VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

odstraňování QIYI - Pomoc s CFSscriptem

https://forum.viry.cz:443/viewtopic.php?t=145423

Stránka 1 z 2

odstraňování QIYI - Pomoc s CFSscriptem

Napsal: 28 črc 2015 16:06
od STRNYY
Zdravím - dostala se mi do notebooku čínská havět QIYI (plus další bambilion věcí, které to nainstalovalo). Při čistění jsem postupoval podle návodu z tohoto nedávného tématu http://forum.viry.cz/viewtopic.php?f=13&t=144980 .
Vše jde podle plánu a zdá se, že se daří. Netroufnu si ale na napsání CFSscriptu tak, abych něco nepohnojil :?: . Můžete mi prosím pomoci? Mám origo win7 64bit - Můj log z Combo Fix vypadá takto:

ComboFix 15-07-23.01 - Marek 28.07.2015 16:48:39.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.7906.4868 [GMT 2:00]
Spuštěný z: c:\users\Marek\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Adobe\2dc2d89a-4627-4c25-b63d-86075c0f045e.dll
c:\program files (x86)\Adobe\887c491c-b997-4e7e-ac62-99d8e86cf666.dll
c:\program files (x86)\AGEIA Technologies\8c17b8e1-0127-4fd3-abc9-83f67b3b896c.dll
c:\program files (x86)\AGEIA Technologies\c4f19181-bc4a-4e25-adb9-161fc59e6a7f.dll
c:\program files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini
c:\programdata\Roaming
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\wininit.ini
Q:\Autorun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-06-28 do 2015-07-28 )))))))))))))))))))))))))))))))
.
.
2015-07-28 14:25 . 2015-07-28 14:25 -------- d-----w- c:\programdata\TXQMPC
2015-07-28 14:17 . 2015-07-28 14:24 -------- d-----w- C:\AdwCleaner
2015-07-28 13:40 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B086BC6F-935D-4208-9A16-40C8C07461F3}\mpengine.dll
2015-07-27 20:41 . 2015-07-27 20:41 -------- d-----w- C:\LStyle
2015-07-27 20:35 . 2015-07-27 20:35 -------- d-----w- c:\programdata\LocalStorage
2015-07-27 20:33 . 2015-07-27 20:33 -------- d-----w- C:\@RestoreQuarantine
2015-07-27 20:32 . 2015-07-27 20:32 -------- d-----w- c:\users\Marek\.android
2015-07-27 20:32 . 2015-07-27 20:32 -------- d-----w- c:\users\Marek\AppData\Roaming\ppslog
2015-07-27 20:18 . 2015-07-27 20:34 -------- d-----w- c:\programdata\RegRun
2015-07-27 20:15 . 2015-07-27 20:15 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys
2015-07-27 20:14 . 2015-07-27 20:14 2 --shatr- c:\windows\winstart.bat
2015-07-27 20:14 . 2015-02-25 14:02 12800 ----a-w- c:\windows\SysWow64\drivers\UnHackMeDrv.sys
2015-07-27 20:14 . 2015-07-27 20:18 -------- d-----w- c:\program files (x86)\UnHackMe
2015-07-27 20:04 . 2015-07-27 20:41 -------- d-----w- c:\users\Marek\AppData\Local\CrashDumps
2015-07-27 16:59 . 2015-07-28 14:45 -------- d-----r- C:\RavBin
2015-07-27 16:59 . 2014-07-30 02:44 91928 ------w- c:\windows\SysWow64\vpatch.dll
2015-07-27 16:59 . 2015-07-27 16:59 -------- d-----w- c:\programdata\Rising
2015-07-27 16:59 . 2015-07-27 16:59 -------- d-----w- c:\program files (x86)\Rising
2015-07-27 16:58 . 2015-07-27 16:58 99640 ------w- c:\windows\system32\drivers\TAOAccelerator64.sys
2015-07-27 16:58 . 2015-07-27 16:58 38200 ------w- c:\windows\system32\drivers\TSSKX64.sys
2015-07-27 16:58 . 2015-07-27 16:58 174392 ------w- c:\windows\system32\drivers\TAOKernel64.sys
2015-07-27 16:58 . 2015-07-27 16:58 87864 ------w- c:\windows\system32\drivers\TFsFltX64.sys
2015-07-27 16:58 . 2015-07-27 16:58 -------- d-----w- c:\program files (x86)\Tencent
2015-07-27 16:58 . 2015-07-28 14:25 -------- d-----w- c:\programdata\Tencent
2015-07-27 16:58 . 2015-07-28 14:25 -------- d-----w- c:\users\Marek\AppData\Roaming\Tencent
2015-07-27 16:47 . 2015-07-27 16:47 -------- d-----w- c:\users\Marek\AppData\Local\4674
2015-07-27 16:28 . 2015-07-27 16:28 -------- d-----w- c:\users\Marek\AppData\Roaming\agederar
2015-07-27 16:28 . 2015-07-28 13:35 -------- d-----w- C:\qycache
2015-07-27 16:28 . 2015-07-27 16:28 -------- d-----w- C:\ppsfile
2015-07-27 16:27 . 2015-07-27 16:27 -------- d-----w- c:\users\Marek\AppData\Local\Unity
2015-07-27 16:27 . 2015-07-27 16:27 -------- d-----w- c:\users\Public\QiYi
2015-07-27 16:27 . 2015-07-27 16:27 -------- d-----w- c:\program files (x86)\baidu
2015-07-27 16:26 . 2015-07-27 16:26 -------- d-----w- c:\program files (x86)\Seznam.cz
2015-07-27 16:25 . 2015-07-28 14:34 -------- d-----w- c:\users\Marek\AppData\Roaming\Seznam.cz
2015-07-23 17:26 . 2015-07-23 17:26 -------- d-----w- c:\users\Marek\AppData\Roaming\NeatVideo SV 64
2015-07-23 17:25 . 2015-07-23 17:25 -------- d-----w- c:\program files\Neat Video for Sony Vegas
2015-07-21 14:29 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-21 14:29 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-21 14:29 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-21 14:29 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-21 14:29 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-21 14:29 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-21 14:29 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-21 14:29 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-21 14:29 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-21 14:29 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-20 19:05 . 2015-07-20 19:05 -------- d-----w- c:\programdata\Microsoft Toolkit
2015-07-20 18:54 . 2015-07-20 18:54 -------- d-----w- c:\program files\Common Files\DESIGNER
2015-07-20 18:54 . 2015-07-20 18:54 -------- d-----w- c:\program files\Microsoft.NET
2015-07-20 18:54 . 2015-07-20 18:54 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2015-07-20 18:54 . 2015-07-20 18:54 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2015-07-20 18:54 . 2015-07-20 18:54 -------- d-----w- c:\program files\Microsoft SQL Server
2015-07-20 18:54 . 2015-07-20 18:54 -------- d-----w- c:\windows\PCHEALTH
2015-07-20 18:51 . 2015-07-20 18:51 -------- d-----w- c:\program files\Microsoft Analysis Services
2015-07-20 18:51 . 2015-07-20 18:51 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2015-07-20 18:51 . 2015-07-20 18:51 -------- d-----w- c:\users\Marek\AppData\Local\Microsoft Help
2015-07-20 18:51 . 2015-07-20 18:54 -------- d-----w- c:\program files\Microsoft Office
2015-07-20 18:51 . 2015-07-20 18:56 -------- d-----w- c:\programdata\Microsoft Help
2015-07-20 18:51 . 2015-07-20 18:51 -------- d-----r- C:\MSOCache
2015-07-15 14:11 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-01 17:45 . 2015-07-01 17:46 -------- d-----w- C:\swshare
2015-07-01 13:17 . 2015-07-28 14:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-07-01 13:17 . 2015-07-28 14:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-07-01 12:54 . 2015-07-01 12:54 -------- d-----w- c:\users\Marek\AppData\Local\GHISLER
2015-07-01 09:51 . 2015-07-01 09:51 -------- d-----w- c:\programdata\Avg_Update_0215pi
2015-06-30 20:43 . 2015-07-01 13:02 -------- d-----w- c:\program files\Common Files\AV
2015-06-30 20:43 . 2015-06-30 20:43 -------- d-----w- c:\users\Marek\AppData\Roaming\TuneUp Software
2015-06-30 20:40 . 2015-06-30 20:40 -------- d--h--w- c:\programdata\Common Files
2015-06-30 20:40 . 2015-07-06 11:44 -------- d-----w- c:\programdata\MFAData
2015-06-30 20:40 . 2015-06-30 20:40 -------- d-----w- c:\users\Marek\AppData\Local\MFAData
2015-06-30 17:09 . 2015-06-30 17:09 -------- d-----w- c:\programdata\Codemasters
2015-06-30 17:09 . 2015-06-30 17:09 -------- d-----w- c:\programdata\Steam
2015-06-30 17:08 . 2015-06-30 17:08 -------- d-----w- c:\users\Marek\AppData\Roaming\GHISLER
2015-06-30 17:08 . 2015-06-30 17:08 -------- d-----w- c:\program files\totalcmd
2015-06-30 17:08 . 2014-04-23 06:51 545 ----a-w- c:\windows\UC.PIF
2015-06-30 17:08 . 2014-04-23 06:51 545 ----a-w- c:\windows\RAR.PIF
2015-06-30 17:08 . 2014-04-23 06:51 545 ----a-w- c:\windows\LHA.PIF
2015-06-30 17:08 . 2014-04-23 06:51 545 ----a-w- c:\windows\ARJ.PIF
2015-06-30 17:01 . 2010-06-02 02:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2015-06-30 17:01 . 2010-06-02 02:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2015-06-30 17:01 . 2010-06-02 02:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2015-06-30 17:01 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2015-06-30 17:01 . 2010-05-26 09:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2015-06-30 17:01 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2015-06-30 17:01 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2015-06-30 17:01 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2015-06-30 17:01 . 2007-04-04 16:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2015-06-30 16:48 . 2015-07-01 13:03 -------- d-----w- c:\program files (x86)\F1 2013
2015-06-30 16:44 . 2015-06-30 16:44 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2015-06-29 16:47 . 2015-07-26 20:31 -------- d-----w- c:\users\Marek\AppData\Roaming\vlc
2015-06-29 16:47 . 2015-06-29 16:47 -------- d-----w- c:\program files (x86)\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-01 20:49 . 2015-07-15 14:11 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-01 20:30 . 2015-07-15 14:11 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-06-23 17:07 . 2015-06-23 17:07 110688 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-06-23 11:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-21 21:06 . 2015-06-21 21:06 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-21 21:06 . 2015-06-21 21:06 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-09 03:27 . 2015-06-21 17:59 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-09 03:27 . 2015-06-21 17:59 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-09 03:27 . 2015-06-21 17:59 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-09 03:27 . 2015-06-21 17:59 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-09 03:26 . 2015-06-21 17:59 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-09 03:26 . 2015-06-21 17:59 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-09 03:26 . 2015-06-21 17:59 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-09 03:25 . 2015-06-21 17:59 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-09 03:20 . 2015-06-21 17:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-09 03:20 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-09 03:13 . 2015-06-21 17:59 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-09 03:13 . 2015-06-21 17:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-09 03:13 . 2015-06-21 17:59 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-09 03:12 . 2015-06-21 17:59 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-05-09 03:12 . 2015-06-21 17:59 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-05-09 03:08 . 2015-06-21 17:59 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-09 03:08 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2015-05-09 02:01 . 2015-06-21 17:59 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2015-05-09 02:01 . 2015-06-21 17:59 2048 ----a-w- c:\windows\SysWow64\user.exe
2015-05-09 01:59 . 2015-06-21 17:59 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-05-09 01:59 . 2015-06-21 17:59 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-09 01:59 . 2015-06-21 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-09 01:59 . 2015-06-21 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-05-01 13:17 . 2015-06-22 01:06 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-06-22 01:06 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-29 18:22 . 2015-06-21 18:02 14635008 ----a-w- c:\windows\system32\wmp.dll
2015-04-29 18:21 . 2015-06-21 18:02 5120 ----a-w- c:\windows\system32\msdxm.ocx
2015-04-29 18:21 . 2015-06-21 18:02 5120 ----a-w- c:\windows\system32\dxmasf.dll
2015-04-29 18:21 . 2015-06-21 18:02 9728 ----a-w- c:\windows\system32\spwmp.dll
2015-04-29 18:19 . 2015-06-21 18:02 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2015-04-29 18:07 . 2015-06-21 18:02 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2015-04-29 18:07 . 2015-06-21 18:02 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2015-04-29 18:07 . 2015-06-21 18:02 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2015-04-29 18:05 . 2015-06-21 18:02 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 18:38 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 18:38 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 18:38 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"="c:\users\Marek\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\Marek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2015-05-26 103080]
"apphide"="c:\program files (x86)\baidu\baidu.exe" [2015-07-22 69632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-05-16 134616]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-10-21 292848]
"331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2013-05-14 552960]
"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2014-03-06 6633304]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-06-01 4315872]
"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2013-08-15 733936]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"RSDTRAY"="c:\program files (x86)\Rising\RSD\popwndexe.exe" [2012-09-25 126808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
ThinkPad OneLink Dock Management.lnk - c:\program files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe 1.08.26 [2014-12-6 915968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R1 TSDefenseBt;TSDefenseBt;c:\program files (x86)\Tencent\QQPCMgr\10.10.16434.218\TsDefenseBT64.sys;c:\program files (x86)\Tencent\QQPCMgr\10.10.16434.218\TsDefenseBT64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 QQPCRTP;QQPCMgr RTP Service;c:\program files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRtp.exe;c:\program files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRtp.exe [x]
R2 QuickControlMasterSvc;Lenovo QuickControl Master Service;c:\program files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe;c:\program files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe;c:\program files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [x]
R3 LSCWinService;LSCWinService;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S0 Fastboot;Fastboot;c:\windows\System32\DRIVERS\fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\fastboot.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 ExpressCache;ExpressCache;c:\program files\Condusiv Technologies\ExpressCache\ExpressCache.exe;c:\program files\Condusiv Technologies\ExpressCache\ExpressCache.exe [x]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;Lenovo Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 lnvDiscoveryWinSvc;lnvDiscoveryWinSvc;c:\program files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe;c:\program files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [x]
S2 RsMgrSvc;Rsd Service;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 ValBioService;ValBioService;c:\program files\Lenovo Fingerprint Reader\ValBioService.exe;c:\program files\Lenovo Fingerprint Reader\ValBioService.exe [x]
S2 valWBFPolicyService;Synaptics FP WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ibtusb;Intel(R) Wireless Bluetooth(R) 4.0 + HS Adapter;c:\windows\system32\DRIVERS\ibtusb.sys;c:\windows\SYSNATIVE\DRIVERS\ibtusb.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S3 QuickControlService;Lenovo QuickControl Service;c:\program files (x86)\Lenovo\QuickControl\QuickControlService.exe;c:\program files (x86)\Lenovo\QuickControl\QuickControlService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTSPER;Realtek PCIE Card Reader - PER;c:\windows\system32\DRIVERS\RtsPer.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPer.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 usb3Hub;UoIP Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2015-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-20 15:31]
.
2015-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-20 15:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 18:37 2322576 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 18:37 2322576 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 18:37 2322576 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-20 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-20 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-20 444400]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2013-09-05 907480]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2014-03-26 7825720]
"TpShocks"="TpShocks.exe" [2014-02-18 384344]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2014-05-29 295768]
"Enhanced Performance Keyboard"="c:\program files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe" [2014-08-17 4013056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\uw2klmgk.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{50F4150A-48B2-417A-BE4C-C83F580FB904} - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Wow6432Node-HKLM-Run-QQPCTray - c:\program files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe
BHO-{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{B7667919-3765-4815-A66D-98A09BE662D6} - c:\program files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PPStream - c:\iqiyi video\LStyle\QyUninst.exe
AddRemove-{365ADADE-814B-400C-877C-95E9F684BBEB} - c:\program files (x86)\Tencent\QQPCMgr\10.10.16434.218\Plugins\QQPCB1AndroidJmp\QQPMUnInst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"="\"c:\\Program Files (x86)\\Tencent\\QQPCMgr\\10.10.16434.218\\QQPCTray.exe\" /regrun"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DVD\shell\O(u *1rGYz‚Ný€­d>ehV *­d>e\command]
@="\"c:\\IQIYI Video\\GeePlayer\\GeePlayer\\GeePlayer.exe\" -runfrom DVD \"%1\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-07-28 16:54:57
ComboFix-quarantined-files.txt 2015-07-28 14:54
.
Před spuštěním: Volných bajtů: 844 405 256 192
Po spuštění: Volných bajtů: 844 099 948 544
.
- - End Of File - - 1438A8731F81D55656E70CFA25229A2A
4E73770151CE7F9C3988A518FB69483C

Re: odstraňování QIYI - Pomoc s CFSscriptem

Napsal: 28 črc 2015 17:09
od Rudy
Zdravím!
Proč spouštíte ComboFix, utilitu určenou pouze profesinálům? Hodláte si nabořit systém, nebo některou aplikaci? Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Re: odstraňování QIYI - Pomoc s CFSscriptem

Napsal: 28 črc 2015 20:28
od STRNYY
Měl jsem naprosto totožný problém. Vše se tváří OK, tak jsem snad nic nepokazil - díky za upozornění :)
Zde je log z FRST (addition dávam do přílohy zde:
Addition.rar
(11.92 KiB) Staženo 53 x
):

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Marek (administrator) on MAREK-PC (28-07-2015 21:22:01)
Running from C:\Users\Marek\Desktop
Loaded Profiles: UpdatusUser & Marek (Available Profiles: UpdatusUser & Marek)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\popwndexe.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\QuickDisplay\QuickDisplayAgent.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(forum.viry.cz) C:\Users\Marek\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-18] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295768 2014-05-30] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-04-07] (Synaptics Incorporated)
HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [4013056 2014-08-17] (LITE-ON TECHNOLOGY CORP.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-05-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [733936 2013-08-15] (Lenovo)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe" /regrun
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Marek\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Marek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe [69632 2015-07-22] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [184048 2013-10-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-10-31] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-06-21]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ThinkPad OneLink Dock Management.lnk [2014-12-06]
ShortcutTarget: ThinkPad OneLink Dock Management.lnk -> C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1736032595-1940929976-456475042-1001] => localhost:8080
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> DefaultScope {9EBA2691-B410-4F81-94C3-90D0310283E4} URL =
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {48A33148-775B-4510-ADED-47AD3B725304} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {5411061A-3C24-4463-9878-A1A34680CD3B} URL = http://search.seznam.cz/?q={searchTerms ... arch_16194
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {55686190-345A-4A57-B613-9D53105BA757} URL = http://www.mapy.cz/?query={searchTerms} ... arch_16194
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {5A27CDB4-9E02-42CC-B0F4-B7BC011E0356} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {5B2BDD39-C03E-4B9F-9CC4-BF0B73D7A010} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {745B9E52-F441-4A4B-91D2-4699FFBB7137} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {87511A54-E776-40D5-866D-F819BC81E2C4} URL = http://www.novinky.cz/hledej?w={searchT ... arch_16194
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {9EBA2691-B410-4F81-94C3-90D0310283E4} URL =
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {B8C2BF08-FFE4-44A5-BF80-CE941EB296D1} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {FF4A0DA9-3A16-4F6D-A367-AD9FEE792356} URL = http://encyklopedie.seznam.cz/search?q= ... arch_16194
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-23] (Oracle Corporation)
BHO: No Name -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-23] (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: No Name -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DE627B70-BEB4-4CC4-8DC1-8B8D1FE3FFC1}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\uw2klmgk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-21] ()
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll No File
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF HKU\S-1-5-21-1736032595-1940929976-456475042-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\uw2klmgk.default\extensions\AVJYFVOD75109374@HCDE39471360.com [not found]
FF Extension: No Name - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\uw2klmgk.default\extensions\DXYYH4339170@JXVPYKS65865478.com [not found]

Chrome:
=======
CHR Profile: C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-20]
CHR Extension: (Google Docs) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-20]
CHR Extension: (Google Drive) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-20]
CHR Extension: (YouTube) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-20]
CHR Extension: (Google Search) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-20]
CHR Extension: (Google Sheets) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-20]
CHR Extension: (AdBlock) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-20]
CHR Extension: (Gmail) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [828656 2013-11-19] (Condusiv Technologies)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-08-15] (Lenovo)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-04-11] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197464 2014-05-30] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-11] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21552 2014-02-22] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [269192 2014-07-01] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61936 2014-06-12] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [316400 2014-06-12] (Lenovo Group Limited)
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [184088 2015-05-21] (Beijing Rising Information Technology Co., Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-05-15] ()
R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22776 2015-03-03] (Validity Sensors, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-03-03] (Synaptics Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)
S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCRtp.exe" -r [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1423160 2014-04-19] (Motorola Solutions, Inc.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25840 2013-11-19] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [117488 2013-11-19] (Condusiv Technologies)
R0 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [54000 2013-08-15] (Windows (R) Win 7 DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [192456 2014-05-30] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3434976 2014-04-17] (Intel Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-21] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\TsDefenseBT64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-28 21:22 - 2015-07-28 21:22 - 00025353 _____ C:\Users\Marek\Desktop\FRST.txt
2015-07-28 21:21 - 2015-07-28 21:22 - 00000000 ____D C:\FRST
2015-07-28 21:20 - 2015-07-28 21:20 - 02146816 _____ (Farbar) C:\Users\Marek\Desktop\FRST64.exe
2015-07-28 21:19 - 2015-07-28 21:19 - 00112640 _____ (forum.viry.cz) C:\Users\Marek\Desktop\FRSTLauncher.exe
2015-07-28 20:16 - 2015-07-28 20:16 - 00000000 ___SH C:\DkHyperbootSync
2015-07-28 16:54 - 2015-07-28 16:54 - 00035685 _____ C:\ComboFix.txt
2015-07-28 16:47 - 2015-07-28 16:55 - 00000000 ____D C:\ComboFix
2015-07-28 16:40 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-28 16:40 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-28 16:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-28 16:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-28 16:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-28 16:40 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-28 16:40 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-28 16:40 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-28 16:37 - 2015-07-28 16:55 - 00000000 ____D C:\Qoobox
2015-07-28 16:36 - 2015-07-28 16:54 - 00000000 ____D C:\Windows\erdnt
2015-07-28 16:34 - 2015-07-28 16:34 - 05633622 ____R (Swearware) C:\Users\Marek\Downloads\ComboFix.exe
2015-07-28 16:25 - 2015-07-28 16:25 - 00000000 ____D C:\ProgramData\TXQMPC
2015-07-28 16:17 - 2015-07-28 16:24 - 00000000 ____D C:\AdwCleaner
2015-07-28 16:17 - 2015-07-28 16:17 - 02248704 _____ C:\Users\Marek\Downloads\adwcleaner_4.208.exe
2015-07-28 15:45 - 2015-07-28 15:45 - 00000000 _____ C:\autoexec.bat
2015-07-28 15:44 - 2015-07-28 15:44 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Marek\Downloads\SpyHunter-Installer.exe
2015-07-28 15:35 - 2015-07-28 16:29 - 00003314 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-07-27 22:41 - 2015-07-27 22:41 - 00000000 ____D C:\LStyle
2015-07-27 22:35 - 2015-07-27 22:35 - 00000000 ____D C:\ProgramData\LocalStorage
2015-07-27 22:33 - 2015-07-27 22:33 - 00000000 ____D C:\@RestoreQuarantine
2015-07-27 22:32 - 2015-07-27 22:32 - 00000000 ____D C:\Users\Marek\AppData\Roaming\ppslog
2015-07-27 22:32 - 2015-07-27 22:32 - 00000000 ____D C:\Users\Marek\.android
2015-07-27 22:18 - 2015-07-27 22:34 - 00000000 ____D C:\ProgramData\RegRun
2015-07-27 22:14 - 2015-07-28 17:42 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2015-07-27 22:14 - 2015-07-27 22:36 - 00000000 ____D C:\Users\Marek\Documents\RegRun2
2015-07-27 22:14 - 2015-07-27 22:14 - 00000002 RSHOT C:\Windows\winstart.bat
2015-07-27 22:14 - 2015-07-27 22:14 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2015-07-27 22:14 - 2015-07-27 22:14 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2015-07-27 22:13 - 2015-07-27 22:13 - 16735990 _____ C:\Users\Marek\Downloads\unhackme.zip
2015-07-27 22:07 - 2015-07-27 22:41 - 00001270 _____ C:\Users\Marek\Desktop\全网影视.lnk
2015-07-27 22:04 - 2015-07-27 22:41 - 00000000 ____D C:\Users\Marek\AppData\Local\CrashDumps
2015-07-27 20:00 - 2015-07-27 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-07-27 18:59 - 2015-07-28 16:45 - 00000000 ___RD C:\RavBin
2015-07-27 18:59 - 2015-07-27 18:59 - 00000000 ____D C:\ProgramData\Rising
2015-07-27 18:59 - 2015-07-27 18:59 - 00000000 ____D C:\Program Files (x86)\Rising
2015-07-27 18:59 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-07-27 18:58 - 2015-07-28 16:25 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Tencent
2015-07-27 18:58 - 2015-07-28 16:25 - 00000000 ____D C:\ProgramData\Tencent
2015-07-27 18:58 - 2015-07-27 20:00 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-07-27 18:58 - 2015-07-27 18:58 - 00174392 ____N (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-07-27 18:58 - 2015-07-27 18:58 - 00099640 ____N (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-07-27 18:58 - 2015-07-27 18:58 - 00087864 ____N (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-07-27 18:58 - 2015-07-27 18:58 - 00038200 ____N (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-07-27 18:58 - 2015-07-27 18:58 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-07-27 18:47 - 2015-07-27 18:47 - 00000000 ____D C:\Users\Marek\AppData\Local\4674
2015-07-27 18:36 - 2015-07-27 18:36 - 00002107 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-27 18:28 - 2015-07-28 15:35 - 00000000 ____D C:\qycache
2015-07-27 18:28 - 2015-07-27 18:28 - 00000000 ____D C:\ppsfile
2015-07-27 18:27 - 2015-07-28 17:42 - 00000000 ____D C:\Users\Marek\AppData\Local\Unity
2015-07-27 18:27 - 2015-07-27 18:27 - 00000000 ____D C:\Users\Public\QiYi
2015-07-27 18:27 - 2015-07-27 18:27 - 00000000 ____D C:\Program Files (x86)\baidu
2015-07-27 18:26 - 2015-07-27 18:32 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-27 18:26 - 2015-07-27 18:26 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-07-27 18:25 - 2015-07-28 16:34 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Seznam.cz
2015-07-27 18:25 - 2015-07-27 18:25 - 00768544 _____ () C:\Users\Marek\Downloads\Nepotvrzeno 574676.crdownload
2015-07-27 18:25 - 2015-07-27 18:25 - 00768544 _____ () C:\Users\Marek\Downloads\Nepotvrzeno 408410.crdownload
2015-07-27 18:25 - 2015-07-27 18:25 - 00768544 _____ () C:\Users\Marek\Downloads\DivX.Web.Player.Installer__8420_i1561426396_il24578 (2).exe
2015-07-27 18:20 - 2015-07-27 18:20 - 00995384 _____ C:\Users\Marek\Downloads\Setup.FreeMake.Video.Downloader__8420_il11664.exe.zip
2015-07-27 18:13 - 2015-07-27 18:13 - 00017386 _____ C:\Users\Marek\Downloads\Boyhood.2014.720p.BluRay.x264.DTS-RARBG-[rarbg.com].torrent
2015-07-26 20:24 - 2015-07-26 20:24 - 00100806 _____ C:\Users\Marek\Downloads\Rush 2013 720p BluRay x264 ENG AC3 - BTRG.srt
2015-07-26 20:21 - 2015-07-26 20:28 - 991898234 ____R C:\Users\Marek\Downloads\Rush 2013 720p BluRay x264 ENG AC3 - BTRG.mp4
2015-07-25 00:07 - 2015-07-25 00:34 - 486526626 _____ C:\Users\Marek\Downloads\Vypitózy.wmv
2015-07-23 19:36 - 2015-07-23 19:38 - 881926143 _____ C:\Users\Marek\Downloads\zasilka-FPZ5739MX54Z56IP.zip
2015-07-23 19:34 - 2015-07-23 19:35 - 00103552 _____ C:\Users\Marek\Downloads\ZOOM0006.MOV.sfk
2015-07-23 19:26 - 2015-07-23 19:27 - 00777984 _____ C:\Users\Marek\Downloads\ZOOM0002.MOV.sfk
2015-07-23 19:26 - 2015-07-23 19:26 - 00000000 ____D C:\Users\Marek\Documents\Neat Video for Sony Vegas
2015-07-23 19:26 - 2015-07-23 19:26 - 00000000 ____D C:\Users\Marek\AppData\Roaming\NeatVideo SV 64
2015-07-23 19:25 - 2015-07-23 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neat Video for Sony Vegas
2015-07-23 19:25 - 2015-07-23 19:25 - 00000000 ____D C:\Program Files\Neat Video for Sony Vegas
2015-07-23 19:23 - 2015-07-23 19:24 - 08431197 _____ C:\Users\Marek\Downloads\NeatVideo 3.1 for Sony Vegas 11.rar
2015-07-23 18:25 - 2015-07-23 18:26 - 131743690 _____ C:\Users\Marek\Downloads\ZOOM0006.MOV
2015-07-23 18:11 - 2015-07-23 18:17 - 988674693 _____ C:\Users\Marek\Downloads\ZOOM0002.MOV
2015-07-23 18:11 - 2015-07-23 18:11 - 41389490 _____ C:\Users\Marek\Downloads\Gipsy sister.wav
2015-07-22 19:18 - 2015-07-22 20:02 - 00000424 _____ C:\Users\Marek\Documents\texty.txt
2015-07-21 16:29 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 16:29 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 16:29 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 16:29 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 16:29 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 16:29 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 16:29 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 16:29 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 16:29 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 16:29 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 21:05 - 2015-07-20 21:05 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-07-20 20:55 - 2015-07-20 20:55 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-07-20 20:55 - 2015-07-20 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-20 20:54 - 2015-07-20 20:54 - 00000000 ____D C:\Windows\PCHEALTH
2015-07-20 20:54 - 2015-07-20 20:54 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-07-20 20:54 - 2015-07-20 20:54 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-07-20 20:54 - 2015-07-20 20:54 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-07-20 20:51 - 2015-07-20 20:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-20 20:51 - 2015-07-20 20:54 - 00000000 ____D C:\Program Files\Microsoft Office
2015-07-20 20:51 - 2015-07-20 20:51 - 00000000 ___RD C:\MSOCache
2015-07-20 20:51 - 2015-07-20 20:51 - 00000000 ____D C:\Users\Marek\AppData\Local\Microsoft Help
2015-07-20 20:51 - 2015-07-20 20:51 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-07-20 20:51 - 2015-07-20 20:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-07-20 20:44 - 2015-07-20 20:46 - 00000000 ____D C:\Users\Marek\Downloads\Microsoft Office 2013 x64 Activated Silent Installer Inc Activator [TeamOs](itzmyos.com)
2015-07-20 20:43 - 2015-07-20 20:43 - 00062106 _____ C:\Users\Marek\Downloads\Microsoft_Office_2013_x64_Activated_Silent_Installer_Inc_Activat.torrent
2015-07-15 16:15 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 16:15 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 16:15 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 16:15 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 16:15 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 16:15 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 16:15 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 16:15 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 16:15 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 16:15 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 16:15 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 16:15 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 16:15 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 16:15 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 16:15 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 16:15 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 16:15 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 16:15 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 16:15 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 16:15 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 16:15 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 16:14 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 16:14 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 16:14 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 16:14 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 16:14 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 16:14 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 16:14 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 16:14 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 16:14 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 16:14 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 16:14 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 16:14 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 16:14 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 16:14 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 16:14 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 16:14 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 16:14 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 16:14 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 16:14 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 16:14 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 16:14 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 16:14 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 16:14 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 16:14 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 16:14 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 16:14 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 16:14 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 16:14 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 16:14 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 16:14 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 16:14 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 16:14 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 16:14 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 16:14 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 16:14 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 16:14 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 16:14 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 16:14 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 16:14 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 16:14 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 16:14 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 16:14 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 16:14 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 16:14 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 16:11 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 16:11 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 16:11 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 16:11 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 16:11 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 16:11 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 16:11 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 16:11 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 16:11 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 16:11 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 16:11 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 16:11 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 16:11 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 16:11 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 16:11 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 16:11 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 16:11 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 16:11 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 16:11 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 16:11 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 16:11 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 16:11 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 16:11 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 16:11 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 16:11 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 16:11 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 16:11 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 16:11 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 16:11 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 16:11 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 16:11 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 16:11 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 16:11 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-13 22:56 - 2015-07-20 20:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-11 21:35 - 2015-07-11 21:48 - 00000000 ____D C:\Users\Marek\Downloads\21 Jump Street (2012) DVDRip XviD-MAXSPEED
2015-07-11 21:17 - 2015-07-11 21:17 - 00057112 _____ C:\Users\Marek\Downloads\MONOVA.ORG 21 Jump Street 2012 FRENCH BDRip XviD REPACK 1CD-ITOMA.torrent
2015-07-11 21:17 - 2015-07-11 21:17 - 00000000 ____D C:\Users\Marek\Downloads\[www.Cpasbien.com] 21.Jump.Street.2012.FRENCH.BDRip.XviD.REPACK.1CD-ITOMA
2015-07-01 19:45 - 2015-07-01 19:46 - 00000000 ____D C:\swshare
2015-07-01 15:18 - 2015-07-01 15:18 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-07-01 15:17 - 2015-07-28 16:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-01 15:17 - 2015-07-28 16:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-01 15:16 - 2015-07-01 15:16 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Marek\Downloads\spybot-2.4.exe
2015-07-01 14:54 - 2015-07-01 14:54 - 00000000 ____D C:\Users\Marek\AppData\Local\GHISLER
2015-07-01 14:53 - 2015-07-01 14:53 - 00000000 ____D C:\Users\Marek\Documents\Crack
2015-07-01 12:31 - 2015-07-01 12:31 - 00001419 _____ C:\Users\Marek\Desktop\F1_2013.lnk
2015-07-01 11:51 - 2015-07-01 11:51 - 00000000 ____D C:\ProgramData\Avg_Update_0215pi
2015-06-30 22:43 - 2015-07-01 15:02 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-30 22:43 - 2015-06-30 22:43 - 00000000 ____D C:\Users\Marek\AppData\Roaming\TuneUp Software
2015-06-30 22:40 - 2015-07-06 13:44 - 00000000 ____D C:\ProgramData\MFAData
2015-06-30 22:40 - 2015-06-30 22:40 - 00000000 ____D C:\Users\Marek\AppData\Local\MFAData
2015-06-30 22:35 - 2015-06-30 22:38 - 178980016 _____ (AVG Technologies) C:\Users\Marek\Downloads\avg_free_x86_all_2015_ltst_222.exe
2015-06-30 19:09 - 2015-06-30 19:09 - 00000000 ____D C:\Users\Marek\Documents\My Games
2015-06-30 19:09 - 2015-06-30 19:09 - 00000000 ____D C:\ProgramData\Steam
2015-06-30 19:09 - 2015-06-30 19:09 - 00000000 ____D C:\ProgramData\Codemasters
2015-06-30 19:08 - 2015-06-30 19:08 - 03722264 _____ (Ghisler Software GmbH) C:\Users\Marek\Downloads\tcm851x32.exe
2015-06-30 19:08 - 2015-06-30 19:08 - 00000849 _____ C:\Users\Marek\Desktop\Total Commander.lnk
2015-06-30 19:08 - 2015-06-30 19:08 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-06-30 19:08 - 2015-06-30 19:08 - 00000000 ____D C:\Users\Marek\AppData\Roaming\GHISLER
2015-06-30 19:08 - 2015-06-30 19:08 - 00000000 ____D C:\Program Files\totalcmd
2015-06-30 19:08 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\UC.PIF
2015-06-30 19:08 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\RAR.PIF
2015-06-30 19:08 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\LHA.PIF
2015-06-30 19:08 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\ARJ.PIF
2015-06-30 19:01 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-06-30 19:01 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-06-30 19:01 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-06-30 19:01 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-06-30 19:01 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-06-30 19:01 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-06-30 19:01 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-06-30 19:01 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-06-30 19:01 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-06-30 18:48 - 2015-07-01 15:03 - 00000000 ____D C:\Program Files (x86)\F1 2013
2015-06-30 18:45 - 2015-06-30 18:45 - 00001261 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2015-06-30 18:44 - 2015-06-30 18:44 - 01640984 _____ C:\Users\Marek\Downloads\SetupVirtualCloneDrive5470.exe
2015-06-30 18:44 - 2015-06-30 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-06-30 18:44 - 2015-06-30 18:44 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2015-06-30 18:17 - 2015-06-30 18:18 - 00000000 ____D C:\Users\Marek\Downloads\F1.2013-RELOADED
2015-06-30 13:03 - 2015-06-30 13:13 - 00000000 ____D C:\Users\Marek\Downloads\The Thin Red Line (1998)
2015-06-29 18:47 - 2015-07-26 22:31 - 00000000 ____D C:\Users\Marek\AppData\Roaming\vlc
2015-06-29 18:47 - 2015-06-29 18:47 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-06-29 18:47 - 2015-06-29 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-06-29 18:47 - 2015-06-29 18:47 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-06-29 18:45 - 2015-06-29 18:46 - 28849904 _____ C:\Users\Marek\Downloads\vlc-2.2.1-win32.exe
2015-06-29 18:15 - 2015-06-29 18:43 - 00000000 ____D C:\Users\Marek\Downloads\22 Jump Street (2014)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-28 20:34 - 2015-06-20 17:32 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-28 17:39 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-28 16:54 - 2009-07-14 06:45 - 00032128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-28 16:54 - 2009-07-14 06:45 - 00032128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-28 16:54 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-28 16:53 - 2014-12-06 16:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-28 16:53 - 2014-12-06 16:39 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-07-28 16:53 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-28 16:50 - 2014-12-06 16:31 - 01288795 _____ C:\Windows\WindowsUpdate.log
2015-07-28 16:48 - 2014-12-06 16:05 - 00668556 _____ C:\Windows\system32\perfh005.dat
2015-07-28 16:48 - 2014-12-06 16:05 - 00141184 _____ C:\Windows\system32\perfc005.dat
2015-07-28 16:48 - 2009-07-14 07:13 - 01582266 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-28 16:46 - 2015-06-20 17:32 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-28 16:46 - 2014-12-06 16:53 - 629747712 ___SH C:\Windows\lenovo_fastboot.img
2015-07-28 16:46 - 2014-12-06 16:52 - 00000000 ____D C:\ProgramData\Validity
2015-07-28 16:46 - 2014-12-06 16:43 - 01506322 _____ C:\Users\Public\CAFADEBUG.log
2015-07-28 16:46 - 2010-11-21 05:47 - 00787842 _____ C:\Windows\PFRO.log
2015-07-28 16:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-28 16:46 - 2009-07-14 06:51 - 00063380 _____ C:\Windows\setupact.log
2015-07-28 15:45 - 2015-06-20 17:23 - 00000000 ____D C:\Users\Marek
2015-07-28 15:35 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-28 15:34 - 2015-06-20 17:24 - 00001404 _____ C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-28 15:34 - 2009-07-14 06:45 - 00445528 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-27 23:48 - 2015-06-20 17:59 - 00000000 ____D C:\Users\Marek\AppData\Roaming\uTorrent
2015-07-27 18:59 - 2015-06-20 17:25 - 00117392 _____ C:\Users\Marek\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-27 18:59 - 2015-06-20 17:24 - 00000000 ____D C:\Users\Marek\AppData\Local\VirtualStore
2015-07-27 18:36 - 2015-06-20 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-26 09:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-23 19:25 - 2015-06-20 19:56 - 00000000 ____D C:\video
2015-07-20 20:54 - 2014-02-03 16:34 - 00000000 ____D C:\Windows\ShellNew
2015-07-20 20:54 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-20 20:52 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-20 20:52 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2015-07-16 07:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 06:29 - 2015-06-20 17:32 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 06:29 - 2015-06-20 17:32 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 19:39 - 2015-06-20 19:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-11 06:53 - 2015-06-20 17:30 - 00000000 __SHD C:\Users\Marek\AppData\Local\EmieUserList
2015-07-11 06:53 - 2015-06-20 17:30 - 00000000 __SHD C:\Users\Marek\AppData\Local\EmieSiteList
2015-07-01 12:16 - 2014-12-06 16:52 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2015-07-01 12:08 - 2015-06-20 17:33 - 00000000 ____D C:\Users\Marek\AppData\Roaming\LSC
2015-07-01 11:47 - 2014-12-06 17:00 - 00000000 ____D C:\ProgramData\Norton
2015-06-29 18:35 - 2014-02-03 16:34 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-29 18:35 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2015-06-29 18:35 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2015-06-29 18:35 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2015-06-29 18:35 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-06-29 18:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-06-29 18:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-06-29 18:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-29 18:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-06-29 18:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-06-29 18:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-06-29 18:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-29 18:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-06-29 18:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-06-29 18:34 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\winrm
2015-06-29 18:34 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\WCN
2015-06-29 18:34 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\slmgr
2015-06-29 18:34 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2015-06-29 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2015-06-29 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2015-06-29 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Speech

==================== Files in the root of some directories =======

2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 ____N () C:\Users\Marek\AppData\Roaming\IV1s1qxCMypc7EsGHl5y2rLG
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 ____N () C:\Users\Marek\AppData\Roaming\WiabkMP7spSQY5g2Ols
2014-12-06 16:43 - 2014-12-06 16:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-06 16:57 - 2014-12-06 16:57 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-12-06 16:54 - 2014-12-06 16:55 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-12-06 16:55 - 2014-12-06 16:56 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-12-06 16:56 - 2014-12-06 16:57 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-25 22:44




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows7_OS) (Fixed) (Total:911.86 GB) (Free:785.76 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (F1 2013) (CDROM) (Total:5.51 GB) (Free:0 GB) CDFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:18.19 GB) (Free:0.01 GB) NTFS

Available physical RAM: 4686.61 MB
Total physical RAM: 7906.47 MB
Percentage of memory in use: 40%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: AF7E1B88)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.2 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: AF7E15A2)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\Marek\Downloads\DivX.Web.Player.Installer__8420_i1561426396_il24578 (2).exe:typelib

==================== Security Center ==================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Marek\Desktop" je 2 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: odstraňování QIYI - Pomoc s CFSscriptem

Napsal: 28 črc 2015 21:25
od Rudy
Teď spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: odstraňování QIYI - Pomoc s CFSscriptem

Napsal: 29 črc 2015 15:58
od STRNYY
ADWcleaner jsem použil už předtím něž jsem založil vlákno (log vypadal viz příloha ). Nyní log vypadá takto:

# AdwCleaner v4.208 - Log vytvořen 29/07/2015 v 16:48:17
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-26.2 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (x64)
# Uživatelské jméno : Marek - MAREK-PC
# Spuštěno z : C:\Users\Marek\Desktop\adwcleaner_4.208.exe
# Nastavení : Čištění

***** [ Služby ] *****

[#] Služba Smazáno : QQPCRTP
[#] Služba Smazáno : TSDefenseBt

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\tencent
Složka Smazáno : C:\ProgramData\TXQMPC
Složka Smazáno : C:\Program Files (x86)\tencent
Složka Smazáno : C:\Users\Marek\AppData\Roaming\tencent
Soubor Smazáno : C:\Windows\System32\drivers\TAOAccelerator64.sys
Soubor Smazáno : C:\Windows\System32\drivers\TSSKX64.sys
Soubor Smazáno : C:\Windows\System32\drivers\TAOKernel64.sys
Soubor Smazáno : C:\Windows\System32\drivers\TFsFltX64.sys

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
Data Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080


***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 cs)


-\\ Google Chrome v44.0.2403.107


*************************

AdwCleaner[R0].txt - [15353 bytů] - [28/07/2015 16:17:35]
AdwCleaner[R1].txt - [2031 bytů] - [29/07/2015 16:47:26]
AdwCleaner[S0].txt - [14326 bytů] - [28/07/2015 16:20:24]
AdwCleaner[S1].txt - [1727 bytů] - [29/07/2015 16:48:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1785 bytů] ##########

Re: odstraňování QIYI - Pomoc s CFSscriptem

Napsal: 29 črc 2015 17:14
od Rudy
Dejte nový log FRST.

Re: odstraňování QIYI - Pomoc s CFSscriptem

Napsal: 29 črc 2015 18:19
od STRNYY
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
Ran by Marek (administrator) on MAREK-PC (29-07-2015 19:14:49)
Running from C:\Users\Marek\Desktop
Loaded Profiles: UpdatusUser & Marek (Available Profiles: UpdatusUser & Marek)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
() C:\Program Files (x86)\baidu\baidu.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Users\Marek\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
() C:\Users\Marek\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\popwndexe.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\QuickDisplay\QuickDisplayAgent.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(forum.viry.cz) C:\Users\Marek\Desktop\FRST-OlderVersion\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-18] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295768 2014-05-30] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-04-07] (Synaptics Incorporated)
HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [4013056 2014-08-17] (LITE-ON TECHNOLOGY CORP.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-05-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-21] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [733936 2013-08-15] (Lenovo)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe" /regrun
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Marek\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Marek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe [69632 2015-07-22] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [184048 2013-10-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-10-31] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-06-21]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ThinkPad OneLink Dock Management.lnk [2014-12-06]
ShortcutTarget: ThinkPad OneLink Dock Management.lnk -> C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {48A33148-775B-4510-ADED-47AD3B725304} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {5411061A-3C24-4463-9878-A1A34680CD3B} URL = http://search.seznam.cz/?q={searchTerms ... arch_16194
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {55686190-345A-4A57-B613-9D53105BA757} URL = http://www.mapy.cz/?query={searchTerms} ... arch_16194
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {5A27CDB4-9E02-42CC-B0F4-B7BC011E0356} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {5B2BDD39-C03E-4B9F-9CC4-BF0B73D7A010} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {745B9E52-F441-4A4B-91D2-4699FFBB7137} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {87511A54-E776-40D5-866D-F819BC81E2C4} URL = http://www.novinky.cz/hledej?w={searchT ... arch_16194
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {9EBA2691-B410-4F81-94C3-90D0310283E4} URL =
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {B8C2BF08-FFE4-44A5-BF80-CE941EB296D1} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-1736032595-1940929976-456475042-1001 -> {FF4A0DA9-3A16-4F6D-A367-AD9FEE792356} URL = http://encyklopedie.seznam.cz/search?q= ... arch_16194
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-23] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-23] (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DE627B70-BEB4-4CC4-8DC1-8B8D1FE3FFC1}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\uw2klmgk.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-21] ()
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll No File
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF HKU\S-1-5-21-1736032595-1940929976-456475042-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-20]
CHR Extension: (Google Docs) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-20]
CHR Extension: (Google Drive) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-20]
CHR Extension: (YouTube) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-20]
CHR Extension: (Google Search) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-20]
CHR Extension: (Google Sheets) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-20]
CHR Extension: (AdBlock) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-20]
CHR Extension: (Gmail) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [828656 2013-11-19] (Condusiv Technologies)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-08-15] (Lenovo)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-04-11] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197464 2014-05-30] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-11] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21552 2014-02-22] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [269192 2014-07-01] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61936 2014-06-12] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [316400 2014-06-12] (Lenovo Group Limited)
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [184088 2015-05-21] (Beijing Rising Information Technology Co., Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-05-15] ()
R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22776 2015-03-03] (Validity Sensors, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-03-03] (Synaptics Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1423160 2014-04-19] (Motorola Solutions, Inc.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25840 2013-11-19] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [117488 2013-11-19] (Condusiv Technologies)
R0 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [54000 2013-08-15] (Windows (R) Win 7 DDK provider)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [192456 2014-05-30] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3434976 2014-04-17] (Intel Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-21] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-29 19:14 - 2015-07-29 19:14 - 00025103 _____ C:\Users\Marek\Desktop\FRST.txt
2015-07-29 19:14 - 2015-07-29 19:14 - 00000000 ____D C:\Users\Marek\Desktop\FRST-OlderVersion
2015-07-29 17:26 - 2015-07-29 17:26 - 00000000 ___SH C:\DkHyperbootSync
2015-07-28 21:36 - 2015-07-28 21:36 - 00007605 _____ C:\Users\Marek\AppData\Local\Resmon.ResmonCfg
2015-07-28 21:26 - 2015-07-28 21:26 - 00012207 _____ C:\Users\Marek\Desktop\Addition.rar
2015-07-28 21:21 - 2015-07-29 19:14 - 00000000 ____D C:\FRST
2015-07-28 21:20 - 2015-07-29 19:14 - 02169856 _____ (Farbar) C:\Users\Marek\Desktop\FRST64.exe
2015-07-28 16:54 - 2015-07-28 16:54 - 00035685 _____ C:\ComboFix.txt
2015-07-28 16:47 - 2015-07-28 16:55 - 00000000 ____D C:\ComboFix
2015-07-28 16:40 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-28 16:40 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-28 16:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-28 16:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-28 16:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-28 16:40 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-28 16:40 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-28 16:40 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-28 16:37 - 2015-07-28 16:55 - 00000000 ____D C:\Qoobox
2015-07-28 16:36 - 2015-07-28 16:54 - 00000000 ____D C:\Windows\erdnt
2015-07-28 16:34 - 2015-07-28 16:34 - 05633622 ____R (Swearware) C:\Users\Marek\Downloads\ComboFix.exe
2015-07-28 16:17 - 2015-07-29 16:58 - 00000000 ____D C:\AdwCleaner
2015-07-28 16:17 - 2015-07-28 16:17 - 02248704 _____ C:\Users\Marek\Desktop\adwcleaner_4.208.exe
2015-07-28 15:45 - 2015-07-28 15:45 - 00000000 _____ C:\autoexec.bat
2015-07-28 15:44 - 2015-07-28 15:44 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Marek\Downloads\SpyHunter-Installer.exe
2015-07-28 15:35 - 2015-07-28 16:29 - 00003314 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-07-27 22:41 - 2015-07-27 22:41 - 00000000 ____D C:\LStyle
2015-07-27 22:35 - 2015-07-27 22:35 - 00000000 ____D C:\ProgramData\LocalStorage
2015-07-27 22:33 - 2015-07-27 22:33 - 00000000 ____D C:\@RestoreQuarantine
2015-07-27 22:32 - 2015-07-27 22:32 - 00000000 ____D C:\Users\Marek\AppData\Roaming\ppslog
2015-07-27 22:32 - 2015-07-27 22:32 - 00000000 ____D C:\Users\Marek\.android
2015-07-27 22:18 - 2015-07-27 22:34 - 00000000 ____D C:\ProgramData\RegRun
2015-07-27 22:14 - 2015-07-28 17:42 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2015-07-27 22:14 - 2015-07-27 22:36 - 00000000 ____D C:\Users\Marek\Documents\RegRun2
2015-07-27 22:14 - 2015-07-27 22:14 - 00000002 RSHOT C:\Windows\winstart.bat
2015-07-27 22:14 - 2015-07-27 22:14 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2015-07-27 22:14 - 2015-07-27 22:14 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2015-07-27 22:13 - 2015-07-27 22:13 - 16735990 _____ C:\Users\Marek\Downloads\unhackme.zip
2015-07-27 22:07 - 2015-07-27 22:41 - 00001270 _____ C:\Users\Marek\Desktop\全网影视.lnk
2015-07-27 22:04 - 2015-07-27 22:41 - 00000000 ____D C:\Users\Marek\AppData\Local\CrashDumps
2015-07-27 20:00 - 2015-07-27 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-07-27 18:59 - 2015-07-28 16:45 - 00000000 ___RD C:\RavBin
2015-07-27 18:59 - 2015-07-27 18:59 - 00000000 ____D C:\ProgramData\Rising
2015-07-27 18:59 - 2015-07-27 18:59 - 00000000 ____D C:\Program Files (x86)\Rising
2015-07-27 18:59 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-07-27 18:58 - 2015-07-27 20:00 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-07-27 18:47 - 2015-07-27 18:47 - 00000000 ____D C:\Users\Marek\AppData\Local\4674
2015-07-27 18:36 - 2015-07-27 18:36 - 00002107 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-27 18:28 - 2015-07-28 15:35 - 00000000 ____D C:\qycache
2015-07-27 18:28 - 2015-07-27 18:28 - 00000000 ____D C:\ppsfile
2015-07-27 18:27 - 2015-07-28 17:42 - 00000000 ____D C:\Users\Marek\AppData\Local\Unity
2015-07-27 18:27 - 2015-07-27 18:27 - 00000000 ____D C:\Users\Public\QiYi
2015-07-27 18:27 - 2015-07-27 18:27 - 00000000 ____D C:\Program Files (x86)\baidu
2015-07-27 18:26 - 2015-07-27 18:32 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-27 18:26 - 2015-07-27 18:26 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-07-27 18:25 - 2015-07-29 17:00 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Seznam.cz
2015-07-27 18:25 - 2015-07-27 18:25 - 00768544 _____ () C:\Users\Marek\Downloads\Nepotvrzeno 574676.crdownload
2015-07-27 18:25 - 2015-07-27 18:25 - 00768544 _____ () C:\Users\Marek\Downloads\Nepotvrzeno 408410.crdownload
2015-07-27 18:25 - 2015-07-27 18:25 - 00768544 _____ () C:\Users\Marek\Downloads\DivX.Web.Player.Installer__8420_i1561426396_il24578 (2).exe
2015-07-27 18:20 - 2015-07-27 18:20 - 00995384 _____ C:\Users\Marek\Downloads\Setup.FreeMake.Video.Downloader__8420_il11664.exe.zip
2015-07-27 18:13 - 2015-07-27 18:13 - 00017386 _____ C:\Users\Marek\Downloads\Boyhood.2014.720p.BluRay.x264.DTS-RARBG-[rarbg.com].torrent
2015-07-26 20:24 - 2015-07-26 20:24 - 00100806 _____ C:\Users\Marek\Downloads\Rush 2013 720p BluRay x264 ENG AC3 - BTRG.srt
2015-07-26 20:21 - 2015-07-26 20:28 - 991898234 ____R C:\Users\Marek\Downloads\Rush 2013 720p BluRay x264 ENG AC3 - BTRG.mp4
2015-07-25 00:07 - 2015-07-25 00:34 - 486526626 _____ C:\Users\Marek\Downloads\Vypitózy.wmv
2015-07-23 19:36 - 2015-07-23 19:38 - 881926143 _____ C:\Users\Marek\Downloads\zasilka-FPZ5739MX54Z56IP.zip
2015-07-23 19:34 - 2015-07-23 19:35 - 00103552 _____ C:\Users\Marek\Downloads\ZOOM0006.MOV.sfk
2015-07-23 19:26 - 2015-07-23 19:27 - 00777984 _____ C:\Users\Marek\Downloads\ZOOM0002.MOV.sfk
2015-07-23 19:26 - 2015-07-23 19:26 - 00000000 ____D C:\Users\Marek\Documents\Neat Video for Sony Vegas
2015-07-23 19:26 - 2015-07-23 19:26 - 00000000 ____D C:\Users\Marek\AppData\Roaming\NeatVideo SV 64
2015-07-23 19:25 - 2015-07-23 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neat Video for Sony Vegas
2015-07-23 19:25 - 2015-07-23 19:25 - 00000000 ____D C:\Program Files\Neat Video for Sony Vegas
2015-07-23 19:23 - 2015-07-23 19:24 - 08431197 _____ C:\Users\Marek\Downloads\NeatVideo 3.1 for Sony Vegas 11.rar
2015-07-23 18:25 - 2015-07-23 18:26 - 131743690 _____ C:\Users\Marek\Downloads\ZOOM0006.MOV
2015-07-23 18:11 - 2015-07-23 18:17 - 988674693 _____ C:\Users\Marek\Downloads\ZOOM0002.MOV
2015-07-23 18:11 - 2015-07-23 18:11 - 41389490 _____ C:\Users\Marek\Downloads\Gipsy sister.wav
2015-07-22 19:18 - 2015-07-22 20:02 - 00000424 _____ C:\Users\Marek\Documents\texty.txt
2015-07-21 16:29 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 16:29 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 16:29 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 16:29 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 16:29 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 16:29 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 16:29 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 16:29 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 16:29 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 16:29 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 21:05 - 2015-07-20 21:05 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-07-20 20:55 - 2015-07-20 20:55 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-07-20 20:55 - 2015-07-20 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-20 20:54 - 2015-07-20 20:54 - 00000000 ____D C:\Windows\PCHEALTH
2015-07-20 20:54 - 2015-07-20 20:54 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-07-20 20:54 - 2015-07-20 20:54 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-07-20 20:54 - 2015-07-20 20:54 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-07-20 20:51 - 2015-07-20 20:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-20 20:51 - 2015-07-20 20:54 - 00000000 ____D C:\Program Files\Microsoft Office
2015-07-20 20:51 - 2015-07-20 20:51 - 00000000 ___RD C:\MSOCache
2015-07-20 20:51 - 2015-07-20 20:51 - 00000000 ____D C:\Users\Marek\AppData\Local\Microsoft Help
2015-07-20 20:51 - 2015-07-20 20:51 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-07-20 20:51 - 2015-07-20 20:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-07-20 20:44 - 2015-07-20 20:46 - 00000000 ____D C:\Users\Marek\Downloads\Microsoft Office 2013 x64 Activated Silent Installer Inc Activator [TeamOs](itzmyos.com)
2015-07-20 20:43 - 2015-07-20 20:43 - 00062106 _____ C:\Users\Marek\Downloads\Microsoft_Office_2013_x64_Activated_Silent_Installer_Inc_Activat.torrent
2015-07-15 16:15 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 16:15 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 16:15 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 16:15 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 16:15 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 16:15 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 16:15 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 16:15 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 16:15 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 16:15 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 16:15 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 16:15 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 16:15 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 16:15 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 16:15 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 16:15 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 16:15 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 16:15 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 16:15 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 16:15 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 16:15 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 16:14 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 16:14 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 16:14 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 16:14 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 16:14 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 16:14 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 16:14 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 16:14 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 16:14 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 16:14 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 16:14 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 16:14 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 16:14 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 16:14 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 16:14 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 16:14 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 16:14 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 16:14 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 16:14 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 16:14 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 16:14 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 16:14 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 16:14 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 16:14 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 16:14 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 16:14 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 16:14 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 16:14 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 16:14 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 16:14 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 16:14 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 16:14 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 16:14 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 16:14 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 16:14 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 16:14 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 16:14 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 16:14 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 16:14 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 16:14 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 16:14 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 16:14 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 16:14 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 16:14 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 16:11 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 16:11 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 16:11 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 16:11 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 16:11 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 16:11 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 16:11 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 16:11 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 16:11 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 16:11 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 16:11 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 16:11 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 16:11 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 16:11 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 16:11 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 16:11 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 16:11 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 16:11 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 16:11 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 16:11 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 16:11 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 16:11 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 16:11 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 16:11 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 16:11 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 16:11 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 16:11 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 16:11 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 16:11 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 16:11 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 16:11 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 16:11 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 16:11 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 16:11 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 16:11 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-13 22:56 - 2015-07-20 20:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-11 21:35 - 2015-07-11 21:48 - 00000000 ____D C:\Users\Marek\Downloads\21 Jump Street (2012) DVDRip XviD-MAXSPEED
2015-07-11 21:17 - 2015-07-11 21:17 - 00057112 _____ C:\Users\Marek\Downloads\MONOVA.ORG 21 Jump Street 2012 FRENCH BDRip XviD REPACK 1CD-ITOMA.torrent
2015-07-11 21:17 - 2015-07-11 21:17 - 00000000 ____D C:\Users\Marek\Downloads\[www.Cpasbien.com] 21.Jump.Street.2012.FRENCH.BDRip.XviD.REPACK.1CD-ITOMA
2015-07-01 19:45 - 2015-07-01 19:46 - 00000000 ____D C:\swshare
2015-07-01 15:18 - 2015-07-01 15:18 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-07-01 15:17 - 2015-07-28 16:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-01 15:17 - 2015-07-28 16:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-01 15:16 - 2015-07-01 15:16 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Marek\Downloads\spybot-2.4.exe
2015-07-01 14:54 - 2015-07-01 14:54 - 00000000 ____D C:\Users\Marek\AppData\Local\GHISLER
2015-07-01 14:53 - 2015-07-01 14:53 - 00000000 ____D C:\Users\Marek\Documents\Crack
2015-07-01 12:31 - 2015-07-01 12:31 - 00001419 _____ C:\Users\Marek\Desktop\F1_2013.lnk
2015-07-01 11:51 - 2015-07-01 11:51 - 00000000 ____D C:\ProgramData\Avg_Update_0215pi
2015-06-30 22:43 - 2015-07-01 15:02 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-30 22:43 - 2015-06-30 22:43 - 00000000 ____D C:\Users\Marek\AppData\Roaming\TuneUp Software
2015-06-30 22:40 - 2015-07-06 13:44 - 00000000 ____D C:\ProgramData\MFAData
2015-06-30 22:40 - 2015-06-30 22:40 - 00000000 ____D C:\Users\Marek\AppData\Local\MFAData
2015-06-30 22:35 - 2015-06-30 22:38 - 178980016 _____ (AVG Technologies) C:\Users\Marek\Downloads\avg_free_x86_all_2015_ltst_222.exe
2015-06-30 19:09 - 2015-06-30 19:09 - 00000000 ____D C:\Users\Marek\Documents\My Games
2015-06-30 19:09 - 2015-06-30 19:09 - 00000000 ____D C:\ProgramData\Steam
2015-06-30 19:09 - 2015-06-30 19:09 - 00000000 ____D C:\ProgramData\Codemasters
2015-06-30 19:08 - 2015-06-30 19:08 - 03722264 _____ (Ghisler Software GmbH) C:\Users\Marek\Downloads\tcm851x32.exe
2015-06-30 19:08 - 2015-06-30 19:08 - 00000849 _____ C:\Users\Marek\Desktop\Total Commander.lnk
2015-06-30 19:08 - 2015-06-30 19:08 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-06-30 19:08 - 2015-06-30 19:08 - 00000000 ____D C:\Users\Marek\AppData\Roaming\GHISLER
2015-06-30 19:08 - 2015-06-30 19:08 - 00000000 ____D C:\Program Files\totalcmd
2015-06-30 19:08 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\UC.PIF
2015-06-30 19:08 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\RAR.PIF
2015-06-30 19:08 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\LHA.PIF
2015-06-30 19:08 - 2014-04-23 08:51 - 00000545 _____ C:\Windows\ARJ.PIF
2015-06-30 19:01 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-06-30 19:01 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-06-30 19:01 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-06-30 19:01 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-06-30 19:01 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-06-30 19:01 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-06-30 19:01 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-06-30 19:01 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-06-30 19:01 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-06-30 18:48 - 2015-07-01 15:03 - 00000000 ____D C:\Program Files (x86)\F1 2013
2015-06-30 18:45 - 2015-06-30 18:45 - 00001261 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2015-06-30 18:44 - 2015-06-30 18:44 - 01640984 _____ C:\Users\Marek\Downloads\SetupVirtualCloneDrive5470.exe
2015-06-30 18:44 - 2015-06-30 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-06-30 18:44 - 2015-06-30 18:44 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2015-06-30 18:17 - 2015-06-30 18:18 - 00000000 ____D C:\Users\Marek\Downloads\F1.2013-RELOADED
2015-06-30 13:03 - 2015-06-30 13:13 - 00000000 ____D C:\Users\Marek\Downloads\The Thin Red Line (1998)
2015-06-29 18:47 - 2015-07-26 22:31 - 00000000 ____D C:\Users\Marek\AppData\Roaming\vlc
2015-06-29 18:47 - 2015-06-29 18:47 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-06-29 18:47 - 2015-06-29 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-06-29 18:47 - 2015-06-29 18:47 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-06-29 18:45 - 2015-06-29 18:46 - 28849904 _____ C:\Users\Marek\Downloads\vlc-2.2.1-win32.exe
2015-06-29 18:15 - 2015-06-29 18:43 - 00000000 ____D C:\Users\Marek\Downloads\22 Jump Street (2014)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-29 18:34 - 2015-06-20 17:32 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-29 17:05 - 2009-07-14 06:51 - 00063641 _____ C:\Windows\setupact.log
2015-07-29 17:03 - 2009-07-14 06:45 - 00032128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-29 17:03 - 2009-07-14 06:45 - 00032128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-29 16:58 - 2014-12-06 16:31 - 01327134 _____ C:\Windows\WindowsUpdate.log
2015-07-29 16:56 - 2014-12-06 16:53 - 629747712 ___SH C:\Windows\lenovo_fastboot.img
2015-07-29 16:55 - 2015-06-20 17:32 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-29 16:55 - 2014-12-06 16:52 - 00000000 ____D C:\ProgramData\Validity
2015-07-29 16:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-29 16:54 - 2014-12-06 16:43 - 01551792 _____ C:\Users\Public\CAFADEBUG.log
2015-07-29 16:49 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-29 16:48 - 2010-11-21 05:47 - 00788394 _____ C:\Windows\PFRO.log
2015-07-29 16:45 - 2015-06-20 17:31 - 00000000 ____D C:\Users\Marek\AppData\Local\Google
2015-07-28 17:39 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-28 16:54 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-28 16:53 - 2014-12-06 16:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-28 16:53 - 2014-12-06 16:39 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-07-28 16:53 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-28 16:48 - 2014-12-06 16:05 - 00668556 _____ C:\Windows\system32\perfh005.dat
2015-07-28 16:48 - 2014-12-06 16:05 - 00141184 _____ C:\Windows\system32\perfc005.dat
2015-07-28 16:48 - 2009-07-14 07:13 - 01582266 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-28 15:45 - 2015-06-20 17:23 - 00000000 ____D C:\Users\Marek
2015-07-28 15:34 - 2015-06-20 17:24 - 00001404 _____ C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-28 15:34 - 2009-07-14 06:45 - 00445528 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-27 23:48 - 2015-06-20 17:59 - 00000000 ____D C:\Users\Marek\AppData\Roaming\uTorrent
2015-07-27 18:59 - 2015-06-20 17:25 - 00117392 _____ C:\Users\Marek\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-27 18:59 - 2015-06-20 17:24 - 00000000 ____D C:\Users\Marek\AppData\Local\VirtualStore
2015-07-27 18:36 - 2015-06-20 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-26 09:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-23 19:25 - 2015-06-20 19:56 - 00000000 ____D C:\video
2015-07-20 20:54 - 2014-02-03 16:34 - 00000000 ____D C:\Windows\ShellNew
2015-07-20 20:54 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-20 20:52 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-20 20:52 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2015-07-16 07:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 06:29 - 2015-06-20 17:32 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 06:29 - 2015-06-20 17:32 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 19:39 - 2015-06-20 19:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-11 06:53 - 2015-06-20 17:30 - 00000000 __SHD C:\Users\Marek\AppData\Local\EmieUserList
2015-07-11 06:53 - 2015-06-20 17:30 - 00000000 __SHD C:\Users\Marek\AppData\Local\EmieSiteList
2015-07-01 12:16 - 2014-12-06 16:52 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2015-07-01 12:08 - 2015-06-20 17:33 - 00000000 ____D C:\Users\Marek\AppData\Roaming\LSC
2015-07-01 11:47 - 2014-12-06 17:00 - 00000000 ____D C:\ProgramData\Norton
2015-06-29 18:35 - 2014-02-03 16:34 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-29 18:35 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2015-06-29 18:35 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2015-06-29 18:35 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2015-06-29 18:35 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-06-29 18:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-06-29 18:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-06-29 18:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-29 18:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-06-29 18:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-06-29 18:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-06-29 18:35 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-29 18:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-06-29 18:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-06-29 18:34 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\winrm
2015-06-29 18:34 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\WCN
2015-06-29 18:34 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\slmgr
2015-06-29 18:34 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2015-06-29 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2015-06-29 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2015-06-29 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Speech

==================== Files in the root of some directories =======

2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 ____N () C:\Users\Marek\AppData\Roaming\IV1s1qxCMypc7EsGHl5y2rLG
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 ____N () C:\Users\Marek\AppData\Roaming\WiabkMP7spSQY5g2Ols
2015-07-28 21:36 - 2015-07-28 21:36 - 0007605 _____ () C:\Users\Marek\AppData\Local\Resmon.ResmonCfg
2014-12-06 16:43 - 2014-12-06 16:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-06 16:57 - 2014-12-06 16:57 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-12-06 16:54 - 2014-12-06 16:55 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-12-06 16:55 - 2014-12-06 16:56 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-12-06 16:56 - 2014-12-06 16:57 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Some files in TEMP:
====================
C:\Users\Marek\AppData\Local\Temp\Quarantine.exe
C:\Users\Marek\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-25 22:44




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows7_OS) (Fixed) (Total:911.86 GB) (Free:785.08 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (F1 2013) (CDROM) (Total:5.51 GB) (Free:0 GB) CDFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:18.19 GB) (Free:0.01 GB) NTFS

Available physical RAM: 4861.26 MB
Total physical RAM: 7906.47 MB
Percentage of memory in use: 38%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: AF7E1B88)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.2 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: AF7E15A2)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\Marek\Downloads\DivX.Web.Player.Installer__8420_i1561426396_il24578 (2).exe:typelib

==================== Security Center ==================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Marek\Desktop" je 6 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: odstraňování QIYI - Pomoc s CFSscriptem

Napsal: 29 črc 2015 18:53
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe
C:\Program Files (x86)\baidu
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll No File
FF HKU\S-1-5-21-1736032595-1940929976-456475042-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
U0 Partizan; system32\drivers\Partizan.sys [X]
C:\Users\Marek\Desktop\全网影视.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
C:\Users\Marek\AppData\Local\4674
C:\Users\Public\QiYi
C:\Program Files (x86)\baidu
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Marek\AppData\Roaming\IV1s1qxCMypc7EsGHl5y2rLG
C:\Users\Marek\AppData\Roaming\WiabkMP7spSQY5g2Ols
C:\ProgramData\DP45977C.lfl
C:\Users\Marek\AppData\Local\Temp
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
AlternateDataStreams: C:\Users\Marek\Downloads\DivX.Web.Player.Installer__8420_i1561426396_il24578 (2).exe:typelib
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: odstraňování QIYI - Pomoc s CFSscriptem

Napsal: 29 črc 2015 19:05
od STRNYY
Ha! Zdá se že to zmizlo.. EDIT: Tak ne, pořád tam něco málo běží ..
Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Marek (2015-07-29 20:03:01) Run:1
Running from C:\Users\Marek\Desktop
Loaded Profiles: UpdatusUser & Marek (Available Profiles: UpdatusUser & Marek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe
C:\Program Files (x86)\baidu
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll No File
FF HKU\S-1-5-21-1736032595-1940929976-456475042-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
U0 Partizan; system32\drivers\Partizan.sys [X]
C:\Users\Marek\Desktop\全网影视.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
C:\Users\Marek\AppData\Local\4674
C:\Users\Public\QiYi
C:\Program Files (x86)\baidu
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Marek\AppData\Roaming\IV1s1qxCMypc7EsGHl5y2rLG
C:\Users\Marek\AppData\Roaming\WiabkMP7spSQY5g2Ols
C:\ProgramData\DP45977C.lfl
C:\Users\Marek\AppData\Local\Temp
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
AlternateDataStreams: C:\Users\Marek\Downloads\DivX.Web.Player.Installer__8420_i1561426396_il24578 (2).exe:typelib
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\Software\Microsoft\Windows\CurrentVersion\Run\\apphide => value removed successfully
C:\Program Files (x86)\baidu => moved successfully.
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe => moved successfully.
C:\Program Files\McAfee Security Scan => moved successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully
"HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1736032595-1940929976-456475042-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npAndroidAssistant" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQPCMgr" => key removed successfully
HKU\S-1-5-21-1736032595-1940929976-456475042-1001\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value removed successfully
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => moved successfully.
Partizan => service removed successfully
C:\Users\Marek\Desktop\全网影视.lnk => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 => moved successfully.
C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 => moved successfully.
C:\Users\Marek\AppData\Local\4674 => moved successfully.
C:\Users\Public\QiYi => moved successfully.
"C:\Program Files (x86)\baidu" => File/Folder not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully.
C:\Users\Marek\AppData\Roaming\IV1s1qxCMypc7EsGHl5y2rLG => moved successfully.
C:\Users\Marek\AppData\Roaming\WiabkMP7spSQY5g2Ols => moved successfully.
C:\ProgramData\DP45977C.lfl => moved successfully.

"C:\Users\Marek\AppData\Local\Temp" folder move:

Could not move "C:\Users\Marek\AppData\Local\Temp" => Scheduled to move on reboot.

C:\Windows\SysWOW64\dlumd10.dll => moved successfully.
C:\Windows\SysWOW64\dlumd11.dll => moved successfully.
C:\Windows\SysWOW64\dlumd9.dll => moved successfully.
C:\Windows\System32\dlumd10.dll => moved successfully.
C:\Windows\System32\dlumd11.dll => moved successfully.
C:\Windows\System32\dlumd9.dll => moved successfully.
C:\Users\Marek\Downloads\DivX.Web.Player.Installer__8420_i1561426396_il24578 (2).exe => ":typelib" ADS removed successfully.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-29 20:03:51)<=

C:\Users\Marek\AppData\Local\Temp => moved successfully

==== End of Fixlog 20:03:51 ====

Re: odstraňování QIYI - Pomoc s CFSscriptem

Napsal: 29 črc 2015 19:28
od Rudy
Smazáno. Nastala nějaká změna?

Re: odstraňování QIYI - Pomoc s CFSscriptem

Napsal: 29 črc 2015 19:47
od STRNYY
Zmizely ikony s čínskými znaky na ploše, nic se samovolně nespouští (ale to už přestalo po čištění ADWcleanerem) PC se chová normálně, ale ve správci úloh pořád běží podivné procesy. Přikládám screenshoty v příloze. Prozatím moc děkuji za ochotu.
:arrow:
scrn.rar
(132.4 KiB) Staženo 38 x

Re: odstraňování QIYI - Pomoc s CFSscriptem

Napsal: 29 črc 2015 21:03
od Rudy
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: odstraňování QIYI - Pomoc s CFSscriptem

Napsal: 30 črc 2015 15:25
od STRNYY
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 30.7.2015
Čas skenování: 16:07
Protokol: log.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.07.30.03
Databáze rootkitů: v2015.07.29.02
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Marek

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 400232
Uplynulý čas: 15 min, 6 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 13
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, , [7a7114d361295adcc7211eacbb47da26],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, , [7a7114d361295adcc7211eacbb47da26],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, , [7a7114d361295adcc7211eacbb47da26],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, , [7a7114d361295adcc7211eacbb47da26],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, , [7a7114d361295adcc7211eacbb47da26],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, , [7a7114d361295adcc7211eacbb47da26],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\CinemaPlus-4.5vV27.07-nv, , [58934c9b474394a2e08a8c9cfb0817e9],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-4.5vV27.07-nv, , [ae3dc423f09a5adc2743ee3a63a0728e],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-4.5vV27.07-nv-ie, , [7f6c499eff8b44f20664939531d29967],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, , [5299499e4446a591f866d43eda29e818],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, , [a74472755238a98d630b5a3e699b966a],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-1736032595-1940929976-456475042-1001\SOFTWARE\CinemaPlus-4.5vV27.07-nv, , [0edd1dcaf397310584e78d9b6b98d52b],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-1736032595-1940929976-456475042-1001\SOFTWARE\CinemaPlus-4.5vV27.07-nv-ie, , [8467608789014ee81d4ef73159aa7c84],

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 6
Riskware.Gamehack, C:\Program Files (x86)\F1 2013\steam_api.dll, , [e10a40a7ed9d74c26c39a1bd2cd60cf4],
PUP.Optional.IQIYI.A, C:\Windows\Fonts\iqiyi_logo.ttf, , [3caf687f3c4e1f171cba050934cf6a96],
PUP.Optional.BestPriceNinja.A, C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage, , [d5168a5d81094cead9378e1735cfa957],
PUP.Optional.BestPriceNinja.A, C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal, , [d01bf8ef1773e84e09073b6ac14353ad],
PUP.Optional.BestPriceNinja.A, C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, , [58938b5c0d7d6acc9f719c09a0643fc1],
PUP.Optional.BestPriceNinja.A, C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, , [93581acddcae6ccafa16dfc6f90b7d83],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Re: odstraňování QIYI - Pomoc s CFSscriptem

Napsal: 30 črc 2015 17:52
od Rudy
Všechny nálezy smažte.

Re: odstraňování QIYI - Pomoc s CFSscriptem

Napsal: 30 črc 2015 21:05
od STRNYY
Smazáno, ale procesy popwndexe.exe a listicka-x64.exe (viz. screenshot přiložený pár postů zpět) stále běží a v nabídce start se stále zobrazují čínské znaky. Nový scan nic nenašel a každou chvíli se mi otevírá toto okno
szn.rar
(177.84 KiB) Staženo 34 x
- to před napadením nedělalo (ačkoliv nechápu co s tím má seznam.cz společného ..) :(
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz