06:40:41 ----A---- C:\Windows\system32\credssp.dll
2015-05-13 06:40:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 06:40:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 06:40:40 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 06:40:40 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 06:40:40 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 06:40:40 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 06:40:40 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 06:40:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 06:40:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 06:40:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 06:40:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 06:40:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 06:40:38 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 06:40:38 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 06:40:38 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 06:40:38 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 06:40:38 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 06:40:38 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 06:40:38 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 06:40:38 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 06:40:37 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 06:40:36 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 06:40:36 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 06:40:36 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 06:40:36 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 06:40:36 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 06:40:36 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 06:40:36 ----A---- C:\Windows\SYSWOW64\user.exe
2015-05-13 06:40:36 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-05-13 06:40:36 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-05-13 06:40:36 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-05-13 06:40:36 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-05-13 06:40:36 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-05-13 06:40:36 ----A---- C:\Windows\system32\msobjs.dll
2015-05-13 06:40:36 ----A---- C:\Windows\system32\msaudite.dll
2015-05-13 06:40:36 ----A---- C:\Windows\system32\apisetschema.dll
2015-05-13 06:40:36 ----A---- C:\Windows\system32\adtschema.dll
2015-05-13 06:40:13 ----A---- C:\Windows\system32\FntCache.dll
2015-05-13 06:40:13 ----A---- C:\Windows\system32\DWrite.dll
2015-05-13 06:40:12 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-05-13 06:40:12 ----A---- C:\Windows\system32\win32k.sys
2015-05-13 06:40:07 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-05-13 06:40:07 ----A---- C:\Windows\system32\InkEd.dll
2015-05-13 06:40:06 ----A---- C:\Windows\system32\jnwmon.dll
2015-05-13 06:40:05 ----A---- C:\Windows\SYSWOW64\wpdshext.dll
2015-05-13 06:40:05 ----A---- C:\Windows\system32\wpdshext.dll
2015-05-13 06:40:01 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2015-05-13 06:40:00 ----A---- C:\Windows\system32\poqexec.exe
2015-05-13 06:39:56 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-05-13 06:39:56 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-05-13 06:39:56 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-05-13 06:39:56 ----A---- C:\Windows\system32\shimeng.dll
2015-05-13 06:39:56 ----A---- C:\Windows\system32\sdbinst.exe
2015-05-13 06:39:56 ----A---- C:\Windows\system32\apphelp.dll
2015-05-13 06:39:56 ----A---- C:\Windows\system32\aelupsvc.dll

======List of files/folders modified in the last 1 month======

2015-06-04 14:09:50 ----RD---- C:\Program Files
2015-06-04 14:09:35 ----D---- C:\Windows\Temp
2015-06-04 11:09:11 ----D---- C:\ProgramData\Lenovo
2015-06-04 11:08:13 ----SHD---- C:\Windows\Installer
2015-06-04 11:07:08 ----D---- C:\Windows\SysWOW64
2015-06-04 11:06:43 ----D---- C:\Program Files (x86)\Lenovo
2015-06-04 10:43:08 ----D---- C:\Windows\system32\Tasks
2015-06-04 10:43:07 ----D---- C:\Windows\Tasks
2015-06-04 09:32:49 ----D---- C:\Windows\System32
2015-06-04 09:32:49 ----D---- C:\Windows\inf
2015-06-04 09:32:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-06-04 09:28:09 ----N---- C:\Windows\SYSWOW64\log.txt
2015-06-04 09:27:18 ----D---- C:\Users\Vyroba\AppData\Roaming\Dropbox
2015-06-04 09:26:29 ----D---- C:\Windows\system32\config
2015-06-04 09:26:20 ----D---- C:\Windows\SYSWOW64\drivers
2015-06-04 09:25:16 ----HD---- C:\ProgramData
2015-06-04 09:24:14 ----D---- C:\Windows\system32\drivers
2015-06-04 09:20:03 ----RD---- C:\Program Files (x86)
2015-06-04 09:18:25 ----D---- C:\Program Files\Common Files
2015-06-04 09:18:18 ----RSD---- C:\Windows\Fonts
2015-06-04 09:18:08 ----D---- C:\Program Files (x86)\Common Files
2015-06-04 09:15:15 ----D---- C:\Windows\winsxs
2015-06-04 08:47:16 ----D---- C:\Program Files (x86)\SugarSync
2015-06-04 08:47:06 ----D---- C:\Windows\system32\DriverStore
2015-06-04 08:47:06 ----D---- C:\Windows\system32\catroot
2015-06-04 08:47:04 ----D---- C:\Windows\twain_32
2015-06-04 08:23:30 ----D---- C:\Windows\Prefetch
2015-06-04 08:23:21 ----D---- C:\Windows
2015-05-21 03:16:22 ----SD---- C:\Windows\SYSWOW64\GWX
2015-05-21 03:16:22 ----SD---- C:\Windows\system32\GWX
2015-05-20 09:07:41 ----D---- C:\Windows\system32\catroot2
2015-05-20 09:07:41 ----D---- C:\Program Files\DIFX
2015-05-20 08:54:55 ----SD---- C:\ProgramData\Microsoft
2015-05-14 04:05:12 ----D---- C:\Windows\rescache
2015-05-14 03:50:59 ----D---- C:\Windows\Microsoft.NET
2015-05-14 03:50:35 ----RSD---- C:\Windows\assembly
2015-05-14 03:38:25 ----D---- C:\Program Files\Microsoft Silverlight
2015-05-14 03:38:24 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 03:36:40 ----D---- C:\Windows\SYSWOW64\en-US
2015-05-14 03:36:40 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-05-14 03:36:40 ----D---- C:\Windows\system32\cs-CZ
2015-05-14 03:36:40 ----D---- C:\Program Files\Internet Explorer
2015-05-14 03:36:39 ----D---- C:\Windows\system32\en-US
2015-05-14 03:36:39 ----D---- C:\Program Files (x86)\Internet Explorer
2015-05-14 03:36:37 ----D---- C:\Windows\AppPatch
2015-05-14 03:36:36 ----D---- C:\Windows\system32\AdvancedInstallers
2015-05-14 03:36:36 ----D---- C:\Program Files\Windows Journal
2015-05-14 03:13:15 ----D---- C:\Program Files\Microsoft Security Client
2015-05-14 03:13:13 ----D---- C:\Program Files (x86)\Microsoft Security Client
2015-05-14 03:10:11 ----D---- C:\Windows\system32\MRT
2015-05-14 03:04:17 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-12-23 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 280376]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-12-24 28992]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2011-12-29 147784]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-12-29 25416]
R1 bd0001;bd0001; C:\Windows\system32\DRIVERS\bd0001.sys [2015-06-04 202576]
R1 bd0002;bd0002; C:\Windows\system32\DRIVERS\bd0002.sys [2015-06-04 196936]
R1 bd0003;bd0003; C:\Windows\system32\DRIVERS\bd0003.sys [2015-06-04 69448]
R1 bd0004;bd0004; C:\Windows\system32\DRIVERS\bd0004.sys [2015-06-04 169288]
R1 BDDefense;BDDefense; C:\Windows\system32\drivers\BDDefense.sys [2015-06-04 103752]
R1 BDMWrench_x64;BDMWrench_x64; C:\Windows\system32\DRIVERS\BDMWrench_x64.sys [2015-06-04 62280]
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2012-01-31 33344]
R1 QMUdisk;tencent QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMUdisk64.sys [2015-06-04 62264]
R1 TAOKernelDriver;Tencent Auto Optimize Platform.; C:\Windows\System32\Drivers\TAOKernel64.sys [2015-06-04 174392]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2012-04-11 19784]
R1 TSCPM;TSCPM; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\tscpm64.sys [2015-06-04 42296]
R1 TSDefenseBt;TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TSDefenseBT64.sys [2015-06-04 28472]
R1 TSSysKit;TSSysKit; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TSSysKit64.sys [2015-06-04 87352]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 BDArKit;BDArKit; C:\Windows\system32\DRIVERS\BDArKit.sys [2015-06-04 152392]
R2 BDMNetMon;BDMNetMon; C:\Windows\system32\DRIVERS\BDMNetMon.sys [2015-06-04 241992]
R2 BDSafeBrowser;BDSafeBrowser; C:\Windows\system32\DRIVERS\BDSafeBrowser.sys [2015-06-04 48968]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 124568]
R2 QQSysMonX64;QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQSysMonX64.sys [2015-06-04 129336]
R2 TAOAccelerator;Tencent TAOAccelerator driver.; \??\C:\Windows\system32\Drivers\TAOAccelerator64.sys [2015-06-04 99640]
R3 5U877;5U877; C:\Windows\system32\DRIVERS\5U877.sys [2012-02-17 216064]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter; C:\Windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2012-01-31 1601152]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2012-02-29 42312]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-02-01 14659808]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys [2011-12-21 25496]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\Netwsw00.sys [2012-02-20 11471872]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2011-12-26 40248]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2012-04-02 428304]
R3 TFsFlt;TFsFlt; C:\Windows\system32\Drivers\TFsFltX64.sys [2015-06-04 87864]
R3 TS888x64;TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TS888x64.sys [2015-06-04 28984]
R3 TSSKX64;TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [2015-06-04 38200]
R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2011-05-29 40248]
R3 tvtvcamd;ThinkVantage Virtual Camera; C:\Windows\system32\DRIVERS\tvtvcamd.sys [2011-12-08 27432]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol; C:\Windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-12-08 80384]
S3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [2011-11-30 94720]
S3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [2011-11-30 747008]
S3 Fastboot;Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [2012-01-17 70416]
S3 ibtfltcoex;ibtfltcoex; C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2012-02-14 60928]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2011-12-21 34200]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
R2 BaiduHips;BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [2015-06-04 64008]
R2 BDKVRTP;BDKVRTP Service; C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdSvc.exe [2015-06-04 805896]
R2 BDMRTP;BDMRTP Service; C:\Program Files (x86)\BaiduAn4.0\BaiduAn\4.0.0.5166\BaiduAnSvc.exe [2015-06-04 1047048]
R2 BDSGRTP;BDSGRTP Service; C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.622\BaiduProtect.exe [2015-06-04 1935976]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-02-22 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-02-22 1104208]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-18 135952]
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-17 198784]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DisplayLinkService;DisplayLinkManager; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-09 8447848]
R2 DraftSight API Service;DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2013-12-28 123392]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2012-02-26 626960]
R2 FastbootService;FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-01-17 169776]
R2 FPLService;TrueSuiteService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2013-08-07 2139944]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2012-02-29 48704]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-07 128280]
R2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2012-02-27 49376]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-07 163608]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2012-04-11 58192]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-04-11 61264]
R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-04-11 175440]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
R2 lmab_device;lmab_device; C:\Windows\system32\LMabcoms.exe [2012-09-28 1048576]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-03-07 277784]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 23816]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-12-25 889664]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-24 2348864]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
R2 QQPCRTP;QQPCMgr RTP Service; C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCRTP.exe [2015-06-04 297608]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2012-02-26 148752]
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2011-12-29 144960]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-07 363800]
R2 VIPAppService;VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-04-10 84080]
R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-02-22 1304912]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 366544]
R3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-04-11 1662528]
R3 TrueService;TrueAPI Service component; C:\Program Files\Common Files\AuthenTec\TrueService.exe [2013-07-22 401704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 ec9c17f1;SoftwarePlus; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
S2 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-02-02 145472]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-02-09 276248]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-12-09 1431888]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-12-03 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-04-21 114688]
S3 LSCWinService;LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2015-03-09 272440]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-11-28 119408]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 273168]
S3 Partner Service;Partner Service; C:\ProgramData\Partner\Partner.exe [2012-06-14 332272]
S3 PwmEWSvc;Cisco EnergyWise Enabler; C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-04-11 1665088]
S3 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2015-05-15 49136]
S3 TAOFrame;TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TAOFrame.exe [2015-06-04 293728]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2011-12-29 49480]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

Re: cinska nechtena app+ asi malver?

Napsal: 04 čer 2015 13:30
od vyosek
Zdravim :)

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Po spusteni probehne stazeni databaze
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Re: cinska nechtena app+ asi malver?

Napsal: 04 čer 2015 14:09
od lalasso
ta cinska ap tu furt prudí. asi byšla už odinstalovat, ale když dám odinstalovat vyskočí na mě okno čínsky, asi chce potvrdit odinstalaci. Je na výběr kliknout na modrý tlačítko, to se nabízí, zároveň když na něj najedu myšítkem prostředí okna je positivní, východ slunce a tak.
No a pak je vyšedlý tlačítko a když na něj najedu prostředí je negativní mraky a tak. Prostě obdoba Yes/NO asi. Ale co je co nevim.

Log níže, díky

# AdwCleaner v4.206 - Log vytvořen 04/06/2015 v 14:44:54
# Aktualizováno 01/06/2015 by Xplode
# Databáze : 2015-06-01.1 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Vyroba - VYROBA-THINK
# Spuštěno z : C:\Users\Vyroba\Downloads\adwcleaner_4.206.exe
# Nastavení : Čištění

***** [ Služby ] *****

[#] Služba Smazáno : bd0003
[#] Služba Smazáno : bd0004
[#] Služba Smazáno : BDArKit
[#] Služba Smazáno : BDMWrench_x64
[#] Služba Smazáno : BDSafeBrowser
[#] Služba Smazáno : Partner Service
[#] Služba Smazáno : QQPCRTP
Služba Smazáno : TAOAccelerator
Služba Smazáno : TSDefenseBt
Služba Smazáno : TSSysKit
[#] Služba Smazáno : QMUdisk
[#] Služba Smazáno : ec9c17f1

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\Partner
[!] Složka Smazáno : C:\ProgramData\tencent
Složka Smazáno : C:\ProgramData\{db247919-028d-c7b4-db24-47919028e464}
Složka Smazáno : C:\Program Files (x86)\Amazon\ABB
[!] Složka Smazáno : C:\Program Files (x86)\tencent
Složka Smazáno : C:\Program Files (x86)\PriCeLess
Složka Smazáno : C:\Program Files (x86)\Common Files\tencent
Složka Smazáno : C:\Windows\Util
Složka Smazáno : C:\Users\Vyroba\AppData\Local\Temp\tencent
Složka Smazáno : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
[!] Složka Smazáno : C:\Program Files\Common Files\tencent
[!] Složka Smazáno : C:\Users\Vyroba\AppData\Roaming\tencent
Složka Smazáno : C:\Users\Vyroba\AppData\Roaming\cpuminer
Složka Smazáno : C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Soubor Smazáno : C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
Soubor Smazáno : C:\Windows\System32\cpuminer-conf.json
Soubor Smazáno : C:\Windows\System32\cpuminer-gw64.exe
Soubor Smazáno : C:\Windows\System32\drivers\BDDefense.sys
Soubor Smazáno : C:\Windows\System32\drivers\bd0001.sys
Soubor Smazáno : C:\Windows\System32\drivers\bd0002.sys
Soubor Smazáno : C:\Windows\System32\drivers\bd0003.sys
Soubor Smazáno : C:\Windows\System32\drivers\BDArKit.SYS
Soubor Smazáno : C:\Windows\System32\drivers\BDMWrench_x64.sys

***** [ Naplánované úlohy ] *****

Úloha Smazáno : AmiUpdXp
Úloha Smazáno : amiupdaterExd
Úloha Smazáno : amiupdaterExi

***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Klíč Smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Klíč Smazáno : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Klíč Smazáno : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Klíč Smazáno : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader
Klíč Smazáno : HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\BDShellExt.DLL
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\BDSWShellExt.DLL
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Klíč Smazáno : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\BDShellExt
Klíč Smazáno : HKLM\SOFTWARE\Classes\BDShellExt.BDShellExtMenu
Klíč Smazáno : HKLM\SOFTWARE\Classes\BDShellExt.BDShellExtMenu.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\BDSWShellExt.BDSWShellExtMenu
Klíč Smazáno : HKLM\SOFTWARE\Classes\BDSWShellExt.BDSWShellExtMenu.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\BDShellExt
Klíč Smazáno : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ABDSWShellExt
Klíč Smazáno : HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\BDShellExt
Klíč Smazáno : HKLM\SOFTWARE\CLASSES\METNSD
Klíč Smazáno : HKLM\SOFTWARE\Classes\PCE6F826D_16B2_4AD8_8983_C852022C904E_.PCE6F826D_16B2_4AD8_8983_C852022C904E_
Klíč Smazáno : HKLM\SOFTWARE\Classes\PCE6F826D_16B2_4AD8_8983_C852022C904E_.PCE6F826D_16B2_4AD8_8983_C852022C904E_.9
Klíč Smazáno : HKLM\SOFTWARE\952cd6a7-647c-451a-35fe-6831be2b2518
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ec9c17f1}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{A8B81847-1462-4756-9D4A-F506BC5361CD}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{FBE0E29B-01DB-4876-B147-46F5AABA6823}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{15DEE173-1BE9-4424-81E0-58A87076E9B1}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{CE6F826D-16B2-4AD8-8983-C852022C904E}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{70891BDB-3BE3-45A9-96B6-184ABA962091}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{9A44AB5B-B488-42A3-8D2B-7A0DA772F3A4}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15DEE173-1BE9-4424-81E0-58A87076E9B1}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE6F826D-16B2-4AD8-8983-C852022C904E}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE6F826D-16B2-4AD8-8983-C852022C904E}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{00890530-6A9F-4BE2-B1BB-73F01E2BB986}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{85E0B1AA-04FA-11D1-B7DA-00A0C90348D6}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE6F826D-16B2-4AD8-8983-C852022C904E}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE6F826D-16B2-4AD8-8983-C852022C904E}
Klíč Smazáno : HKCU\Software\Alexa Internet
Klíč Smazáno : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Klíč Smazáno : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\????
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\????
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cpuminer

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R0].txt - [9040 bytů] - [04/06/2015 14:40:36]
AdwCleaner[S0].txt - [8395 bytů] - [04/06/2015 14:44:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8453 bytů] ##########

Re: cinska nechtena app+ asi malver?

Napsal: 04 čer 2015 14:11
od vyosek
:arrow: Ona se drzi, ale nebojte, postupne ji vykydame do pryc...Musi se na to postupne

:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: cinska nechtena app+ asi malver?

Napsal: 04 čer 2015 14:49
od lalasso
čínská app přetrvává,

log zde, díky


Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Vyroba on źt 04.06.2015 at 15:15:09,43.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Vyroba\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

4.6.2015 15:17:38 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Amazon deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\SoftwarePlus deleted successfully
\AuthLog deleted successfully
C:\Users\Vyroba\AppData\Roaming\Lenovo deleted successfully
C:\Users\Vyroba\AppData\Local\LSC deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50F4150A-48B2-417A-BE4C-C83F580FB904} deleted successfully
HKEY_USERS\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B5D5DBD-C857-4377-A755-06E50B4AC2B0} deleted successfully
HKEY_USERS\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{639B74F1-0594-432C-97C8-68C8C17A1E1D} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{50F4150A-48B2-417A-BE4C-C83F580FB904} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Vyroba\AppData\Roaming\Thunderbird\Profiles\jrgicuup.default\prefs.js:

Added to C:\Users\Vyroba\AppData\Roaming\Thunderbird\Profiles\jrgicuup.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Amazon not found
C:\PROGRA~2\SoftwarePlus not found
C:\Users\Vyroba\AppData\Local\15091 deleted
C:\Users\Vyroba\AppData\Local\CrashRpt deleted
C:\Users\Public\AlexaNSISPlugin.3240.dll deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Vyroba\AppData\Roaming\Thunderbird\Profiles\jrgicuup.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"VIP5X@verisign.com"="C:\Program Files (x86)\Symantec\VIP Access Client" [14.06.2012 08:37]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.81

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
clglhglbidpdbjffpfcldkifhdegdfle - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx[01.04.2013 02:25]

Website Logon - Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\clglhglbidpdbjffpfcldkifhdegdfle
Bookmark Manager - Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik

==== Chromium Startpages ======================

C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Preferences
TANDARD_COLOR\",\"vendor_id\":\"2\"},{\"type\":\"STANDARD_MONOCHROME\",\"vendor_id\":\"1\"}]},\"copies\":{},\"dpi\":{\"option\":[{\"horizontal_dpi\":1200,\"vertical_dpi\":1200},{\"horizontal_dpi\":600,\"is_default\":true,\"vertical_dpi\":4}]},\"duplex\":{\"option\":[{\"is_default\":true,\"type\":\"NO_DUPLEX\"},{\"type\":\"LONG_EDGE\"},{\"type\":\"SHORT_EDGE\"}]},\"media_size\":{\"option\":[{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},{\"custom_display_name\":\"Legal\",\"height_microns\":355600,\"name\":\"NA_LEGAL\",\"vendor_id\":\"5\",\"width_microns\":215900},{\"custom_display_name\":\"Statement\",\"height_microns\":215900,\"name\":\"NA_INVOICE\",\"vendor_id\":\"6\",\"width_microns\":139700},{\"custom_display_name\":\"Executive\",\"height_microns\":266700,\"name\":\"NA_EXECUTIVE\",\"vendor_id\":\"7\",\"width_microns\":184100},{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000},{\"custom_display_name\":\"A5\",\"height_microns\":210000,\"name\":\"ISO_A5\",\"vendor_id\":\"11\",\"width_microns\":148000},{\"custom_display_name\":\"Folio\",\"height_microns\":330200,\"name\":\"JIS_EXEC\",\"vendor_id\":\"14\",\"width_microns\":215900},{\"custom_display_name\":\"B5\",\"height_microns\":257100,\"name\":\"JIS_B5\",\"vendor_id\":\"119\",\"width_microns\":182000},{\"custom_display_name\":\"Oficio\",\"height_microns\":340400,\"vendor_id\":\"121\",\"width_microns\":215900},{\"custom_display_name\":\"7 3/4 Envelope 3 7/8 x 7 1/2 in\",\"height_microns\":190500,\"name\":\"NA_MONARCH\",\"vendor_id\":\"122\",\"width_microns\":98400},{\"custom_display_name\":\"9 Envelope 3 7/8 x 8 7/8 in\",\"height_microns\":225400,\"name\":\"NA_NUMBER_9\",\"vendor_id\":\"123\",\"width_microns\":98400},{\"custom_display_name\":\"10 Envelope 4 1/8 x 9 1/2 in\",\"height_microns\":241300,\"name\":\"NA_NUMBER_10\",\"vendor_id\":\"124\",\"width_microns\":104700},{\"custom_display_name\":\"DL Envelope 110 x 220 mm\",\"height_microns\":220100,\"name\":\"ISO_DL\",\"vendor_id\":\"125\",\"width_microns\":110000},{\"custom_display_name\":\"C5 Envelope 162 x 229 mm\",\"height_microns\":228900,\"name\":\"ISO_C5\",\"vendor_id\":\"126\",\"width_microns\":161900},{\"custom_display_name\":\"B5 Envelope 176 x 250 mm\",\"height_microns\":250100,\"name\":\"ISO_B5\",\"vendor_id\":\"127\",\"width_microns\":176000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"Lexmark X544 PS (MS)\",\"mediaSize\":{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000},\"selectedDestinationExtensionId\":\"\",\"marginsType\":0,\"customMargins\":null,\"isLandscapeEnabled\":true,\"vendorOptions\":{},\"dpi\":{\"horizontal_dpi\":600,\"is_default\":true,\"vertical_dpi\":4},\"isColorEnabled\":false,\"selectedDestinationExtensionName\":\"\"}"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":26,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{"https://[*.]posta.fetting.cz:443,*":{"setting":1}},"cookies":{},"fullscreen":{"[*.]www.play.cz,*":{"setting":1},"[*.]www.radio1.cz,*":{"setting":1}},"geolocation":{"http://www.firmy.cz:80,http://www.firmy.cz:80":{"setting":2}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{"https://posta.fetting.cz:443,https://posta.fetting.cz:443":{"setting":{"cert_exceptions_map":{"4294967094G569GlKvXgwKhQCfuUBAsfXKngqQTtVTeCUam1q+R+c=":1},"guid":"BC45FD40-5736-4571-8450-163E84C151FC","version":1}}}},"pattern_pairs":{"[*.]www.play.cz,*":{"fullscreen":1},"[*.]www.radio1.cz,*":{"fullscreen":1},"http://www.firmy.cz:80,http://www.firmy.cz:80":{"geolocation":2},"https://[*.]posta.fetting.cz:443,*":{"multiple-automatic-downloads":1},"https://posta.fetting.cz:443,https://posta.fetting.cz:443":{"ssl-cert-decisions":{"cert_exceptions_map":{"4294967094G569GlKvXgwKhQCfuUBAsfXKngqQTtVTeCUam1q+R+c=":1},"guid":"3D2EAF7F-A321-4558-9782-4A81322DDE5F","version":1}}},"pref_version":1},"exit_type":"Crashed","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"PrvnĂ­ uĹľivatel","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\Vyroba\\Desktop"},"selectfile":{"last_directory":"C:\\Users\\Vyroba\\Desktop\\toptrans"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13062083677283045"},"tabs":{"use_vertical_tabs":false},"translate_accepted_count":{"en":0},"translate_blocked_languages":["cs"],"translate_denied_count":{"en":2},"translate_last_denied_time":1417616173818.807,"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
2610D8E3EE9F4C813F66EB0715DEAE4FF9269E3FCC008991422517A66D2F"},"session":{"restore_on_startup":4,"startup_urls":["http://www.google.com/ig/redirectdomain ... &bmod=LENP"]}}


==== Chromium Fix ======================

C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.elektrovip.pl_0.localstorage deleted successfully
C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.elektrovip.pl_0.localstorage-journal deleted successfully
C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.hao123.com/?tn=93320414_hao_pg"
"Default_Page_URL"="http://www.google.com/ig/redirectdomain ... &bmod=LENP"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.hao123.com/?tn=93320414_hao_pg"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.hao123.com/?tn=93320414_hao_pg"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="http://www.google.com/search?sourceid=i ... lz=1I7LENP"

==== Reset Google Chrome ======================

C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Vyroba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Vyroba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=11 folders=5 1287750 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\Vyroba\AppData\Local\Temp will be emptied at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Vyroba\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on źt 04.06.2015 at 15:45:45,66 ======================

Re: cinska nechtena app+ asi malver?

Napsal: 04 čer 2015 14:52
od vyosek
Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Re: cinska nechtena app+ asi malver?

Napsal: 04 čer 2015 15:41
od lalasso
ta cinská věc to nechtěla povolit stáhnout, nešlo to ani přes kabel z telefonu. nakonec to šlo - natáhnout do telefonu a přes drpbox do pc.

log zde, díky

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Vyroba (administrator) on VYROBA-THINK on 04-06-2015 16:37:04
Running from C:\Users\Vyroba\Desktop
Loaded Profiles: UpdatusUser & Vyroba (Available Profiles: UpdatusUser & Vyroba)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
( ) C:\Windows\System32\lmabcoms.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdTray.exe
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
( ) C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Users\Vyroba\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\Vyroba\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Vyroba\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-04-02] (Synaptics Incorporated)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-18] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [283984 2012-04-11] (Lenovo Group Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [LMPSSDMON] => C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe [753664 2010-09-16] ()
HKLM\...\Run: [gpuminer] => C:\Users\Vyroba\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
HKLM\...\Run: [cpuminer] => C:\Windows\system32\cpuminer-gw64.exe
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-03-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-14] (Lenovo, Inc.)
HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4243168 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [baidusdTray] => C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdTray.exe [2526216 2015-06-04] (百度在线网络技术(北京)有限公司)
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTRAY.EXE" /regrun /qqrepair
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\Run: [LMab1err] => C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [582312 2010-09-16] ( )
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe [65536 2015-04-06] ()
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Vyroba\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Vyroba\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\MountPoints2: {b65a3957-7b28-11e4-9f4b-806e6f6e6963} - Q:\LenovoQDrive.exe
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214848 2011-12-24] (NVIDIA Corporation)
Startup: C:\Users\Vyroba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMGCShellExt64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=93320414_hao_pg
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=93320414_hao_pg
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... lz=1I7LENP
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {077FBF26-E038-44AD-B342-CD4DF0A692CD} URL = http://encyklopedie.seznam.cz/search?q= ... arch_16194
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {08603863-20B1-49F9-B594-B40221996625} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {1941D586-5698-4DA3-8074-6B587DDD1713} URL = http://www.novinky.cz/hledej?w={searchT ... arch_16194
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {4292DBBC-9C90-43B8-8470-C32DA43A8BC0} URL = http://www.mapy.cz/?query={searchTerms} ... arch_16194
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {5D2EE464-0558-4813-BB40-6F7CA016B5C7} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... lz=1I7LENP
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {85DA8D87-1AB0-4D01-84AB-14EBC793EDDB} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {A2588574-9E8E-4297-9DB9-F9E5C174A9E3} URL = http://search.seznam.cz/?q={searchTerms ... arch_16194
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {A885C1EF-7D05-4E1E-9EDE-1E5E56879429} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {FEA454C9-C994-41E0-8246-D129080A0687} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TSWebMon64.dat No File
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2013-08-07] (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-10] (Symantec Corporation)
BHO-x32: WebGuardBHO -> {1B2639A9-EE25-4AE7-A2E3-B308F08125C4} -> C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\WebGuardBHO.dll [2015-06-04] (百度在线网络技术(北京)有限公司)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll [2013-08-07] (AuthenTec Inc.)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-10] (Symantec Corporation)
Toolbar: HKLM - TrueSuite Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2013-08-07] (AuthenTec Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - TrueSuite Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll [2013-08-07] (AuthenTec Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll [2013-08-07] (AuthenTec, Inc)
FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\explugin\npBaiduSDDetectPlug.dll [2015-06-04] (百度在线网络技术(北京)有限公司)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\npQMExtensionsMozilla.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-06-14]

Chrome:
=======
CHR Profile: C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-04]
CHR Extension: (Google Docs) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-04]
CHR Extension: (Google Drive) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-04]
CHR Extension: (YouTube) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-04]
CHR Extension: (Google Search) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-04]
CHR Extension: (Google Sheets) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-04]
CHR Extension: (Bookmark Manager) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Google Wallet) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]
CHR Extension: (Gmail) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-04]
CHR HKLM-x32\...\Chrome\Extension: [clglhglbidpdbjffpfcldkifhdegdfle] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2013-04-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [64008 2015-06-04] (百度在线网络技术(北京)有限公司)
R2 BDKVRTP; C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdSvc.exe [805896 2015-06-04] (百度在线网络技术(北京)有限公司)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8447848 2011-11-09] (DisplayLink Corp.)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123392 2013-12-28] (Dassault Systèmes) [File not signed]
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139944 2013-08-07] (AuthenTec, Inc)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-07] ()
R2 Intel(R) Small Business Advantage; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [49376 2012-02-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [163608 2012-03-07] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [175440 2012-04-11] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1048576 2012-09-28] ( ) [File not signed]
R2 lmab_device; C:\Windows\SysWOW64\LMabcoms.exe [593920 2012-09-28] ( ) [File not signed]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-05-15] ()
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401704 2013-07-22] (AuthenTec, Inc.)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-10] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
S3 TAOFrame; "C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TAOFrame.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 bd0001; C:\Windows\SysWOW64\DRIVERS\bd0001.sys [202704 2015-06-04] (Baidu)
R1 bd0002; C:\Windows\SysWOW64\DRIVERS\bd0002.sys [198600 2015-06-04] (Baidu)
R1 bd0003; C:\Windows\System32\DRIVERS\bd0003.sys [69448 2015-06-04] (Baidu)
R1 BDDefense; C:\Windows\System32\drivers\BDDefense.sys [103752 2015-06-04] (Baidu)
R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [62280 2015-06-04] (Baidu)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [174392 2015-06-04] (Tencent Technology(Shenzhen) Company Limited)
S3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-06-04] (电脑管家)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-04] (电脑管家)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R1 bd0004; system32\DRIVERS\bd0004.sys [X]
S2 QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQSysMonX64.sys [X]
S3 TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TS888x64.sys [X]
S1 TSCPM; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\tscpm64.sys [X]
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TsDefenseBT64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 16:37 - 2015-06-04 16:37 - 00029995 _____ C:\Users\Vyroba\Desktop\FRST.txt
2015-06-04 16:36 - 2015-06-04 16:37 - 00000000 ____D C:\FRST
2015-06-04 16:33 - 2015-06-04 16:33 - 00112640 _____ (forum.viry.cz) C:\Users\Vyroba\Desktop\FRSTLauncher.exe
2015-06-04 16:32 - 2015-06-04 16:32 - 00112640 _____ (forum.viry.cz) C:\Users\Vyroba\Desktop\FRSTLauncher (1).exe
2015-06-04 16:30 - 2015-06-04 16:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-06-04 16:24 - 2015-06-04 16:24 - 00112640 _____ (forum.viry.cz) C:\Users\Vyroba\Downloads\Nepotvrzeno 943365.crdownload
2015-06-04 16:23 - 2015-06-04 16:23 - 00000000 _____ C:\Users\Vyroba\Downloads\FRSTLauncher.exe.xalcyl9.partial
2015-06-04 16:01 - 2015-06-04 16:02 - 02108928 _____ (Farbar) C:\Users\Vyroba\Desktop\FRST64.exe
2015-06-04 15:44 - 2015-06-04 15:44 - 00000000 ____D C:\AuthLog
2015-06-04 15:39 - 2015-06-04 15:14 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-06-04 15:17 - 2015-06-04 15:45 - 00015049 _____ C:\zoek-results.log
2015-06-04 15:14 - 2015-06-04 15:36 - 00000000 ____D C:\zoek_backup
2015-06-04 15:14 - 2015-06-04 15:14 - 01308672 _____ C:\Users\Vyroba\Downloads\zoek.exe
2015-06-04 15:14 - 2015-06-04 15:14 - 01308672 _____ C:\Users\Vyroba\Downloads\zoek (1).exe
2015-06-04 15:07 - 2015-06-04 15:07 - 00202704 _____ (Baidu) C:\Windows\SysWOW64\Drivers\bd0001.sys
2015-06-04 15:07 - 2015-06-04 15:07 - 00198600 _____ (Baidu) C:\Windows\SysWOW64\Drivers\bd0002.sys
2015-06-04 14:37 - 2015-06-04 14:47 - 00000000 ____D C:\AdwCleaner
2015-06-04 14:37 - 2015-06-04 14:37 - 02231296 _____ C:\Users\Vyroba\Downloads\adwcleaner_4.206.exe
2015-06-04 14:09 - 2015-06-04 14:10 - 00000000 ____D C:\rsit
2015-06-04 14:09 - 2015-06-04 14:10 - 00000000 ____D C:\Program Files\trend micro
2015-06-04 14:09 - 2015-06-04 14:09 - 01222144 _____ C:\Users\Vyroba\Downloads\RSITx64.exe
2015-06-04 10:29 - 2015-06-04 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-04 10:25 - 2015-06-04 12:37 - 00026874 _____ C:\Users\Vyroba\Desktop\Nmc_2015-06-04_10-25-42.log
2015-06-04 10:25 - 2015-06-04 10:25 - 00000000 ____D C:\Users\Vyroba\AppData\Local\Norman Malware Cleaner
2015-06-04 09:43 - 2015-06-04 09:50 - 350127064 _____ (Norman Shark AS) C:\Users\Vyroba\Desktop\Norman_Malware_Cleaner.exe
2015-06-04 09:26 - 2015-06-04 09:26 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-06-04 09:25 - 2015-06-04 14:49 - 00000000 ____D C:\ProgramData\TXQMPC
2015-06-04 09:20 - 2015-06-04 09:20 - 00000000 ____D C:\Program Files (x86)\Lexmark ScanBack
2015-06-04 09:19 - 2015-06-04 09:20 - 00000000 ____D C:\Program Files\Lexmark ScanBack
2015-06-04 09:18 - 2015-06-04 10:28 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-04 09:18 - 2015-06-04 09:17 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-04 09:18 - 2015-06-04 09:17 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-04 09:18 - 2015-06-04 09:17 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-06-04 09:18 - 2015-06-04 09:17 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-04 09:16 - 2015-06-04 14:49 - 00000000 ____D C:\ProgramData\Tencent
2015-06-04 09:16 - 2015-06-04 09:16 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-06-04 09:13 - 2015-06-04 09:13 - 00000000 ____D C:\Program Files (x86)\BaiduAn4.0
2015-06-04 09:11 - 2015-06-04 09:14 - 00202576 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys_23883
2015-06-04 09:11 - 2015-06-04 09:11 - 00103752 _____ (Baidu) C:\Windows\system32\Drivers\BDDefense.sys
2015-06-04 09:11 - 2015-06-04 09:11 - 00069448 _____ (Baidu) C:\Windows\system32\Drivers\bd0003.sys
2015-06-04 09:11 - 2015-06-04 09:11 - 00062280 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench_x64.sys
2015-06-04 09:11 - 2015-06-04 09:11 - 00000000 ____D C:\ProgramData\BDSReport
2015-06-04 09:11 - 2015-06-04 09:11 - 00000000 ____D C:\Program Files (x86)\BaiduSd4.0
2015-06-04 09:10 - 2015-06-04 15:51 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\Seznam.cz
2015-06-04 09:10 - 2015-06-04 09:10 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\NVIDIA
2015-06-04 09:10 - 2015-06-04 09:10 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-06-04 09:09 - 2015-06-04 16:22 - 00000000 ____D C:\ProgramData\Baidu
2015-06-04 09:09 - 2015-06-04 09:14 - 00000000 ____D C:\Program Files (x86)\baidu
2015-06-04 09:09 - 2015-06-04 09:12 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\Baidu
2015-06-04 09:09 - 2015-06-04 09:09 - 00000000 ____D C:\ProgramData\13606343631502330683
2015-06-04 08:25 - 2015-06-04 08:25 - 00000062 _____ C:\ProgramData\LexFiles.usr
2015-06-04 08:24 - 2015-06-04 08:24 - 00000000 ____D C:\Program Files\Lexmark_HostCD
2015-06-04 08:23 - 2015-06-04 15:46 - 00000532 _____ C:\ProgramData\LMabscan.log
2015-06-04 08:23 - 2012-09-28 09:47 - 00980992 _____ ( ) C:\Windows\system32\lmabpmui.dll
2015-06-04 08:23 - 2012-09-28 09:43 - 01631744 _____ ( ) C:\Windows\system32\lmabserv.dll
2015-06-04 08:23 - 2012-09-28 09:43 - 01463808 _____ ( ) C:\Windows\system32\lmabip1.dll
2015-06-04 08:23 - 2012-09-28 09:41 - 01334784 _____ ( ) C:\Windows\system32\lmabusb1.dll
2015-06-04 08:23 - 2012-09-28 09:40 - 00884224 _____ ( ) C:\Windows\system32\lmablmpm.dll
2015-06-04 08:23 - 2012-09-28 09:40 - 00751104 _____ ( ) C:\Windows\system32\lmabpar1.dll
2015-06-04 08:23 - 2012-09-28 09:40 - 00580608 _____ ( ) C:\Windows\system32\lmabcomm.dll
2015-06-04 08:23 - 2012-09-28 09:40 - 00551936 _____ ( ) C:\Windows\system32\lmabhcp.dll
2015-06-04 08:23 - 2012-09-28 09:39 - 01371648 _____ ( ) C:\Windows\system32\lmabcomc.dll
2015-06-04 08:23 - 2012-09-28 09:39 - 01048576 _____ ( ) C:\Windows\system32\lmabcoms.exe
2015-06-04 08:23 - 2012-09-28 09:39 - 00672768 _____ ( ) C:\Windows\system32\lmabiobj.dll
2015-06-04 08:23 - 2012-09-28 09:39 - 00558592 _____ ( ) C:\Windows\system32\lmabinpa.dll
2015-06-04 08:23 - 2012-09-28 09:39 - 00515584 _____ ( ) C:\Windows\system32\lmabiesc.dll
2015-06-04 08:23 - 2012-09-28 09:10 - 01044480 _____ ( ) C:\Windows\SysWOW64\lmabserv.dll
2015-06-04 08:23 - 2012-09-28 09:08 - 00356352 _____ ( ) C:\Windows\SysWOW64\lmabhcp.dll
2015-06-04 08:23 - 2012-09-28 09:07 - 00802816 _____ ( ) C:\Windows\SysWOW64\lmabcomc.dll
2015-06-04 08:23 - 2012-09-28 09:07 - 00593920 _____ ( ) C:\Windows\SysWOW64\lmabcoms.exe
2015-06-04 08:23 - 2012-09-28 09:07 - 00376832 _____ ( ) C:\Windows\SysWOW64\lmabcomm.dll
2015-06-04 08:23 - 2010-09-16 13:47 - 00079872 _____ (Lexmark International, Inc.) C:\Windows\Lexcfi.dll
2015-06-04 08:23 - 2010-09-16 13:47 - 00020152 _____ C:\Windows\system32\LMabpmui.chm
2015-06-04 08:23 - 2010-09-16 13:47 - 00007953 _____ C:\Windows\SysWOW64\lstyle.css
2015-06-04 08:23 - 2010-09-16 13:47 - 00007953 _____ C:\Windows\system32\lstyle.css
2015-06-04 08:23 - 2010-09-16 13:47 - 00002164 _____ C:\Windows\SysWOW64\lmab.loc
2015-06-04 08:23 - 2010-09-16 13:47 - 00002164 _____ C:\Windows\system32\lmab.loc
2015-06-04 08:23 - 2010-09-16 13:47 - 00001084 _____ C:\Windows\SysWOW64\LMabtwer.html
2015-06-04 08:23 - 2010-09-16 13:47 - 00001084 _____ C:\Windows\system32\LMabtwer.html
2015-06-04 08:20 - 2015-06-04 08:20 - 00000000 ____D C:\Lexmark
2015-06-04 07:46 - 2015-06-04 07:46 - 00011264 _____ C:\Users\Vyroba\Desktop\Docházka alus.xls
2015-06-04 06:57 - 2015-06-04 06:57 - 00000000 ____D C:\Users\Vyroba\AppData\Local\GWX
2015-06-01 14:15 - 2015-06-01 16:26 - 00000000 ____D C:\Users\Vyroba\Desktop\fotky na letak
2015-05-26 10:24 - 2003-12-15 14:49 - 00003160 _____ C:\Users\Vyroba\Desktop\popis.txt
2015-05-26 10:24 - 2003-12-15 08:51 - 02082738 _____ C:\Users\Vyroba\Desktop\Cr-1826x1126-1_2.xcf
2015-05-26 10:23 - 2015-05-26 10:24 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\ZipGenius
2015-05-26 10:23 - 2015-05-26 10:23 - 00000053 _____ C:\Users\Vyroba\AppData\Roaming\mainhst.zgh
2015-05-26 08:52 - 2015-05-26 08:52 - 00000000 ____D C:\Users\Vyroba\Desktop\Databáze
2015-05-22 13:15 - 2015-06-04 10:38 - 00000000 ____D C:\Users\Vyroba\Desktop\alus
2015-05-21 13:21 - 2015-05-21 13:25 - 00000000 ____D C:\Users\Vyroba\Desktop\do stropu
2015-05-20 09:27 - 2015-05-20 09:27 - 00000833 _____ C:\Users\Vyroba\Documents\lexmar.ldc
2015-05-20 09:25 - 2015-06-04 08:32 - 00000000 ____D C:\ProgramData\DriverConfigurations
2015-05-20 09:09 - 2015-06-04 09:20 - 00067757 _____ C:\Windows\system32\LexFiles.ulf
2015-05-20 09:09 - 2015-05-20 09:09 - 00000000 ____D C:\ProgramData\APP
2015-05-20 09:09 - 2015-05-20 09:09 - 00000000 ____D C:\Program Files\Lexmark Status Monitor Center
2015-05-20 09:09 - 2012-10-09 10:17 - 00906752 _____ ( ) C:\Windows\system32\lexlog.dll
2015-05-20 09:09 - 2012-10-09 09:58 - 00446464 _____ ( ) C:\Windows\SysWOW64\lexlog.dll
2015-05-20 09:08 - 2015-05-20 09:21 - 00000000 ____D C:\Program Files (x86)\Lexmark
2015-05-20 09:07 - 2015-06-04 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark
2015-05-20 08:59 - 2015-06-04 08:23 - 00000000 ____D C:\Program Files\Lexmark
2015-05-18 15:33 - 2015-05-18 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZipGenius 6
2015-05-18 15:33 - 2015-05-18 15:33 - 00000000 ____D C:\Program Files (x86)\ZipGenius 6
2015-05-18 14:08 - 2015-05-18 14:01 - 00036615 _____ C:\Users\Vyroba\Desktop\cenik alus spatne.xlsx
2015-05-14 03:01 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:01 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 06:41 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 06:41 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 06:41 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 06:41 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 06:41 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 06:41 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 06:41 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 06:41 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 06:41 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 06:41 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 06:41 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 06:41 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 06:41 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 06:41 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 06:41 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 06:41 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 06:41 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 06:41 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 06:41 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 06:41 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 06:41 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 06:41 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 06:41 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 06:41 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 06:41 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 06:41 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 06:41 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 06:41 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 06:41 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 06:41 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 06:41 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 06:41 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 06:41 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 06:41 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 06:41 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 06:41 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 06:41 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 06:41 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 06:41 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 06:41 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 06:41 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 06:41 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 06:41 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 06:41 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 06:41 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 06:41 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 06:41 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 06:41 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 06:41 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 06:41 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 06:41 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 06:41 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 06:41 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 06:41 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 06:41 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 06:41 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 06:41 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 06:41 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 06:41 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 06:41 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 06:41 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 06:41 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 06:41 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 06:41 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 06:40 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 06:40 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 06:40 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 06:40 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 06:40 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 06:40 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 06:40 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 06:40 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 06:40 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 06:40 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 06:40 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 06:40 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 06:40 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 06:40 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 06:40 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 06:40 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 06:40 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 06:40 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 06:40 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 06:40 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 06:40 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 06:40 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 06:40 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 06:40 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 06:40 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 06:40 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 06:40 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 06:40 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 06:40 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 06:40 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 06:40 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 06:40 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 06:40 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 06:40 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 06:40 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 06:40 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 06:40 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 06:40 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 06:40 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 06:40 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 06:40 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 06:40 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 06:40 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 06:40 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 06:40 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 06:40 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 06:40 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 06:40 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 06:40 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 06:39 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 06:39 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 06:39 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 06:39 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 06:39 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 06:39 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 06:39 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 16:30 - 2009-07-14 06:51 - 00076319 _____ C:\Windows\setupact.log
2015-06-04 15:55 - 2009-07-14 06:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-04 15:55 - 2009-07-14 06:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-04 15:51 - 2012-06-14 08:10 - 01134760 _____ C:\Windows\WindowsUpdate.log
2015-06-04 15:49 - 2012-06-14 08:00 - 00668792 _____ C:\Windows\system32\perfh005.dat
2015-06-04 15:49 - 2012-06-14 08:00 - 00141420 _____ C:\Windows\system32\perfc005.dat
2015-06-04 15:49 - 2009-07-14 07:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-04 15:48 - 2014-12-08 19:04 - 00000000 ___RD C:\Users\Vyroba\Dropbox
2015-06-04 15:47 - 2014-12-08 19:01 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\Dropbox
2015-06-04 15:44 - 2012-06-14 08:15 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-06-04 15:42 - 2010-11-21 05:47 - 00622342 _____ C:\Windows\PFRO.log
2015-06-04 15:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-04 15:17 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\restore
2015-06-04 15:02 - 2015-03-05 08:23 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\LSC
2015-06-04 11:09 - 2012-06-13 15:50 - 00000000 ____D C:\ProgramData\Lenovo
2015-06-04 11:08 - 2012-06-14 08:38 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2015-06-04 11:07 - 2012-06-14 08:28 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-06-04 11:06 - 2012-06-14 08:23 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-06-04 10:27 - 2014-12-15 14:33 - 00000000 ____D C:\Users\Vyroba\AppData\Local\CrashDumps
2015-06-04 09:25 - 2014-12-03 14:24 - 00110512 _____ C:\Users\Vyroba\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-04 09:23 - 2009-07-14 06:45 - 00436656 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-04 09:18 - 2014-12-03 14:24 - 00000000 ____D C:\Users\Vyroba\AppData\Local\VirtualStore
2015-06-04 08:47 - 2012-06-14 08:33 - 00000000 ____D C:\Program Files (x86)\SugarSync
2015-06-04 08:47 - 2012-06-14 08:12 - 00046744 _____ C:\Windows\DPINST.LOG
2015-06-04 06:35 - 2012-06-14 08:15 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-06-02 07:37 - 2015-01-09 15:48 - 00000000 ____D C:\Users\Vyroba\Desktop\toptrans
2015-05-29 14:49 - 2015-01-05 08:29 - 00000000 ____D C:\Users\Vyroba\Desktop\zeplochy
2015-05-27 07:10 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-26 03:10 - 2014-12-03 14:23 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-21 03:16 - 2015-04-08 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-21 03:16 - 2015-04-08 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-20 09:07 - 2012-06-14 08:12 - 00000000 ____D C:\Program Files\DIFX
2015-05-14 04:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-14 03:38 - 2014-12-05 04:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-14 03:38 - 2014-12-05 04:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 03:36 - 2011-12-08 22:03 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-14 03:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-14 03:14 - 2014-12-03 15:16 - 00002154 _____ C:\Windows\epplauncher.mif
2015-05-14 03:13 - 2014-12-03 15:16 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-14 03:13 - 2014-12-03 15:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-14 03:13 - 2014-12-03 15:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-05-14 03:10 - 2014-12-08 18:30 - 00000000 ____D C:\Windows\system32\MRT
2015-05-14 03:04 - 2014-12-08 18:30 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 03:01 - 2014-12-05 04:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 09:59 - 2014-12-15 14:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 06:18 - 2014-12-08 19:04 - 00000993 _____ C:\Users\Vyroba\Desktop\Dropbox.lnk
2015-05-13 06:18 - 2014-12-08 19:03 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2014-12-03 14:23 - 2014-12-08 18:50 - 0006454 _____ () C:\Users\Vyroba\AppData\Roaming\AbsoluteReminder.xml
2015-05-26 10:23 - 2015-05-26 10:23 - 0000053 _____ () C:\Users\Vyroba\AppData\Roaming\mainhst.zgh
2015-06-04 08:25 - 2015-06-04 08:25 - 0000062 _____ () C:\ProgramData\LexFiles.usr
2015-06-04 08:23 - 2015-06-04 15:46 - 0000532 _____ () C:\ProgramData\LMabscan.log

Some files in TEMP:
====================
C:\Users\Vyroba\AppData\Local\Temp\BDABrowserProtectUnInstall.exe
C:\Users\Vyroba\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpusy72n.dll


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: 百度杀毒 (Enabled - Up to date) {A0BA42DE-CEEF-6540-B05E-CF5AFC47A572}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: 百度杀毒 (Enabled - Up to date) {1BDBA33A-E8D5-6ACE-8AEE-F42887C0EFCF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Vyroba\Desktop" je 2766 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: cinska nechtena app+ asi malver?

Napsal: 04 čer 2015 15:41
od lalasso
ta cinská věc to nechtěla povolit stáhnout, nešlo to ani přes kabel z telefonu. nakonec to šlo - natáhnout do telefonu a přes drpbox do pc.

log zde, díky

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Vyroba (administrator) on VYROBA-THINK on 04-06-2015 16:37:04
Running from C:\Users\Vyroba\Desktop
Loaded Profiles: UpdatusUser & Vyroba (Available Profiles: UpdatusUser & Vyroba)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
( ) C:\Windows\System32\lmabcoms.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdTray.exe
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
( ) C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Users\Vyroba\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\Vyroba\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Vyroba\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-04-02] (Synaptics Incorporated)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-18] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [283984 2012-04-11] (Lenovo Group Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [LMPSSDMON] => C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe [753664 2010-09-16] ()
HKLM\...\Run: [gpuminer] => C:\Users\Vyroba\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
HKLM\...\Run: [cpuminer] => C:\Windows\system32\cpuminer-gw64.exe
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-03-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-14] (Lenovo, Inc.)
HKLM-x32\...\Run: [IntelSBA] => C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe [4243168 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [baidusdTray] => C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdTray.exe [2526216 2015-06-04] (百度在线网络技术(北京)有限公司)
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTRAY.EXE" /regrun /qqrepair
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\Run: [LMab1err] => C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [582312 2010-09-16] ( )
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe [65536 2015-04-06] ()
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Vyroba\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Vyroba\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\MountPoints2: {b65a3957-7b28-11e4-9f4b-806e6f6e6963} - Q:\LenovoQDrive.exe
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214848 2011-12-24] (NVIDIA Corporation)
Startup: C:\Users\Vyroba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMGCShellExt64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=93320414_hao_pg
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=93320414_hao_pg
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... lz=1I7LENP
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {077FBF26-E038-44AD-B342-CD4DF0A692CD} URL = http://encyklopedie.seznam.cz/search?q= ... arch_16194
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {08603863-20B1-49F9-B594-B40221996625} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {1941D586-5698-4DA3-8074-6B587DDD1713} URL = http://www.novinky.cz/hledej?w={searchT ... arch_16194
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {4292DBBC-9C90-43B8-8470-C32DA43A8BC0} URL = http://www.mapy.cz/?query={searchTerms} ... arch_16194
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {5D2EE464-0558-4813-BB40-6F7CA016B5C7} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... lz=1I7LENP
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {85DA8D87-1AB0-4D01-84AB-14EBC793EDDB} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {A2588574-9E8E-4297-9DB9-F9E5C174A9E3} URL = http://search.seznam.cz/?q={searchTerms ... arch_16194
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {A885C1EF-7D05-4E1E-9EDE-1E5E56879429} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {FEA454C9-C994-41E0-8246-D129080A0687} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TSWebMon64.dat No File
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2013-08-07] (AuthenTec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-10] (Symantec Corporation)
BHO-x32: WebGuardBHO -> {1B2639A9-EE25-4AE7-A2E3-B308F08125C4} -> C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\WebGuardBHO.dll [2015-06-04] (百度在线网络技术(北京)有限公司)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll [2013-08-07] (AuthenTec Inc.)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-10] (Symantec Corporation)
Toolbar: HKLM - TrueSuite Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2013-08-07] (AuthenTec Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - TrueSuite Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll [2013-08-07] (AuthenTec Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\Lenovo Fingerprint Reader\npffwloplugin.dll [2013-08-07] (AuthenTec, Inc)
FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\explugin\npBaiduSDDetectPlug.dll [2015-06-04] (百度在线网络技术(北京)有限公司)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\npQMExtensionsMozilla.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-06-14]

Chrome:
=======
CHR Profile: C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-04]
CHR Extension: (Google Docs) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-04]
CHR Extension: (Google Drive) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-04]
CHR Extension: (YouTube) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-04]
CHR Extension: (Google Search) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-04]
CHR Extension: (Google Sheets) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-04]
CHR Extension: (Bookmark Manager) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Google Wallet) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]
CHR Extension: (Gmail) - C:\Users\Vyroba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-04]
CHR HKLM-x32\...\Chrome\Extension: [clglhglbidpdbjffpfcldkifhdegdfle] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2013-04-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [64008 2015-06-04] (百度在线网络技术(北京)有限公司)
R2 BDKVRTP; C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdSvc.exe [805896 2015-06-04] (百度在线网络技术(北京)有限公司)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8447848 2011-11-09] (DisplayLink Corp.)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123392 2013-12-28] (Dassault Systèmes) [File not signed]
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [2139944 2013-08-07] (AuthenTec, Inc)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-07] ()
R2 Intel(R) Small Business Advantage; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [49376 2012-02-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [163608 2012-03-07] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [175440 2012-04-11] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1048576 2012-09-28] ( ) [File not signed]
R2 lmab_device; C:\Windows\SysWOW64\LMabcoms.exe [593920 2012-09-28] ( ) [File not signed]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-05-15] ()
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401704 2013-07-22] (AuthenTec, Inc.)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-10] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
S3 TAOFrame; "C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TAOFrame.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 bd0001; C:\Windows\SysWOW64\DRIVERS\bd0001.sys [202704 2015-06-04] (Baidu)
R1 bd0002; C:\Windows\SysWOW64\DRIVERS\bd0002.sys [198600 2015-06-04] (Baidu)
R1 bd0003; C:\Windows\System32\DRIVERS\bd0003.sys [69448 2015-06-04] (Baidu)
R1 BDDefense; C:\Windows\System32\drivers\BDDefense.sys [103752 2015-06-04] (Baidu)
R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [62280 2015-06-04] (Baidu)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [174392 2015-06-04] (Tencent Technology(Shenzhen) Company Limited)
S3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-06-04] (电脑管家)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-04] (电脑管家)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R1 bd0004; system32\DRIVERS\bd0004.sys [X]
S2 QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQSysMonX64.sys [X]
S3 TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TS888x64.sys [X]
S1 TSCPM; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\tscpm64.sys [X]
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TsDefenseBT64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 16:37 - 2015-06-04 16:37 - 00029995 _____ C:\Users\Vyroba\Desktop\FRST.txt
2015-06-04 16:36 - 2015-06-04 16:37 - 00000000 ____D C:\FRST
2015-06-04 16:33 - 2015-06-04 16:33 - 00112640 _____ (forum.viry.cz) C:\Users\Vyroba\Desktop\FRSTLauncher.exe
2015-06-04 16:32 - 2015-06-04 16:32 - 00112640 _____ (forum.viry.cz) C:\Users\Vyroba\Desktop\FRSTLauncher (1).exe
2015-06-04 16:30 - 2015-06-04 16:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-06-04 16:24 - 2015-06-04 16:24 - 00112640 _____ (forum.viry.cz) C:\Users\Vyroba\Downloads\Nepotvrzeno 943365.crdownload
2015-06-04 16:23 - 2015-06-04 16:23 - 00000000 _____ C:\Users\Vyroba\Downloads\FRSTLauncher.exe.xalcyl9.partial
2015-06-04 16:01 - 2015-06-04 16:02 - 02108928 _____ (Farbar) C:\Users\Vyroba\Desktop\FRST64.exe
2015-06-04 15:44 - 2015-06-04 15:44 - 00000000 ____D C:\AuthLog
2015-06-04 15:39 - 2015-06-04 15:14 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-06-04 15:17 - 2015-06-04 15:45 - 00015049 _____ C:\zoek-results.log
2015-06-04 15:14 - 2015-06-04 15:36 - 00000000 ____D C:\zoek_backup
2015-06-04 15:14 - 2015-06-04 15:14 - 01308672 _____ C:\Users\Vyroba\Downloads\zoek.exe
2015-06-04 15:14 - 2015-06-04 15:14 - 01308672 _____ C:\Users\Vyroba\Downloads\zoek (1).exe
2015-06-04 15:07 - 2015-06-04 15:07 - 00202704 _____ (Baidu) C:\Windows\SysWOW64\Drivers\bd0001.sys
2015-06-04 15:07 - 2015-06-04 15:07 - 00198600 _____ (Baidu) C:\Windows\SysWOW64\Drivers\bd0002.sys
2015-06-04 14:37 - 2015-06-04 14:47 - 00000000 ____D C:\AdwCleaner
2015-06-04 14:37 - 2015-06-04 14:37 - 02231296 _____ C:\Users\Vyroba\Downloads\adwcleaner_4.206.exe
2015-06-04 14:09 - 2015-06-04 14:10 - 00000000 ____D C:\rsit
2015-06-04 14:09 - 2015-06-04 14:10 - 00000000 ____D C:\Program Files\trend micro
2015-06-04 14:09 - 2015-06-04 14:09 - 01222144 _____ C:\Users\Vyroba\Downloads\RSITx64.exe
2015-06-04 10:29 - 2015-06-04 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-04 10:25 - 2015-06-04 12:37 - 00026874 _____ C:\Users\Vyroba\Desktop\Nmc_2015-06-04_10-25-42.log
2015-06-04 10:25 - 2015-06-04 10:25 - 00000000 ____D C:\Users\Vyroba\AppData\Local\Norman Malware Cleaner
2015-06-04 09:43 - 2015-06-04 09:50 - 350127064 _____ (Norman Shark AS) C:\Users\Vyroba\Desktop\Norman_Malware_Cleaner.exe
2015-06-04 09:26 - 2015-06-04 09:26 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-06-04 09:25 - 2015-06-04 14:49 - 00000000 ____D C:\ProgramData\TXQMPC
2015-06-04 09:20 - 2015-06-04 09:20 - 00000000 ____D C:\Program Files (x86)\Lexmark ScanBack
2015-06-04 09:19 - 2015-06-04 09:20 - 00000000 ____D C:\Program Files\Lexmark ScanBack
2015-06-04 09:18 - 2015-06-04 10:28 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-04 09:18 - 2015-06-04 09:17 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-04 09:18 - 2015-06-04 09:17 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-04 09:18 - 2015-06-04 09:17 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-06-04 09:18 - 2015-06-04 09:17 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-04 09:16 - 2015-06-04 14:49 - 00000000 ____D C:\ProgramData\Tencent
2015-06-04 09:16 - 2015-06-04 09:16 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-06-04 09:13 - 2015-06-04 09:13 - 00000000 ____D C:\Program Files (x86)\BaiduAn4.0
2015-06-04 09:11 - 2015-06-04 09:14 - 00202576 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys_23883
2015-06-04 09:11 - 2015-06-04 09:11 - 00103752 _____ (Baidu) C:\Windows\system32\Drivers\BDDefense.sys
2015-06-04 09:11 - 2015-06-04 09:11 - 00069448 _____ (Baidu) C:\Windows\system32\Drivers\bd0003.sys
2015-06-04 09:11 - 2015-06-04 09:11 - 00062280 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench_x64.sys
2015-06-04 09:11 - 2015-06-04 09:11 - 00000000 ____D C:\ProgramData\BDSReport
2015-06-04 09:11 - 2015-06-04 09:11 - 00000000 ____D C:\Program Files (x86)\BaiduSd4.0
2015-06-04 09:10 - 2015-06-04 15:51 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\Seznam.cz
2015-06-04 09:10 - 2015-06-04 09:10 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\NVIDIA
2015-06-04 09:10 - 2015-06-04 09:10 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-06-04 09:09 - 2015-06-04 16:22 - 00000000 ____D C:\ProgramData\Baidu
2015-06-04 09:09 - 2015-06-04 09:14 - 00000000 ____D C:\Program Files (x86)\baidu
2015-06-04 09:09 - 2015-06-04 09:12 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\Baidu
2015-06-04 09:09 - 2015-06-04 09:09 - 00000000 ____D C:\ProgramData\13606343631502330683
2015-06-04 08:25 - 2015-06-04 08:25 - 00000062 _____ C:\ProgramData\LexFiles.usr
2015-06-04 08:24 - 2015-06-04 08:24 - 00000000 ____D C:\Program Files\Lexmark_HostCD
2015-06-04 08:23 - 2015-06-04 15:46 - 00000532 _____ C:\ProgramData\LMabscan.log
2015-06-04 08:23 - 2012-09-28 09:47 - 00980992 _____ ( ) C:\Windows\system32\lmabpmui.dll
2015-06-04 08:23 - 2012-09-28 09:43 - 01631744 _____ ( ) C:\Windows\system32\lmabserv.dll
2015-06-04 08:23 - 2012-09-28 09:43 - 01463808 _____ ( ) C:\Windows\system32\lmabip1.dll
2015-06-04 08:23 - 2012-09-28 09:41 - 01334784 _____ ( ) C:\Windows\system32\lmabusb1.dll
2015-06-04 08:23 - 2012-09-28 09:40 - 00884224 _____ ( ) C:\Windows\system32\lmablmpm.dll
2015-06-04 08:23 - 2012-09-28 09:40 - 00751104 _____ ( ) C:\Windows\system32\lmabpar1.dll
2015-06-04 08:23 - 2012-09-28 09:40 - 00580608 _____ ( ) C:\Windows\system32\lmabcomm.dll
2015-06-04 08:23 - 2012-09-28 09:40 - 00551936 _____ ( ) C:\Windows\system32\lmabhcp.dll
2015-06-04 08:23 - 2012-09-28 09:39 - 01371648 _____ ( ) C:\Windows\system32\lmabcomc.dll
2015-06-04 08:23 - 2012-09-28 09:39 - 01048576 _____ ( ) C:\Windows\system32\lmabcoms.exe
2015-06-04 08:23 - 2012-09-28 09:39 - 00672768 _____ ( ) C:\Windows\system32\lmabiobj.dll
2015-06-04 08:23 - 2012-09-28 09:39 - 00558592 _____ ( ) C:\Windows\system32\lmabinpa.dll
2015-06-04 08:23 - 2012-09-28 09:39 - 00515584 _____ ( ) C:\Windows\system32\lmabiesc.dll
2015-06-04 08:23 - 2012-09-28 09:10 - 01044480 _____ ( ) C:\Windows\SysWOW64\lmabserv.dll
2015-06-04 08:23 - 2012-09-28 09:08 - 00356352 _____ ( ) C:\Windows\SysWOW64\lmabhcp.dll
2015-06-04 08:23 - 2012-09-28 09:07 - 00802816 _____ ( ) C:\Windows\SysWOW64\lmabcomc.dll
2015-06-04 08:23 - 2012-09-28 09:07 - 00593920 _____ ( ) C:\Windows\SysWOW64\lmabcoms.exe
2015-06-04 08:23 - 2012-09-28 09:07 - 00376832 _____ ( ) C:\Windows\SysWOW64\lmabcomm.dll
2015-06-04 08:23 - 2010-09-16 13:47 - 00079872 _____ (Lexmark International, Inc.) C:\Windows\Lexcfi.dll
2015-06-04 08:23 - 2010-09-16 13:47 - 00020152 _____ C:\Windows\system32\LMabpmui.chm
2015-06-04 08:23 - 2010-09-16 13:47 - 00007953 _____ C:\Windows\SysWOW64\lstyle.css
2015-06-04 08:23 - 2010-09-16 13:47 - 00007953 _____ C:\Windows\system32\lstyle.css
2015-06-04 08:23 - 2010-09-16 13:47 - 00002164 _____ C:\Windows\SysWOW64\lmab.loc
2015-06-04 08:23 - 2010-09-16 13:47 - 00002164 _____ C:\Windows\system32\lmab.loc
2015-06-04 08:23 - 2010-09-16 13:47 - 00001084 _____ C:\Windows\SysWOW64\LMabtwer.html
2015-06-04 08:23 - 2010-09-16 13:47 - 00001084 _____ C:\Windows\system32\LMabtwer.html
2015-06-04 08:20 - 2015-06-04 08:20 - 00000000 ____D C:\Lexmark
2015-06-04 07:46 - 2015-06-04 07:46 - 00011264 _____ C:\Users\Vyroba\Desktop\Docházka alus.xls
2015-06-04 06:57 - 2015-06-04 06:57 - 00000000 ____D C:\Users\Vyroba\AppData\Local\GWX
2015-06-01 14:15 - 2015-06-01 16:26 - 00000000 ____D C:\Users\Vyroba\Desktop\fotky na letak
2015-05-26 10:24 - 2003-12-15 14:49 - 00003160 _____ C:\Users\Vyroba\Desktop\popis.txt
2015-05-26 10:24 - 2003-12-15 08:51 - 02082738 _____ C:\Users\Vyroba\Desktop\Cr-1826x1126-1_2.xcf
2015-05-26 10:23 - 2015-05-26 10:24 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\ZipGenius
2015-05-26 10:23 - 2015-05-26 10:23 - 00000053 _____ C:\Users\Vyroba\AppData\Roaming\mainhst.zgh
2015-05-26 08:52 - 2015-05-26 08:52 - 00000000 ____D C:\Users\Vyroba\Desktop\Databáze
2015-05-22 13:15 - 2015-06-04 10:38 - 00000000 ____D C:\Users\Vyroba\Desktop\alus
2015-05-21 13:21 - 2015-05-21 13:25 - 00000000 ____D C:\Users\Vyroba\Desktop\do stropu
2015-05-20 09:27 - 2015-05-20 09:27 - 00000833 _____ C:\Users\Vyroba\Documents\lexmar.ldc
2015-05-20 09:25 - 2015-06-04 08:32 - 00000000 ____D C:\ProgramData\DriverConfigurations
2015-05-20 09:09 - 2015-06-04 09:20 - 00067757 _____ C:\Windows\system32\LexFiles.ulf
2015-05-20 09:09 - 2015-05-20 09:09 - 00000000 ____D C:\ProgramData\APP
2015-05-20 09:09 - 2015-05-20 09:09 - 00000000 ____D C:\Program Files\Lexmark Status Monitor Center
2015-05-20 09:09 - 2012-10-09 10:17 - 00906752 _____ ( ) C:\Windows\system32\lexlog.dll
2015-05-20 09:09 - 2012-10-09 09:58 - 00446464 _____ ( ) C:\Windows\SysWOW64\lexlog.dll
2015-05-20 09:08 - 2015-05-20 09:21 - 00000000 ____D C:\Program Files (x86)\Lexmark
2015-05-20 09:07 - 2015-06-04 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark
2015-05-20 08:59 - 2015-06-04 08:23 - 00000000 ____D C:\Program Files\Lexmark
2015-05-18 15:33 - 2015-05-18 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZipGenius 6
2015-05-18 15:33 - 2015-05-18 15:33 - 00000000 ____D C:\Program Files (x86)\ZipGenius 6
2015-05-18 14:08 - 2015-05-18 14:01 - 00036615 _____ C:\Users\Vyroba\Desktop\cenik alus spatne.xlsx
2015-05-14 03:01 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:01 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 06:41 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 06:41 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 06:41 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 06:41 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 06:41 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 06:41 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 06:41 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 06:41 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 06:41 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 06:41 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 06:41 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 06:41 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 06:41 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 06:41 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 06:41 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 06:41 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 06:41 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 06:41 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 06:41 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 06:41 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 06:41 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 06:41 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 06:41 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 06:41 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 06:41 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 06:41 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 06:41 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 06:41 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 06:41 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 06:41 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 06:41 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 06:41 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 06:41 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 06:41 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 06:41 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 06:41 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 06:41 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 06:41 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 06:41 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 06:41 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 06:41 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 06:41 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 06:41 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 06:41 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 06:41 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 06:41 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 06:41 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 06:41 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 06:41 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 06:41 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 06:41 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 06:41 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 06:41 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 06:41 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 06:41 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 06:41 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 06:41 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 06:41 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 06:41 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 06:41 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 06:41 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 06:41 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 06:41 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 06:41 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 06:40 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 06:40 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 06:40 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 06:40 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 06:40 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 06:40 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 06:40 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 06:40 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 06:40 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 06:40 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 06:40 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 06:40 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 06:40 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 06:40 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 06:40 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 06:40 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 06:40 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 06:40 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 06:40 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 06:40 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 06:40 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 06:40 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 06:40 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 06:40 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 06:40 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 06:40 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 06:40 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 06:40 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 06:40 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 06:40 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 06:40 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 06:40 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 06:40 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 06:40 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 06:40 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 06:40 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 06:40 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 06:40 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 06:40 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 06:40 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 06:40 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 06:40 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 06:40 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 06:40 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 06:40 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 06:40 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 06:40 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 06:40 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 06:40 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 06:40 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 06:40 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 06:40 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 06:39 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 06:39 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 06:39 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 06:39 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 06:39 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 06:39 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 06:39 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 16:30 - 2009-07-14 06:51 - 00076319 _____ C:\Windows\setupact.log
2015-06-04 15:55 - 2009-07-14 06:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-04 15:55 - 2009-07-14 06:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-04 15:51 - 2012-06-14 08:10 - 01134760 _____ C:\Windows\WindowsUpdate.log
2015-06-04 15:49 - 2012-06-14 08:00 - 00668792 _____ C:\Windows\system32\perfh005.dat
2015-06-04 15:49 - 2012-06-14 08:00 - 00141420 _____ C:\Windows\system32\perfc005.dat
2015-06-04 15:49 - 2009-07-14 07:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-04 15:48 - 2014-12-08 19:04 - 00000000 ___RD C:\Users\Vyroba\Dropbox
2015-06-04 15:47 - 2014-12-08 19:01 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\Dropbox
2015-06-04 15:44 - 2012-06-14 08:15 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-06-04 15:42 - 2010-11-21 05:47 - 00622342 _____ C:\Windows\PFRO.log
2015-06-04 15:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-04 15:17 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\restore
2015-06-04 15:02 - 2015-03-05 08:23 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\LSC
2015-06-04 11:09 - 2012-06-13 15:50 - 00000000 ____D C:\ProgramData\Lenovo
2015-06-04 11:08 - 2012-06-14 08:38 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2015-06-04 11:07 - 2012-06-14 08:28 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-06-04 11:06 - 2012-06-14 08:23 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-06-04 10:27 - 2014-12-15 14:33 - 00000000 ____D C:\Users\Vyroba\AppData\Local\CrashDumps
2015-06-04 09:25 - 2014-12-03 14:24 - 00110512 _____ C:\Users\Vyroba\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-04 09:23 - 2009-07-14 06:45 - 00436656 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-04 09:18 - 2014-12-03 14:24 - 00000000 ____D C:\Users\Vyroba\AppData\Local\VirtualStore
2015-06-04 08:47 - 2012-06-14 08:33 - 00000000 ____D C:\Program Files (x86)\SugarSync
2015-06-04 08:47 - 2012-06-14 08:12 - 00046744 _____ C:\Windows\DPINST.LOG
2015-06-04 06:35 - 2012-06-14 08:15 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-06-02 07:37 - 2015-01-09 15:48 - 00000000 ____D C:\Users\Vyroba\Desktop\toptrans
2015-05-29 14:49 - 2015-01-05 08:29 - 00000000 ____D C:\Users\Vyroba\Desktop\zeplochy
2015-05-27 07:10 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-26 03:10 - 2014-12-03 14:23 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-21 03:16 - 2015-04-08 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-21 03:16 - 2015-04-08 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-20 09:07 - 2012-06-14 08:12 - 00000000 ____D C:\Program Files\DIFX
2015-05-14 04:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-14 03:38 - 2014-12-05 04:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-14 03:38 - 2014-12-05 04:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 03:36 - 2011-12-08 22:03 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-14 03:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-14 03:14 - 2014-12-03 15:16 - 00002154 _____ C:\Windows\epplauncher.mif
2015-05-14 03:13 - 2014-12-03 15:16 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-14 03:13 - 2014-12-03 15:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-14 03:13 - 2014-12-03 15:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-05-14 03:10 - 2014-12-08 18:30 - 00000000 ____D C:\Windows\system32\MRT
2015-05-14 03:04 - 2014-12-08 18:30 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 03:01 - 2014-12-05 04:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 09:59 - 2014-12-15 14:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 06:18 - 2014-12-08 19:04 - 00000993 _____ C:\Users\Vyroba\Desktop\Dropbox.lnk
2015-05-13 06:18 - 2014-12-08 19:03 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2014-12-03 14:23 - 2014-12-08 18:50 - 0006454 _____ () C:\Users\Vyroba\AppData\Roaming\AbsoluteReminder.xml
2015-05-26 10:23 - 2015-05-26 10:23 - 0000053 _____ () C:\Users\Vyroba\AppData\Roaming\mainhst.zgh
2015-06-04 08:25 - 2015-06-04 08:25 - 0000062 _____ () C:\ProgramData\LexFiles.usr
2015-06-04 08:23 - 2015-06-04 15:46 - 0000532 _____ () C:\ProgramData\LMabscan.log

Some files in TEMP:
====================
C:\Users\Vyroba\AppData\Local\Temp\BDABrowserProtectUnInstall.exe
C:\Users\Vyroba\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpusy72n.dll


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: 百度杀毒 (Enabled - Up to date) {A0BA42DE-CEEF-6540-B05E-CF5AFC47A572}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: 百度杀毒 (Enabled - Up to date) {1BDBA33A-E8D5-6ACE-8AEE-F42887C0EFCF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Vyroba\Desktop" je 2766 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: cinska nechtena app+ asi malver?

Napsal: 04 čer 2015 17:09
od vyosek
:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [] => [X]
HKLM\...\Run: [gpuminer] => C:\Users\Vyroba\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
HKLM\...\Run: [cpuminer] => C:\Windows\system32\cpuminer-gw64.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [baidusdTray] => C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdTray.exe [2526216 2015-06-04] (百度在线网络技术(北京)有限公司)
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTRAY.EXE" /regrun /qqrepair
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe [65536 2015-04-06] ()
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Vyroba\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Vyroba\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\MountPoints2: {b65a3957-7b28-11e4-9f4b-806e6f6e6963} - Q:\LenovoQDrive.exe
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMGCShellExt64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=93320414_hao_pg
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=93320414_hao_pg
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TSWebMon64.dat No File
BHO-x32: WebGuardBHO -> {1B2639A9-EE25-4AE7-A2E3-B308F08125C4} -> C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\WebGuardBHO.dll [2015-06-04] (百度在线网络技术(北京)有限公司)

FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\explugin\npBaiduSDDetectPlug.dll [2015-06-04] (百度在线网络技术(北京)有限公司)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\npQMExtensionsMozilla.dll No File

R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [64008 2015-06-04] (百度在线网络技术(北京)有限公司)
R2 BDKVRTP; C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdSvc.exe [805896 2015-06-04] (百度在线网络技术(北京)有限公司)
S3 TAOFrame; "C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TAOFrame.exe" [X]
R1 bd0001; C:\Windows\SysWOW64\DRIVERS\bd0001.sys [202704 2015-06-04] (Baidu)
R1 bd0002; C:\Windows\SysWOW64\DRIVERS\bd0002.sys [198600 2015-06-04] (Baidu)
R1 bd0003; C:\Windows\System32\DRIVERS\bd0003.sys [69448 2015-06-04] (Baidu)
R1 BDDefense; C:\Windows\System32\drivers\BDDefense.sys [103752 2015-06-04] (Baidu)
R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [62280 2015-06-04] (Baidu)
S3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-06-04] (电脑管家)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-04] (电脑管家)
R1 bd0004; system32\DRIVERS\bd0004.sys [X]
S2 QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQSysMonX64.sys [X]
S3 TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TS888x64.sys [X]
S1 TSCPM; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\tscpm64.sys [X]
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TsDefenseBT64.sys [X]

C:\Program Files (x86)\Common Files\Baidu
C:\Program Files (x86)\BaiduSd4.0
C:\Program Files (x86)\Tencent
C:\Program Files (x86)\baidu
C:\Users\Vyroba\AppData\Roaming\cpuminer
C:\Windows\system32\cpuminer-gw64.exe
2015-06-04 16:37 - 2015-06-04 16:37 - 00029995 _____ C:\Users\Vyroba\Desktop\FRST.txt
2015-06-04 16:33 - 2015-06-04 16:33 - 00112640 _____ (forum.viry.cz) C:\Users\Vyroba\Desktop\FRSTLauncher.exe
2015-06-04 16:32 - 2015-06-04 16:32 - 00112640 _____ (forum.viry.cz) C:\Users\Vyroba\Desktop\FRSTLauncher (1).exe
2015-06-04 16:24 - 2015-06-04 16:24 - 00112640 _____ (forum.viry.cz) C:\Users\Vyroba\Downloads\Nepotvrzeno 943365.crdownload
2015-06-04 16:23 - 2015-06-04 16:23 - 00000000 _____ C:\Users\Vyroba\Downloads\FRSTLauncher.exe.xalcyl9.partial
2015-06-04 15:39 - 2015-06-04 15:14 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-06-04 15:17 - 2015-06-04 15:45 - 00015049 _____ C:\zoek-results.log
2015-06-04 15:14 - 2015-06-04 15:36 - 00000000 ____D C:\zoek_backup
2015-06-04 15:14 - 2015-06-04 15:14 - 01308672 _____ C:\Users\Vyroba\Downloads\zoek.exe
2015-06-04 15:14 - 2015-06-04 15:14 - 01308672 _____ C:\Users\Vyroba\Downloads\zoek (1).exe
2015-06-04 15:07 - 2015-06-04 15:07 - 00202704 _____ (Baidu) C:\Windows\SysWOW64\Drivers\bd0001.sys
2015-06-04 15:07 - 2015-06-04 15:07 - 00198600 _____ (Baidu) C:\Windows\SysWOW64\Drivers\bd0002.sys
2015-06-04 14:37 - 2015-06-04 14:47 - 00000000 ____D C:\AdwCleaner
2015-06-04 14:37 - 2015-06-04 14:37 - 02231296 _____ C:\Users\Vyroba\Downloads\adwcleaner_4.206.exe
2015-06-04 14:09 - 2015-06-04 14:10 - 00000000 ____D C:\rsit
2015-06-04 14:09 - 2015-06-04 14:10 - 00000000 ____D C:\Program Files\trend micro
2015-06-04 14:09 - 2015-06-04 14:09 - 01222144 _____ C:\Users\Vyroba\Downloads\RSITx64.exe
2015-06-04 10:29 - 2015-06-04 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-04 10:25 - 2015-06-04 12:37 - 00026874 _____ C:\Users\Vyroba\Desktop\Nmc_2015-06-04_10-25-42.log
2015-06-04 10:25 - 2015-06-04 10:25 - 00000000 ____D C:\Users\Vyroba\AppData\Local\Norman Malware Cleaner
2015-06-04 09:43 - 2015-06-04 09:50 - 350127064 _____ (Norman Shark AS) C:\Users\Vyroba\Desktop\Norman_Malware_Cleaner.exe
2015-06-04 09:26 - 2015-06-04 09:26 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-06-04 09:25 - 2015-06-04 14:49 - 00000000 ____D C:\ProgramData\TXQMPC
2015-06-04 09:20 - 2015-06-04 09:20 - 00000000 ____D C:\Program Files (x86)\Lexmark ScanBack
2015-06-04 09:19 - 2015-06-04 09:20 - 00000000 ____D C:\Program Files\Lexmark ScanBack
2015-06-04 09:18 - 2015-06-04 10:28 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-06-04 09:18 - 2015-06-04 09:17 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-04 09:18 - 2015-06-04 09:17 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-04 09:18 - 2015-06-04 09:17 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-06-04 09:18 - 2015-06-04 09:17 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-04 09:16 - 2015-06-04 14:49 - 00000000 ____D C:\ProgramData\Tencent
2015-06-04 09:16 - 2015-06-04 09:16 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-06-04 09:13 - 2015-06-04 09:13 - 00000000 ____D C:\Program Files (x86)\BaiduAn4.0
2015-06-04 09:11 - 2015-06-04 09:14 - 00202576 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys_23883
2015-06-04 09:11 - 2015-06-04 09:11 - 00103752 _____ (Baidu) C:\Windows\system32\Drivers\BDDefense.sys
2015-06-04 09:11 - 2015-06-04 09:11 - 00069448 _____ (Baidu) C:\Windows\system32\Drivers\bd0003.sys
2015-06-04 09:11 - 2015-06-04 09:11 - 00062280 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench_x64.sys
2015-06-04 09:11 - 2015-06-04 09:11 - 00000000 ____D C:\ProgramData\BDSReport
2015-06-04 09:11 - 2015-06-04 09:11 - 00000000 ____D C:\Program Files (x86)\BaiduSd4.0
2015-06-04 09:09 - 2015-06-04 16:22 - 00000000 ____D C:\ProgramData\Baidu
2015-06-04 09:09 - 2015-06-04 09:14 - 00000000 ____D C:\Program Files (x86)\baidu
2015-06-04 09:09 - 2015-06-04 09:12 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\Baidu
2015-06-04 09:09 - 2015-06-04 09:09 - 00000000 ____D C:\ProgramData\13606343631502330683
2015-06-04 08:25 - 2015-06-04 08:25 - 00000062 _____ C:\ProgramData\LexFiles.usr
2015-06-04 08:24 - 2015-06-04 08:24 - 00000000 ____D C:\Program Files\Lexmark_HostCD
2015-06-04 08:23 - 2015-06-04 15:46 - 00000532 _____ C:\ProgramData\LMabscan.log
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

AV: 百度杀毒 (Enabled - Up to date) {A0BA42DE-CEEF-6540-B05E-CF5AFC47A572}
AS: 百度杀毒 (Enabled - Up to date) {1BDBA33A-E8D5-6ACE-8AEE-F42887C0EFCF}

Hosts:
EmptyTemp:
Reboot:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt

Re: cinska nechtena app+ asi malver?

Napsal: 04 čer 2015 17:47
od lalasso
zdá se to ok, už nevyskakují okna v čínštině

log zde:

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Vyroba at 2015-06-04 18:31:29 Run:1
Running from C:\Users\Vyroba\Desktop
Loaded Profiles: UpdatusUser & Vyroba (Available Profiles: UpdatusUser & Vyroba)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [] => [X]
HKLM\...\Run: [gpuminer] => C:\Users\Vyroba\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
HKLM\...\Run: [cpuminer] => C:\Windows\system32\cpuminer-gw64.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [baidusdTray] => C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdTray.exe [2526216 2015-06-04] (????????(??)????)
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQPCTRAY.EXE" /regrun /qqrepair
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe [65536 2015-04-06] ()
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Vyroba\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Vyroba\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\...\MountPoints2: {b65a3957-7b28-11e4-9f4b-806e6f6e6963} - Q:\LenovoQDrive.exe
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QMGCShellExt64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=93320414_hao_pg
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=93320414_hao_pg
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... lz=1I7LENP
SearchScopes: HKU\S-1-5-21-245342030-1968866379-2107401713-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... lz=1I7LENP
BHO: ????????? -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TSWebMon64.dat No File
BHO-x32: WebGuardBHO -> {1B2639A9-EE25-4AE7-A2E3-B308F08125C4} -> C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\WebGuardBHO.dll [2015-06-04] (????????(??)????)

FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\explugin\npBaiduSDDetectPlug.dll [2015-06-04] (????????(??)????)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\npQMExtensionsMozilla.dll No File

R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [64008 2015-06-04] (????????(??)????)
R2 BDKVRTP; C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdSvc.exe [805896 2015-06-04] (????????(??)????)
S3 TAOFrame; "C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TAOFrame.exe" [X]
R1 bd0001; C:\Windows\SysWOW64\DRIVERS\bd0001.sys [202704 2015-06-04] (Baidu)
R1 bd0002; C:\Windows\SysWOW64\DRIVERS\bd0002.sys [198600 2015-06-04] (Baidu)
R1 bd0003; C:\Windows\System32\DRIVERS\bd0003.sys [69448 2015-06-04] (Baidu)
R1 BDDefense; C:\Windows\System32\drivers\BDDefense.sys [103752 2015-06-04] (Baidu)
R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [62280 2015-06-04] (Baidu)
S3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-06-04] (????)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-06-04] (????)
R1 bd0004; system32\DRIVERS\bd0004.sys [X]
S2 QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\QQSysMonX64.sys [X]
S3 TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TS888x64.sys [X]
S1 TSCPM; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\tscpm64.sys [X]
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TsDefenseBT64.sys [X]

C:\Program Files (x86)\Common Files\Baidu
C:\Program Files (x86)\BaiduSd4.0
C:\Program Files (x86)\Tencent
C:\Program Files (x86)\baidu
C:\Users\Vyroba\AppData\Roaming\cpuminer
C:\Windows\system32\cpuminer-gw64.exe
2015-06-04 16:37 - 2015-06-04 16:37 - 00029995 _____ C:\Users\Vyroba\Desktop\FRST.txt
2015-06-04 16:33 - 2015-06-04 16:33 - 00112640 _____ (forum.viry.cz) C:\Users\Vyroba\Desktop\FRSTLauncher.exe
2015-06-04 16:32 - 2015-06-04 16:32 - 00112640 _____ (forum.viry.cz) C:\Users\Vyroba\Desktop\FRSTLauncher (1).exe
2015-06-04 16:24 - 2015-06-04 16:24 - 00112640 _____ (forum.viry.cz) C:\Users\Vyroba\Downloads\Nepotvrzeno 943365.crdownload
2015-06-04 16:23 - 2015-06-04 16:23 - 00000000 _____ C:\Users\Vyroba\Downloads\FRSTLauncher.exe.xalcyl9.partial
2015-06-04 15:39 - 2015-06-04 15:14 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-06-04 15:17 - 2015-06-04 15:45 - 00015049 _____ C:\zoek-results.log
2015-06-04 15:14 - 2015-06-04 15:36 - 00000000 ____D C:\zoek_backup
2015-06-04 15:14 - 2015-06-04 15:14 - 01308672 _____ C:\Users\Vyroba\Downloads\zoek.exe
2015-06-04 15:14 - 2015-06-04 15:14 - 01308672 _____ C:\Users\Vyroba\Downloads\zoek (1).exe
2015-06-04 15:07 - 2015-06-04 15:07 - 00202704 _____ (Baidu) C:\Windows\SysWOW64\Drivers\bd0001.sys
2015-06-04 15:07 - 2015-06-04 15:07 - 00198600 _____ (Baidu) C:\Windows\SysWOW64\Drivers\bd0002.sys
2015-06-04 14:37 - 2015-06-04 14:47 - 00000000 ____D C:\AdwCleaner
2015-06-04 14:37 - 2015-06-04 14:37 - 02231296 _____ C:\Users\Vyroba\Downloads\adwcleaner_4.206.exe
2015-06-04 14:09 - 2015-06-04 14:10 - 00000000 ____D C:\rsit
2015-06-04 14:09 - 2015-06-04 14:10 - 00000000 ____D C:\Program Files\trend micro
2015-06-04 14:09 - 2015-06-04 14:09 - 01222144 _____ C:\Users\Vyroba\Downloads\RSITx64.exe
2015-06-04 10:29 - 2015-06-04 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????
2015-06-04 10:25 - 2015-06-04 12:37 - 00026874 _____ C:\Users\Vyroba\Desktop\Nmc_2015-06-04_10-25-42.log
2015-06-04 10:25 - 2015-06-04 10:25 - 00000000 ____D C:\Users\Vyroba\AppData\Local\Norman Malware Cleaner
2015-06-04 09:43 - 2015-06-04 09:50 - 350127064 _____ (Norman Shark AS) C:\Users\Vyroba\Desktop\Norman_Malware_Cleaner.exe
2015-06-04 09:26 - 2015-06-04 09:26 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-06-04 09:25 - 2015-06-04 14:49 - 00000000 ____D C:\ProgramData\TXQMPC
2015-06-04 09:20 - 2015-06-04 09:20 - 00000000 ____D C:\Program Files (x86)\Lexmark ScanBack
2015-06-04 09:19 - 2015-06-04 09:20 - 00000000 ____D C:\Program Files\Lexmark ScanBack
2015-06-04 09:18 - 2015-06-04 10:28 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????
2015-06-04 09:18 - 2015-06-04 09:17 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-06-04 09:18 - 2015-06-04 09:17 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-06-04 09:18 - 2015-06-04 09:17 - 00087864 _____ (????) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-06-04 09:18 - 2015-06-04 09:17 - 00038200 _____ (????) C:\Windows\system32\Drivers\TSSKX64.sys
2015-06-04 09:16 - 2015-06-04 14:49 - 00000000 ____D C:\ProgramData\Tencent
2015-06-04 09:16 - 2015-06-04 09:16 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-06-04 09:13 - 2015-06-04 09:13 - 00000000 ____D C:\Program Files (x86)\BaiduAn4.0
2015-06-04 09:11 - 2015-06-04 09:14 - 00202576 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys_23883
2015-06-04 09:11 - 2015-06-04 09:11 - 00103752 _____ (Baidu) C:\Windows\system32\Drivers\BDDefense.sys
2015-06-04 09:11 - 2015-06-04 09:11 - 00069448 _____ (Baidu) C:\Windows\system32\Drivers\bd0003.sys
2015-06-04 09:11 - 2015-06-04 09:11 - 00062280 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench_x64.sys
2015-06-04 09:11 - 2015-06-04 09:11 - 00000000 ____D C:\ProgramData\BDSReport
2015-06-04 09:11 - 2015-06-04 09:11 - 00000000 ____D C:\Program Files (x86)\BaiduSd4.0
2015-06-04 09:09 - 2015-06-04 16:22 - 00000000 ____D C:\ProgramData\Baidu
2015-06-04 09:09 - 2015-06-04 09:14 - 00000000 ____D C:\Program Files (x86)\baidu
2015-06-04 09:09 - 2015-06-04 09:12 - 00000000 ____D C:\Users\Vyroba\AppData\Roaming\Baidu
2015-06-04 09:09 - 2015-06-04 09:09 - 00000000 ____D C:\ProgramData\13606343631502330683
2015-06-04 08:25 - 2015-06-04 08:25 - 00000062 _____ C:\ProgramData\LexFiles.usr
2015-06-04 08:24 - 2015-06-04 08:24 - 00000000 ____D C:\Program Files\Lexmark_HostCD
2015-06-04 08:23 - 2015-06-04 15:46 - 00000532 _____ C:\ProgramData\LMabscan.log
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

AV: ???? (Enabled - Up to date) {A0BA42DE-CEEF-6540-B05E-CF5AFC47A572}
AS: ???? (Enabled - Up to date) {1BDBA33A-E8D5-6ACE-8AEE-F42887C0EFCF}

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gpuminer => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cpuminer => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\baidusdTray => value could not remove.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray => value removed successfully
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Windows\CurrentVersion\Run\\apphide => value removed successfully
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => value removed successfully
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => value removed successfully
"HKU\S-1-5-21-245342030-1968866379-2107401713-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65a3957-7b28-11e4-9f4b-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{b65a3957-7b28-11e4-9f4b-806e6f6e6963} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully
"HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully
"HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully
"HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully
"HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully
"HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-245342030-1968866379-2107401713-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-245342030-1968866379-2107401713-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => key removed successfully
"HKCR\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B2639A9-EE25-4AE7-A2E3-B308F08125C4}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{1B2639A9-EE25-4AE7-A2E3-B308F08125C4}" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin" => key removed successfully
Could not move "C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\explugin\npBaiduSDDetectPlug.dll" => Scheduled to move on reboot.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npAndroidAssistant" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQPCMgr" => key removed successfully
BaiduHips => Unable to stop service.
BaiduHips => Service could not remove
BDKVRTP => Unable to stop service.
BDKVRTP => Service could not remove
TAOFrame => Service removed successfully
bd0001 => Unable to stop service.
bd0001 => Service could not remove
bd0002 => Unable to stop service.
bd0002 => Service could not remove
bd0003 => Unable to stop service.
bd0003 => Service could not remove
BDDefense => Unable to stop service.
BDDefense => Service could not remove
BDMWrench_x64 => Unable to stop service.
BDMWrench_x64 => Service could not remove
TFsFlt => Service removed successfully
TSSKX64 => Service removed successfully
bd0004 => Service could not remove
QQSysMonX64 => Service removed successfully
TS888x64 => Service removed successfully
TSCPM => Service removed successfully
TSDefenseBt => Service removed successfully
C:\Program Files (x86)\Common Files\Baidu => moved successfully.

"C:\Program Files (x86)\BaiduSd4.0" folder move:

Could not move "C:\Program Files (x86)\BaiduSd4.0" folder => Scheduled to move on reboot.

C:\Program Files (x86)\Tencent => moved successfully.
C:\Program Files (x86)\baidu => moved successfully.
"C:\Users\Vyroba\AppData\Roaming\cpuminer" => File/Folder not found.
"C:\Windows\system32\cpuminer-gw64.exe" => File/Folder not found.
C:\Users\Vyroba\Desktop\FRST.txt => moved successfully.
C:\Users\Vyroba\Desktop\FRSTLauncher.exe => moved successfully.
C:\Users\Vyroba\Desktop\FRSTLauncher (1).exe => moved successfully.
"C:\Users\Vyroba\Downloads\Nepotvrzeno 943365.crdownload" => File/Folder not found.
C:\Users\Vyroba\Downloads\FRSTLauncher.exe.xalcyl9.partial => moved successfully.
C:\Windows\zoek-delete.exe => moved successfully.
C:\zoek-results.log => moved successfully.
C:\zoek_backup => moved successfully.
C:\Users\Vyroba\Downloads\zoek.exe => moved successfully.
C:\Users\Vyroba\Downloads\zoek (1).exe => moved successfully.
C:\Windows\SysWOW64\Drivers\bd0001.sys => moved successfully.
C:\Windows\SysWOW64\Drivers\bd0002.sys => moved successfully.
C:\AdwCleaner => moved successfully.
C:\Users\Vyroba\Downloads\adwcleaner_4.206.exe => moved successfully.
C:\rsit => moved successfully.
C:\Program Files\trend micro => moved successfully.
C:\Users\Vyroba\Downloads\RSITx64.exe => moved successfully.

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????" folder move:

Could not move "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????" folder => Scheduled to move on reboot.

C:\Users\Vyroba\Desktop\Nmc_2015-06-04_10-25-42.log => moved successfully.
C:\Users\Vyroba\AppData\Local\Norman Malware Cleaner => moved successfully.
C:\Users\Vyroba\Desktop\Norman_Malware_Cleaner.exe => moved successfully.
C:\Windows\SysWOW64\Drivers\TS888x64.sys => moved successfully.
C:\ProgramData\TXQMPC => moved successfully.
C:\Program Files (x86)\Lexmark ScanBack => moved successfully.
C:\Program Files\Lexmark ScanBack => moved successfully.

"C:\Users\Vyroba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" folder move:

Could not move "C:\Users\Vyroba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" folder => Scheduled to move on reboot.

Could not move "C:\Windows\system32\Drivers\TAOKernel64.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\Drivers\TAOAccelerator64.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\Drivers\TFsFltX64.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\Drivers\TSSKX64.sys" => Scheduled to move on reboot.
C:\ProgramData\Tencent => moved successfully.
"C:\Program Files (x86)\Tencent" => File/Folder not found.
C:\Program Files (x86)\BaiduAn4.0 => moved successfully.
"C:\Windows\system32\Drivers\bd0001.sys_23883" => File/Folder not found.
Could not move "C:\Windows\system32\Drivers\BDDefense.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\Drivers\bd0003.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\Drivers\BDMWrench_x64.sys" => Scheduled to move on reboot.
C:\ProgramData\BDSReport => moved successfully.

"C:\Program Files (x86)\BaiduSd4.0" folder move:

Could not move "C:\Program Files (x86)\BaiduSd4.0" folder => Scheduled to move on reboot.


"C:\ProgramData\Baidu" folder move:

Could not move "C:\ProgramData\Baidu" folder => Scheduled to move on reboot.

"C:\Program Files (x86)\baidu" => File/Folder not found.
C:\Users\Vyroba\AppData\Roaming\Baidu => moved successfully.
C:\ProgramData\13606343631502330683 => moved successfully.
C:\ProgramData\LexFiles.usr => moved successfully.
C:\Program Files\Lexmark_HostCD => moved successfully.
C:\ProgramData\LMabscan.log => moved successfully.
C:\Windows\SysWOW64\dlumd10.dll => moved successfully.
C:\Windows\SysWOW64\dlumd11.dll => moved successfully.
C:\Windows\SysWOW64\dlumd9.dll => moved successfully.
C:\Windows\System32\dlumd10.dll => moved successfully.
C:\Windows\System32\dlumd11.dll => moved successfully.
C:\Windows\System32\dlumd9.dll => moved successfully.
C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => moved successfully.
C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => moved successfully.
AV: ???? (Enabled - Up to date) {A0BA42DE-CEEF-6540-B05E-CF5AFC47A572} => The item is protected. Make sure the software is uninstalled and its services is removed.
AS: ???? (Enabled - Up to date) {1BDBA33A-E8D5-6ACE-8AEE-F42887C0EFCF} => The item is protected. Make sure the software is uninstalled and its services is removed.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
EmptyTemp: => 154.1 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-04 18:36:53)<=

C:\Program Files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\explugin\npBaiduSDDetectPlug.dll => moved successfully
C:\Program Files (x86)\BaiduSd4.0 => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????" => Could not move
"C:\Users\Vyroba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" => Could not move
C:\Windows\system32\Drivers\TAOKernel64.sys => Is moved successfully
C:\Windows\system32\Drivers\TAOAccelerator64.sys => Is moved successfully
C:\Windows\system32\Drivers\TFsFltX64.sys => Is moved successfully
C:\Windows\system32\Drivers\TSSKX64.sys => Is moved successfully
C:\Windows\system32\Drivers\BDDefense.sys => moved successfully
C:\Windows\system32\Drivers\bd0003.sys => moved successfully
C:\Windows\system32\Drivers\BDMWrench_x64.sys => moved successfully
C:\Program Files (x86)\BaiduSd4.0 => Is moved successfully
"C:\ProgramData\Baidu" => Could not move

==== End of Fixlog 18:36:55 ====

Re: cinska nechtena app+ asi malver?

Napsal: 04 čer 2015 17:51
od vyosek
Jeste nam tam nejake zbytky zustaly, zkusime domazat

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: cinska nechtena app+ asi malver?

Napsal: 04 čer 2015 18:57
od lalasso
ComboFix 15-05-31.01 - Vyroba 04.06.2015 19:03:29.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3690.2103 [GMT 2:00]
Spuštěný z: c:\users\Vyroba\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\programdata\app
c:\programdata\app\drivers.ini
c:\programdata\Roaming
c:\users\Vyroba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ZipGenius 6.lnk
Q:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_bd0001
-------\Service_bd0002
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-05-04 do 2015-06-04 )))))))))))))))))))))))))))))))
.
.
2015-06-04 16:34 . 2015-06-04 16:35 -------- d-----w- c:\programdata\Baidu
2015-06-04 16:20 . 2015-06-04 13:07 198600 ----a-w- c:\windows\system32\drivers\bd0002.sys
2015-06-04 16:20 . 2015-06-04 07:11 152392 ----a-w- c:\windows\system32\drivers\BDArKit.SYS
2015-06-04 16:20 . 2015-06-04 13:07 202704 ----a-w- c:\windows\system32\drivers\bd0001.sys
2015-06-04 14:36 . 2015-06-04 16:36 -------- d-----w- C:\FRST
2015-06-04 13:44 . 2015-06-04 13:44 -------- d-----w- C:\AuthLog
2015-06-04 13:39 . 2015-06-04 17:37 -------- d-----w- c:\users\Vyroba\AppData\Local\Temp
2015-06-04 07:10 . 2015-06-04 16:40 -------- d-----w- c:\program files (x86)\Seznam.cz
2015-06-04 07:10 . 2015-06-04 07:10 -------- d-----w- c:\users\Vyroba\AppData\Roaming\NVIDIA
2015-06-04 07:10 . 2015-06-04 16:41 -------- d-----w- c:\users\Vyroba\AppData\Roaming\Seznam.cz
2015-06-04 07:07 . 2015-06-04 07:07 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E237456C-A010-4B11-BA74-8A5FD12F309F}\offreg.1064.dll
2015-06-04 06:20 . 2015-06-04 06:20 -------- d-----w- C:\Lexmark
2015-06-04 04:57 . 2015-06-04 04:57 -------- d-----w- c:\users\Vyroba\AppData\Local\GWX
2015-06-04 04:49 . 2015-03-26 09:09 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA7139CD-1DBD-4D7E-82A3-6B3877B9E779}\gapaengine.dll
2015-06-04 04:48 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E237456C-A010-4B11-BA74-8A5FD12F309F}\mpengine.dll
2015-06-01 19:56 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-26 08:23 . 2015-05-26 08:24 -------- d-----w- c:\users\Vyroba\AppData\Roaming\ZipGenius
2015-05-20 07:25 . 2015-06-04 06:32 -------- d-----w- c:\programdata\DriverConfigurations
2015-05-20 07:09 . 2015-05-20 07:09 -------- d-----w- c:\program files\Lexmark Status Monitor Center
2015-05-20 07:09 . 2012-10-09 08:17 906752 ----a-w- c:\windows\system32\lexlog.dll
2015-05-20 07:09 . 2012-10-09 07:58 446464 ----a-w- c:\windows\SysWow64\lexlog.dll
2015-05-20 07:08 . 2015-05-20 07:21 -------- d-----w- c:\program files (x86)\Lexmark
2015-05-20 06:59 . 2015-06-04 06:23 -------- d-----w- c:\program files\Lexmark
2015-05-20 06:58 . 2009-07-14 01:41 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LXKPTPRC.DLL
2015-05-20 06:51 . 2015-05-20 06:51 -------- d-----w- c:\programdata\Lexmark Install Logs
2015-05-20 06:50 . 2015-05-20 06:51 -------- d-----w- c:\programdata\Lexmark Package Logs
2015-05-18 13:33 . 2015-05-18 13:33 -------- d-----w- c:\program files (x86)\ZipGenius 6
2015-05-14 01:01 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 01:01 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 04:40 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-05-13 04:39 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-05-13 04:39 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-13 04:39 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-05-13 04:39 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-05-13 04:39 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-05-13 04:39 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-05-13 04:39 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-14 01:04 . 2014-12-08 16:30 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-05 01:29 . 2015-05-13 04:41 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-05-13 04:41 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-04-27 19:23 . 2015-05-13 04:40 113664 ----a-w- c:\windows\system32\sechost.dll
2015-04-27 19:05 . 2015-05-13 04:40 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-04-27 19:04 . 2015-05-13 04:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-15 11:12 . 2015-04-15 11:12 138056 ----a-w- c:\windows\SysWow64\atl100.dll
2015-03-26 09:09 . 2014-12-10 05:50 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 03:24 . 2015-04-15 01:03 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 01:03 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 01:03 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 01:03 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 01:03 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 01:03 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 01:03 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 01:03 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 01:03 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 01:03 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 01:03 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 01:03 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 01:03 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 01:03 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 01:03 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 01:03 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 01:03 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 01:03 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 01:03 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 01:03 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 01:03 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 01:03 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 01:03 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 01:03 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 01:03 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 01:03 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 01:03 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 01:03 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-12-04 09:51 223432 ----a-w- c:\users\Vyroba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-12-04 09:51 223432 ----a-w- c:\users\Vyroba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-12-04 09:51 223432 ----a-w- c:\users\Vyroba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LMab1err"="c:\program files\Lexmark\ErrorApp\LMab1err.exe" [2010-09-16 582312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-06 133400]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-21 507744]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-04-11 5939776]
"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
"IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-02-27 55520]
.
c:\users\Vyroba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Vyroba\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 bd0003;bd0003;c:\windows\system32\DRIVERS\bd0003.sys;c:\windows\SYSNATIVE\DRIVERS\bd0003.sys [x]
R1 bd0004;bd0004;c:\windows\system32\DRIVERS\bd0004.sys;c:\windows\SYSNATIVE\DRIVERS\bd0004.sys [x]
R1 BDDefense;BDDefense;c:\windows\system32\drivers\BDDefense.sys;c:\windows\SYSNATIVE\drivers\BDDefense.sys [x]
R1 BDMWrench_x64;BDMWrench_x64;c:\windows\system32\DRIVERS\BDMWrench_x64.sys;c:\windows\SYSNATIVE\DRIVERS\BDMWrench_x64.sys [x]
R1 TAOKernelDriver;Tencent Auto Optimize Platform.;c:\windows\system32\Drivers\TAOKernel64.sys;c:\windows\SYSNATIVE\Drivers\TAOKernel64.sys [x]
R2 BaiduHips;BaiduHips;c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe;c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [x]
R2 BDKVRTP;BDKVRTP Service;c:\program files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdSvc.exe;c:\program files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BDArKit;BAIDU Ark Kit Service;c:\windows\System32\Drivers\BDArKit.SYS;c:\windows\SYSNATIVE\Drivers\BDArKit.SYS [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 DraftSight API Service;DraftSight API Service;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [x]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-26 01:07 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-12-04 09:51 262344 ----a-w- c:\users\Vyroba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-12-04 09:51 262344 ----a-w- c:\users\Vyroba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-12-04 09:51 262344 ----a-w- c:\users\Vyroba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-09 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-09 440600]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-22 11406608]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-03-01 564352]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-02-21 1654400]
"TpShocks"="TpShocks.exe" [2012-02-25 382528]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-04-11 283984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"LMPSSDMON"="c:\program files\Lexmark\Monitor\ACB\LMabMON.exe" [2010-09-16 753664]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: baidu.com
TCP: DhcpNameServer = 192.168.1.1 212.96.161.6
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-baidusdTray - c:\program files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdTray.exe
Wow6432Node-HKLM-Run-baiduAnTray - c:\program files (x86)\BaiduAn4.0\BaiduAn\4.0.0.5166\BaiduAnTray.exe
SafeBoot-QQPCRTP
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{365ADADE-814B-400C-877C-95E9F684BBEB} - c:\program files (x86)\Tencent\QQPCMgr\10.9.16349.225\Plugins\QQPCB1AndroidJmp\QQPMUnInst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files\Lenovo\Lenovo Solution Center\LSCNotify.exe
c:\program files (x86)\Lenovo\message center plus\mcplaunch.exe
c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
.
**************************************************************************
.
Celkový čas: 2015-06-04 19:50:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-06-04 17:50
.
Před spuštěním: Volných bajtů: 424 317 939 712
Po spuštění: Volných bajtů: 423 234 727 936
.
- - End Of File - - D15A6033834DC2AF8509B7DE0B7CFD11

Re: cinska nechtena app+ asi malver?

Napsal: 05 čer 2015 15:22
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Driver::
bd0003
bd0004
BDDefense
BDMWrench_x64
TAOKernelDriver
BaiduHips

File::
c:\windows\SYSNATIVE\drivers\BDDefense.sys
c:\windows\system32\Drivers\TAOKernel64.sys
c:\windows\SYSNATIVE\DRIVERS\BDMWrench_x64.sys
c:\windows\system32\drivers\bd0002.sys
c:\windows\system32\drivers\BDArKit.SYS
c:\windows\system32\drivers\bd0001.sys

Folder::
c:\program files (x86)\Common Files\Baidu
c:\programdata\Baidu

DDS::
Trusted Zone: baidu.com

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: cinska nechtena app+ asi malver?

Napsal: 08 čer 2015 07:00
od lalasso
Dobrý den, log zde, díky.

ComboFix 15-05-31.01 - Vyroba 08.06.2015 6:57.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3690.2080 [GMT 2:00]
Spuštěný z: c:\users\Vyroba\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vyroba\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\drivers\BDDefense.sys"
"c:\windows\system32\DRIVERS\BDMWrench_x64.sys"
"c:\windows\system32\drivers\bd0001.sys"
"c:\windows\system32\drivers\bd0002.sys"
"c:\windows\system32\drivers\BDArKit.SYS"
"c:\windows\system32\Drivers\TAOKernel64.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\app
c:\programdata\app\drivers.ini
c:\programdata\Baidu
c:\windows\system32\drivers\bd0001.sys
c:\windows\system32\drivers\bd0002.sys
c:\windows\system32\drivers\BDArKit.SYS
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0003
-------\Legacy_BD0004
-------\Legacy_BDDEFENSE
-------\Legacy_BDMWRENCH_X64
-------\Legacy_TAOKERNELDRIVER
-------\Service_BaiduHips
-------\Service_bd0003
-------\Service_bd0004
-------\Service_BDDefense
-------\Service_BDMWrench_x64
-------\Service_TAOKernelDriver
-------\Legacy_BDArKit
-------\Service_BDArKit
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-05-08 do 2015-06-08 )))))))))))))))))))))))))))))))
.
.
2015-06-08 05:17 . 2015-06-08 05:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-06-08 05:17 . 2015-06-08 05:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-08 05:17 . 2015-06-08 05:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-06-05 08:54 . 2015-06-05 08:54 -------- d-----w- c:\programdata\Printer Install Logs
2015-06-04 17:55 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B346BF5E-908A-4890-ADE4-432812C9C21E}\mpengine.dll
2015-06-04 14:36 . 2015-06-04 16:36 -------- d-----w- C:\FRST
2015-06-04 13:44 . 2015-06-04 13:44 -------- d-----w- C:\AuthLog
2015-06-04 13:39 . 2015-06-08 05:23 -------- d-----w- c:\users\Vyroba\AppData\Local\Temp
2015-06-04 07:10 . 2015-06-04 16:40 -------- d-----w- c:\program files (x86)\Seznam.cz
2015-06-04 07:10 . 2015-06-04 07:10 -------- d-----w- c:\users\Vyroba\AppData\Roaming\NVIDIA
2015-06-04 07:10 . 2015-06-04 16:41 -------- d-----w- c:\users\Vyroba\AppData\Roaming\Seznam.cz
2015-06-04 06:20 . 2015-06-05 08:57 -------- d-----w- C:\Lexmark
2015-06-04 04:57 . 2015-06-04 04:57 -------- d-----w- c:\users\Vyroba\AppData\Local\GWX
2015-06-04 04:49 . 2015-03-26 09:09 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA7139CD-1DBD-4D7E-82A3-6B3877B9E779}\gapaengine.dll
2015-06-01 19:56 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-26 08:23 . 2015-05-26 08:24 -------- d-----w- c:\users\Vyroba\AppData\Roaming\ZipGenius
2015-05-20 07:25 . 2015-06-05 08:41 -------- d-----w- c:\programdata\DriverConfigurations
2015-05-20 07:09 . 2015-05-20 07:09 -------- d-----w- c:\program files\Lexmark Status Monitor Center
2015-05-20 07:09 . 2012-10-09 08:17 906752 ----a-w- c:\windows\system32\lexlog.dll
2015-05-20 07:09 . 2012-10-09 07:58 446464 ----a-w- c:\windows\SysWow64\lexlog.dll
2015-05-20 07:08 . 2015-05-20 07:21 -------- d-----w- c:\program files (x86)\Lexmark
2015-05-20 06:59 . 2015-06-04 06:23 -------- d-----w- c:\program files\Lexmark
2015-05-20 06:58 . 2009-07-14 01:41 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LXKPTPRC.DLL
2015-05-20 06:51 . 2015-05-20 06:51 -------- d-----w- c:\programdata\Lexmark Install Logs
2015-05-20 06:50 . 2015-05-20 06:51 -------- d-----w- c:\programdata\Lexmark Package Logs
2015-05-18 13:33 . 2015-05-18 13:33 -------- d-----w- c:\program files (x86)\ZipGenius 6
2015-05-14 01:01 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 01:01 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 04:40 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-05-13 04:39 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-05-13 04:39 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-13 04:39 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-05-13 04:39 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-05-13 04:39 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-05-13 04:39 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-05-13 04:39 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-14 01:04 . 2014-12-08 16:30 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-05 01:29 . 2015-05-13 04:41 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-05 01:12 . 2015-05-13 04:41 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-04-27 19:23 . 2015-05-13 04:40 113664 ----a-w- c:\windows\system32\sechost.dll
2015-04-27 19:05 . 2015-05-13 04:40 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-04-27 19:04 . 2015-05-13 04:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-15 11:12 . 2015-04-15 11:12 138056 ----a-w- c:\windows\SysWow64\atl100.dll
2015-03-26 09:09 . 2014-12-10 05:50 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 03:24 . 2015-04-15 01:03 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 01:03 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 01:03 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 01:03 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 01:03 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 01:03 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 01:03 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 01:03 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 01:03 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 01:03 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 01:03 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 01:03 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 01:03 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 01:03 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 01:03 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 01:03 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 01:03 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 01:03 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 01:03 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 01:03 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 01:03 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 01:03 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 01:03 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 01:03 1111552 ----a-w- c:\windows\system32\aeinv.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-12-04 09:51 223432 ----a-w- c:\users\Vyroba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-12-04 09:51 223432 ----a-w- c:\users\Vyroba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-12-04 09:51 223432 ----a-w- c:\users\Vyroba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LMab1err"="c:\program files\Lexmark\ErrorApp\LMab1err.exe" [2010-09-16 582312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-06 133400]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-21 507744]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-04-11 5939776]
"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
"IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-02-27 55520]
.
c:\users\Vyroba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Vyroba\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BDKVRTP;BDKVRTP Service;c:\program files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdSvc.exe;c:\program files (x86)\BaiduSd4.0\BaiduSd\4.0.0.6697\BaiduSdSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 DraftSight API Service;DraftSight API Service;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [x]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-26 01:07 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-12-04 09:51 262344 ----a-w- c:\users\Vyroba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-12-04 09:51 262344 ----a-w- c:\users\Vyroba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-12-04 09:51 262344 ----a-w- c:\users\Vyroba\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Vyroba\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-09 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-09 440600]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-22 11406608]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-03-01 564352]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-02-21 1654400]
"TpShocks"="TpShocks.exe" [2012-02-25 382528]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-04-11 283984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"LMPSSDMON"="c:\program files\Lexmark\Monitor\ACB\LMabMON.exe" [2010-09-16 753664]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.88.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-{365ADADE-814B-400C-877C-95E9F684BBEB} - c:\program files (x86)\Tencent\QQPCMgr\10.9.16349.225\Plugins\QQPCB1AndroidJmp\QQPMUnInst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\SAsrv.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Lenovo\Lenovo Solution Center\LSCNotify.exe
c:\program files (x86)\Lenovo\message center plus\mcplaunch.exe
.
**************************************************************************
.
Celkový čas: 2015-06-08 07:36:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-06-08 05:36
ComboFix2.txt 2015-06-04 17:50
.
Před spuštěním: Volných bajtů: 420 916 502 528
Po spuštění: Volných bajtů: 420 703 875 072
.
- - End Of File - - 70F81A43406D0C778461D606502D6E54

Re: cinska nechtena app+ asi malver?

Napsal: 09 čer 2015 16:17
od vyosek
Jeste jeden CFScript - postup stejny

Kód: Vybrat vše

KillAll::

Folder::
c:\program files (x86)\BaiduSd4.0

Driver::
BDKVRTP

Reboot::
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz