Prosím o preventivní kontrolu

[Gary545]

Dobrý den,

prosím o preventivní kontrolu ntb. Děkuji


Logfile of random's system information tool 1.10 (written by random/random)
Run by Marcela at 2015-08-19 20:54:04
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 371 GB (80%) free of 463 GB
Total RAM: 4007 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:54:38, on 19.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17937)
Boot mode: Normal

Running processes:
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Marcela\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\SysWOW64\rundll32.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Windows\SysWOW64\WScript.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\trend micro\Marcela.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [msgoydpSrv] C:\Windows\inf\msgoydp.vbe
O4 - HKLM\..\Run: [Printsrv] c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [mncrwqaSrv] C:\Windows\system32\mncrwqa.vbe
O4 - HKLM\..\Run: [mncfyddgsSrv] C:\Windows\system32\mncfyddgs.vbe
O4 - HKLM\..\Run: [MSStp] C:\Windows\inf\msstp.vbe
O4 - HKLM\..\Run: [mncvonvSrv] C:\Windows\system32\mncvonv.vbe
O4 - HKLM\..\Run: [mslkkySrv] "C:\Windows\system32\mslkky.vbe" msqbcx mslujtdh
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [LTT] C:\Program Files\PC-Doctor\EnableToolbarW32.exe
O4 - HKCU\..\Run: [SystemProc] C:\Users\Public\Other\run.vbs
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Marcela\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Marcela\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{4646A42A-F39C-4B33-BCB2-FC22091423EC}: NameServer = 0.0.0.0
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideoDownloadConverterService (VideoDownloadConverter_4zService) - COMPANYVERS_NAME - C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe
O23 - Service: VIPAppService - Symantec Corporation - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16972 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3890d665-e40c-41c2-9b23-f146e19b7e97 -SystemEventPortName:HostProcess-95c412b4-1425-4981-b43f-eddafc0891ae -IoCancelEventPortName:HostProcess-ce192d26-039e-4f63-83f4-44e788a6fc54 -NonStateChangingEventPortName:HostProcess-db66218d-4f51-4209-8b0e-c22ea19a64ca -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:ef8f0313-d942-4053-b4ac-d37fd0dc34ad -DeviceGroupId:
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
"C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe"
"C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe"
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe"
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
WLIDSvcM.exe 1980
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\rundll32.exe "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook
taskeng.exe {EEFEF34E-306F-4637-8A64-F78BCE91047F}
C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.MediaKey
"taskhost.exe"
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
"C:\Windows\system32\Dwm.exe"
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\Explorer.EXE
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
"C:\Windows\System32\TpShocks.exe"
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe"
"C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe"
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Windows\System32\WScript.exe" "C:\Users\Public\Other\run.vbs"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Other\run.bat" "
\??\C:\Windows\system32\conhost.exe "115493339110945309831293942849-7171107321385004794-605860980-1079923488-1063961078
"C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
szndesktop.exe default start
"C:\Users\Marcela\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe "-179503546910697727814719024301031989262-555523582-884594886-633820675-1709212846
"C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
C:\Users\Public\Other\minerd.exe -a scrypt -o stratum+tcp://eu.clevermining.com:3333 -u 1DonFv2SZi1KKDrJVCWQz5UtcLioihWkBf -p x
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
"C:\Windows\System32\WScript.exe" "C:\Windows\System32\mslkky.vbe" msqbcx mslujtdh
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Windows\SysWOW64\RunDll32.exe" "C:\Program Files\ThinkPad\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\Lenovo\System Update\SUService.exe"
"C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"

"C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe" Add-on
"C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe"
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4760 CREDAT:267521 /prefetch:2
"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"
"C:\Users\Marcela\RSITx64.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://www.bing.com/search?FORM=UP97DF&PC=UP97&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin]
"Description"=VideoDownloadConverter Plugin
"Path"=C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL


C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\extensions\
4zffxtbr@VideoDownloadConverter_4z.com
cxia0@4.net
n@dkjSe.com
orxczmompbrbrmjpr@ewtxywnbzrzxzj.org
ugWOy@l.net
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\searchplugins\
ask-search.xml
bingp.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01 2133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}]
Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2011-06-30 2417264]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-06 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01 1724032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}]
Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2011-06-30 2089584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-06 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2011-07-28 1935120]
"TpShocks"=C:\Windows\system32\TpShocks.exe [2011-03-30 380776]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2011-04-26 310912]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-08-19 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-08-19 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-08-19 416024]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2011-05-31 40808]
"ALCKRESI.EXE"=C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [2011-05-26 281960]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 1337000]
"VideoDownloadConverter Home Page Guard 64 bit"=C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe [2013-09-10 548936]
"Printsrv"=c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs []
"gpuminer"=C:\Users\Marcela\AppData\Roaming\cpuminer\sgminer\sgminer.cmd [2015-05-02 96]
"cpuminer"=C:\Windows\system32\cpuminer-gw64.exe [2015-06-05 3525408]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2015-07-11 170280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"=rundll32 netman.dll,ProcessQueue []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LTT"=C:\Program Files\PC-Doctor\EnableToolbarW32.exe []
"SystemProc"=C:\Users\Public\Other\run.vbs [2014-02-06 74]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25 31682656]
"cz.seznam.software.autoupdate"=C:\Users\Marcela\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Marcela\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-31 55808]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"Lenovo Registration"=C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [2011-07-14 4351712]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"VideoDownloadConverter Search Scope Monitor"=C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe [2013-09-10 44784]
"msgoydpSrv"=C:\Windows\inf\msgoydp.vbe [2013-08-27 1558]
"Printsrv"=c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"ApnTBMon"=C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2015-05-26 1684360]
"mncrwqaSrv"=C:\Windows\system32\mncrwqa.vbe []
"mncfyddgsSrv"=C:\Windows\system32\mncfyddgs.vbe []
"MSStp"=C:\Windows\inf\msstp.vbe [2014-03-05 1584]
"mncvonvSrv"=C:\Windows\system32\mncvonv.vbe []
"mslkkySrv"=C:\Windows\system32\mslkky.vbe msqbcx mslujtdh []
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2015-06-17 421888]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-08-19 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2010-12-08 135504]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-08-19 20:54:05 ----D---- C:\Program Files\trend micro
2015-08-19 20:54:04 ----D---- C:\rsit
2015-08-16 10:55:11 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 10:55:11 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 11:56:19 ----A---- C:\Windows\system32\basesrv.dll
2015-08-14 11:53:34 ----A---- C:\Windows\system32\invagent.dll
2015-08-14 11:53:34 ----A---- C:\Windows\system32\generaltel.dll
2015-08-14 11:53:34 ----A---- C:\Windows\system32\devinv.dll
2015-08-14 11:53:34 ----A---- C:\Windows\system32\appraiser.dll
2015-08-14 11:53:34 ----A---- C:\Windows\system32\aeinv.dll
2015-08-14 11:53:34 ----A---- C:\Windows\system32\acmigration.dll
2015-08-14 11:53:30 ----A---- C:\Windows\system32\aepdu.dll
2015-08-14 11:53:29 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-08-14 11:53:24 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2015-08-14 11:53:24 ----A---- C:\Windows\system32\mstscax.dll
2015-08-14 11:53:20 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2015-08-14 11:53:19 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2015-08-14 11:53:19 ----A---- C:\Windows\system32\wksprt.exe
2015-08-14 11:53:19 ----A---- C:\Windows\system32\tsgqec.dll
2015-08-14 11:53:19 ----A---- C:\Windows\system32\rdvidcrl.dll
2015-08-14 11:53:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-08-14 11:53:00 ----A---- C:\Windows\system32\ntdll.dll
2015-08-14 11:52:59 ----A---- C:\Windows\system32\kernel32.dll
2015-08-14 11:52:58 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-08-14 11:52:57 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-08-14 11:52:57 ----A---- C:\Windows\system32\sysmain.dll
2015-08-14 11:52:54 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-08-14 11:52:54 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-08-14 11:52:52 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-08-14 11:52:52 ----A---- C:\Windows\system32\lsasrv.dll
2015-08-14 11:52:51 ----A---- C:\Windows\system32\KernelBase.dll
2015-08-14 11:52:50 ----A---- C:\Windows\system32\wow64.dll
2015-08-14 11:52:50 ----A---- C:\Windows\system32\rstrui.exe
2015-08-14 11:52:49 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-08-14 11:52:49 ----A---- C:\Windows\system32\srcore.dll
2015-08-14 11:52:49 ----A---- C:\Windows\system32\rpcrt4.dll
2015-08-14 11:52:48 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-08-14 11:52:48 ----A---- C:\Windows\system32\winsrv.dll
2015-08-14 11:52:48 ----A---- C:\Windows\system32\schannel.dll
2015-08-14 11:52:48 ----A---- C:\Windows\system32\msv1_0.dll
2015-08-14 11:52:48 ----A---- C:\Windows\system32\kerberos.dll
2015-08-14 11:52:48 ----A---- C:\Windows\system32\csrsrv.dll
2015-08-14 11:52:48 ----A---- C:\Windows\system32\conhost.exe
2015-08-14 11:52:47 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-08-14 11:52:47 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-08-14 11:52:47 ----A---- C:\Windows\system32\wdigest.dll
2015-08-14 11:52:47 ----A---- C:\Windows\system32\smss.exe
2015-08-14 11:52:47 ----A---- C:\Windows\system32\ncrypt.dll
2015-08-14 11:52:47 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-08-14 11:52:46 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-08-14 11:52:46 ----A---- C:\Windows\system32\TSpkg.dll
2015-08-14 11:52:46 ----A---- C:\Windows\system32\sspicli.dll
2015-08-14 11:52:46 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-08-14 11:52:45 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-08-14 11:52:44 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-08-14 11:52:44 ----A---- C:\Windows\system32\lsass.exe
2015-08-14 11:52:42 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-08-14 11:52:42 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-08-14 11:52:42 ----A---- C:\Windows\system32\auditpol.exe
2015-08-14 11:52:41 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-08-14 11:52:41 ----A---- C:\Windows\system32\srclient.dll
2015-08-14 11:52:41 ----A---- C:\Windows\system32\ntvdm64.dll
2015-08-14 11:52:41 ----A---- C:\Windows\system32\cryptbase.dll
2015-08-14 11:52:40 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-08-14 11:52:40 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-08-14 11:52:40 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-08-14 11:52:40 ----A---- C:\Windows\system32\sspisrv.dll
2015-08-14 11:52:40 ----A---- C:\Windows\system32\secur32.dll
2015-08-14 11:52:40 ----A---- C:\Windows\system32\msmmsp.dll
2015-08-14 11:52:39 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-14 11:52:39 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-08-14 11:52:39 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-08-14 11:52:39 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-08-14 11:52:39 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-08-14 11:52:39 ----A---- C:\Windows\system32\wow64win.dll
2015-08-14 11:52:39 ----A---- C:\Windows\system32\wow64cpu.dll
2015-08-14 11:52:39 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-08-14 11:52:39 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-08-14 11:52:39 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-08-14 11:52:39 ----A---- C:\Windows\system32\credssp.dll
2015-08-14 11:52:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-14 11:52:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-14 11:52:38 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-14 11:52:38 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-14 11:52:38 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-14 11:52:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-14 11:52:37 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-14 11:52:36 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-14 11:52:36 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-14 11:52:36 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-14 11:52:36 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-14 11:52:36 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-14 11:52:36 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-14 11:52:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-14 11:52:35 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-14 11:52:35 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-14 11:52:35 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-14 11:52:35 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-14 11:52:33 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-08-14 11:52:33 ----A---- C:\Windows\system32\apisetschema.dll
2015-08-14 11:52:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-14 11:52:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-14 11:52:32 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-08-14 11:52:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-14 11:52:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-14 11:52:30 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-14 11:52:30 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-14 11:52:28 ----A---- C:\Windows\SYSWOW64\user.exe
2015-08-14 11:52:28 ----A---- C:\Windows\system32\adtschema.dll
2015-08-14 11:52:27 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-08-14 11:52:26 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-08-14 11:52:26 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-08-14 11:52:26 ----A---- C:\Windows\system32\msobjs.dll
2015-08-14 11:52:26 ----A---- C:\Windows\system32\msaudite.dll
2015-08-14 11:37:56 ----A---- C:\Windows\system32\WebClnt.dll
2015-08-14 11:37:55 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2015-08-14 11:37:55 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2015-08-14 11:37:55 ----A---- C:\Windows\system32\davclnt.dll
2015-08-14 11:37:51 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-08-14 11:37:51 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-08-14 11:37:51 ----A---- C:\Windows\system32\iertutil.dll
2015-08-14 11:37:51 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-08-14 11:37:50 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-08-14 11:37:50 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-08-14 11:37:49 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-08-14 11:37:49 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-08-14 11:37:49 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-08-14 11:37:49 ----A---- C:\Windows\system32\iernonce.dll
2015-08-14 11:37:49 ----A---- C:\Windows\system32\ie4uinit.exe
2015-08-14 11:37:48 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-08-14 11:37:48 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-08-14 11:37:48 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-08-14 11:37:48 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-08-14 11:37:48 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-14 11:37:47 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-08-14 11:37:44 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-08-14 11:37:44 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-08-14 11:37:43 ----A---- C:\Windows\system32\urlmon.dll
2015-08-14 11:37:43 ----A---- C:\Windows\system32\iedkcs32.dll
2015-08-14 11:37:42 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-08-14 11:37:42 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-08-14 11:37:41 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-08-14 11:37:41 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-08-14 11:37:41 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-08-14 11:37:40 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-08-14 11:37:40 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-14 11:37:39 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-08-14 11:37:39 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-08-14 11:37:39 ----A---- C:\Windows\system32\msfeeds.dll
2015-08-14 11:37:39 ----A---- C:\Windows\system32\dxtrans.dll
2015-08-14 11:37:38 ----A---- C:\Windows\system32\iesetup.dll
2015-08-14 11:37:37 ----A---- C:\Windows\system32\ieapfltr.dll
2015-08-14 11:37:35 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-08-14 11:37:35 ----A---- C:\Windows\system32\vbscript.dll
2015-08-14 11:37:34 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-08-14 11:37:33 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-08-14 11:37:33 ----A---- C:\Windows\system32\jsproxy.dll
2015-08-14 11:37:33 ----A---- C:\Windows\system32\ieUnatt.exe
2015-08-14 11:37:32 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-08-14 11:37:32 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-08-14 11:37:31 ----A---- C:\Windows\system32\ieui.dll
2015-08-14 11:37:31 ----A---- C:\Windows\system32\ieframe.dll
2015-08-14 11:37:31 ----A---- C:\Windows\system32\dxtmsft.dll
2015-08-14 11:37:30 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-08-14 11:37:30 ----A---- C:\Windows\system32\mshtmled.dll
2015-08-14 11:37:30 ----A---- C:\Windows\system32\jscript9diag.dll
2015-08-14 11:37:30 ----A---- C:\Windows\system32\jscript.dll
2015-08-14 11:37:29 ----A---- C:\Windows\system32\wininet.dll
2015-08-14 11:37:29 ----A---- C:\Windows\system32\jscript9.dll
2015-08-14 11:37:28 ----A---- C:\Windows\system32\msrating.dll
2015-08-14 11:37:28 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-08-14 11:37:26 ----A---- C:\Windows\system32\mshtml.dll
2015-08-14 11:37:22 ----A---- C:\Windows\system32\msxml3.dll
2015-08-14 11:37:21 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-08-14 11:37:21 ----A---- C:\Windows\system32\msxml6.dll
2015-08-14 11:37:20 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2015-08-14 11:37:20 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2015-08-14 11:37:20 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-08-14 11:37:20 ----A---- C:\Windows\system32\msxml6r.dll
2015-08-14 11:37:20 ----A---- C:\Windows\system32\msxml3r.dll
2015-08-13 19:31:00 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-08-13 19:31:00 ----A---- C:\Windows\system32\FntCache.dll
2015-08-13 19:31:00 ----A---- C:\Windows\system32\DWrite.dll
2015-08-13 19:31:00 ----A---- C:\Windows\system32\atmfd.dll
2015-08-13 19:30:59 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-08-13 19:30:59 ----A---- C:\Windows\system32\win32k.sys
2015-08-13 19:30:55 ----A---- C:\Windows\system32\lpk.dll
2015-08-13 19:30:55 ----A---- C:\Windows\system32\d3d10warp.dll
2015-08-13 19:30:54 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-08-13 19:30:54 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-08-13 19:30:54 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2015-08-13 19:30:54 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-08-13 19:30:54 ----A---- C:\Windows\system32\fontsub.dll
2015-08-13 19:30:54 ----A---- C:\Windows\system32\dciman32.dll
2015-08-13 19:30:54 ----A---- C:\Windows\system32\atmlib.dll
2015-08-13 19:30:53 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-08-13 19:30:42 ----A---- C:\Windows\SYSWOW64\notepad.exe
2015-08-13 19:30:42 ----A---- C:\Windows\system32\notepad.exe
2015-08-13 19:30:42 ----A---- C:\Windows\notepad.exe
2015-08-13 19:30:40 ----A---- C:\Windows\system32\shell32.dll
2015-08-13 19:30:39 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-08-13 19:30:36 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-08-13 19:30:36 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-08-13 19:30:36 ----A---- C:\Windows\system32\wuwebv.dll
2015-08-13 19:30:36 ----A---- C:\Windows\system32\wucltux.dll
2015-08-13 19:30:36 ----A---- C:\Windows\system32\wuaueng.dll
2015-08-13 19:30:36 ----A---- C:\Windows\system32\wuauclt.exe
2015-08-13 19:30:36 ----A---- C:\Windows\system32\wuapi.dll
2015-08-13 19:30:35 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-08-13 19:30:35 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-08-13 19:30:35 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-08-13 19:30:35 ----A---- C:\Windows\system32\wups2.dll
2015-08-13 19:30:35 ----A---- C:\Windows\system32\wups.dll
2015-08-13 19:30:35 ----A---- C:\Windows\system32\wudriver.dll
2015-08-13 19:30:35 ----A---- C:\Windows\system32\wuapp.exe
2015-08-13 19:30:35 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-08-13 19:30:35 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-08-13 19:30:31 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-07-21 20:10:16 ----D---- C:\Program Files (x86)\QuickTime
2015-07-21 20:02:50 ----D---- C:\Users\Marcela\AppData\Roaming\Apple Computer
2015-07-21 20:01:35 ----D---- C:\Program Files (x86)\iTunes
2015-07-21 20:01:33 ----D---- C:\Program Files\iPod
2015-07-21 20:01:27 ----D---- C:\ProgramData\Apple Computer
2015-07-21 20:01:27 ----D---- C:\Program Files\iTunes
2015-07-21 20:00:21 ----D---- C:\Program Files (x86)\Apple Software Update
2015-07-21 19:59:44 ----D---- C:\Program Files\Bonjour
2015-07-21 19:59:44 ----D---- C:\Program Files (x86)\Bonjour
2015-07-21 19:59:26 ----D---- C:\Program Files\Common Files\Apple
2015-07-21 19:58:56 ----D---- C:\ProgramData\Apple

======List of files/folders modified in the last 1 month======

2015-08-19 20:54:05 ----RD---- C:\Program Files
2015-08-19 20:52:57 ----D---- C:\Windows\Temp
2015-08-19 20:50:59 ----D---- C:\Windows\tracing
2015-08-19 20:40:18 ----D---- C:\Users\Marcela\AppData\Roaming\Skype
2015-08-19 14:42:16 ----D---- C:\Users\Marcela\AppData\Roaming\msct
2015-08-19 14:42:15 ----D---- C:\Users\Marcela\AppData\Roaming\wld
2015-08-18 12:44:29 ----D---- C:\Program Files (x86)\TampaInit
2015-08-18 12:43:24 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-08-18 12:42:36 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2015-08-18 12:33:36 ----D---- C:\Users\Marcela\AppData\Roaming\Seznam.cz
2015-08-18 12:33:15 ----D---- C:\Windows\System32
2015-08-18 12:33:15 ----D---- C:\Windows\inf
2015-08-18 12:33:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-08-18 12:29:48 ----A---- C:\Windows\SYSWOW64\log.txt
2015-08-18 12:27:15 ----D---- C:\Windows\system32\config
2015-08-17 09:54:23 ----D---- C:\Windows\winsxs
2015-08-17 09:51:20 ----SD---- C:\Windows\system32\CompatTel
2015-08-17 09:51:20 ----D---- C:\Windows\SysWOW64
2015-08-17 09:51:20 ----D---- C:\Windows\system32\appraiser
2015-08-17 09:51:20 ----D---- C:\Windows\AppPatch
2015-08-17 09:51:18 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-08-17 09:51:18 ----D---- C:\Windows\system32\drivers\cs-CZ
2015-08-17 09:51:18 ----D---- C:\Windows\system32\cs-CZ
2015-08-17 09:51:17 ----D---- C:\Windows\system32\drivers
2015-08-17 09:51:11 ----D---- C:\Windows\SYSWOW64\en-US
2015-08-17 09:51:11 ----D---- C:\Program Files\Internet Explorer
2015-08-17 09:51:10 ----D---- C:\Windows\system32\en-US
2015-08-17 09:51:08 ----D---- C:\Program Files (x86)\Internet Explorer
2015-08-17 00:17:13 ----D---- C:\Windows\Microsoft.NET
2015-08-17 00:16:29 ----D---- C:\Windows\system32\MRT
2015-08-17 00:16:23 ----RSD---- C:\Windows\assembly
2015-08-17 00:07:20 ----A---- C:\Windows\system32\MRT.exe
2015-08-17 00:07:05 ----SHD---- C:\System Volume Information
2015-08-16 23:40:15 ----D---- C:\Windows\Prefetch
2015-08-16 23:36:28 ----D---- C:\Program Files\Microsoft Silverlight
2015-08-16 23:36:26 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-08-16 11:07:04 ----D---- C:\Windows
2015-08-16 10:55:53 ----SHD---- C:\Windows\Installer
2015-08-14 11:54:20 ----D---- C:\ProgramData\Microsoft Help
2015-08-14 11:39:36 ----D---- C:\Windows\system32\catroot2
2015-08-13 19:28:46 ----A---- C:\Windows\win.ini
2015-08-02 20:24:40 ----D---- C:\Windows\rescache
2015-07-30 21:10:36 ----RD---- C:\Program Files (x86)
2015-07-28 17:32:36 ----D---- C:\Windows\SoftwareDistribution
2015-07-25 11:05:01 ----SD---- C:\Windows\system32\GWX
2015-07-24 09:53:29 ----D---- C:\Program Files (x86)\Funny Mood
2015-07-21 22:01:39 ----D---- C:\Program Files (x86)\FunDEalss
2015-07-21 22:01:36 ----D---- C:\Program Files (x86)\FuunDEAels
2015-07-21 20:01:27 ----HD---- C:\ProgramData
2015-07-21 20:00:23 ----D---- C:\Windows\system32\Tasks
2015-07-21 20:00:12 ----D---- C:\Windows\system32\DriverStore
2015-07-21 20:00:10 ----D---- C:\Windows\system32\catroot
2015-07-21 19:59:26 ----D---- C:\Program Files\Common Files
2015-07-21 19:58:56 ----D---- C:\Program Files (x86)\Common Files
2015-07-21 19:53:58 ----D---- C:\Program Files (x86)\MINECRAFT 1.6.2 plna hra
2015-07-21 19:52:06 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 280376]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2011-03-30 139888]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-03-30 23664]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-09 32104]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2011-08-31 14960]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 124568]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-11-23 80384]
R3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2011-04-27 436776]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-04-27 150568]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2011-04-27 164392]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-04-27 39976]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2011-04-27 21544]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2011-03-24 1576064]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2011-07-12 86016]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2014-02-27 57144]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-08-19 12289472]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-08-19 317440]
R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys [2011-06-22 25496]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2011-11-23 40248]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-04-24 460528]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2011-07-12 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-07-12 13952]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2011-07-12 98816]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2011-07-12 28672]
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2011-07-12 213504]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2011-06-22 34200]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2015-06-10 54784]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 APNMCP;Ask Update Service; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2015-04-28 178568]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-05-29 77128]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2011-04-28 968480]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-17 198784]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-07-28 1517328]
R2 IBMPMSVC;Lenovo PM Service; C:\Windows\system32\ibmpmsvc.exe [2014-02-27 68440]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-22 326168]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 23816]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-12 193824]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-07-28 844560]
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
R2 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2011-07-26 28672]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R2 VideoDownloadConverter_4zService;VideoDownloadConverterService; C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [2013-09-10 42504]
R2 VIPAppService;VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-06-30 82544]
R3 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2015-07-11 644904]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 366544]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-09 144232]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-18 269000]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-30 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-07-16 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-06-02 148080]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-11-19 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400]
S3 PwmEWSvc;Cisco EnergyWise Enabler; C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2011-03-30 47728]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-13 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[Márty84]

Zdravim

Minule jste se na to vykaslal, tak doufam, ze to tentokrat dokoncite

Je tam hodne haveti, snad mate zalohovana data


Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.


Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[Gary545]

Dobrý den,

za minulé nedokončení se omlouvám, ale bohužel jsem propůjčil svůj login známé a ta bohužel spolupráci s vámi nedokončila.


Děkuji za pomoc, snad se nám to podaří vyčistit . Ještě bych měl malý dotaz co se týká přechodu na Windows 10 je dobré přejít nebo raději zůstat u Windows 8?
Log z AdwCleaner

# AdwCleaner v5.002 - Logfile created 20/08/2015 at 16:36:08
# Updated 18/08/2015 by Xplode
# Database : 2015-08-18.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Marcela - MACA
# Running from : C:\Users\Marcela\Desktop\adwcleaner_5.002.exe
# Option : Cleaning

***** [ Services ] *****

[-] Service Deleted : APNMCP
[-] Service Deleted : VideoDownloadConverter_4zService
[!] Service Not Deleted : VideoDownloadConverter_4zService

***** [ Folders ] *****

[#] Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
[-] Folder Deleted : C:\Program Files (x86)\video download converter
[-] Folder Deleted : C:\Program Files (x86)\DiiscouuntExetensi
[-] Folder Deleted : C:\Program Files (x86)\DiscountExtENsi
[-] Folder Deleted : C:\Program Files (x86)\DIsscounntExteaNsi
[-] Folder Deleted : C:\Program Files (x86)\FunDEalss
[-] Folder Deleted : C:\Program Files (x86)\FunDeealss
[-] Folder Deleted : C:\Program Files (x86)\FuunDEAels
[-] Folder Deleted : C:\Program Files (x86)\PPriceLesos
[-] Folder Deleted : C:\Program Files (x86)\TampaInit
[-] Folder Deleted : C:\Program Files (x86)\VideoDownloadConverter_4z
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\AskPartnerNetwork
[-] Folder Deleted : C:\ProgramData\Partner
[-] Folder Deleted : C:\ProgramData\{edb27d40-0098-6139-edb2-27d40009f500}
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\video download converter
[-] Folder Deleted : C:\Users\Marcela\AppData\Local\apn
[-] Folder Deleted : C:\Users\Marcela\AppData\Local\AskPartnerNetwork
[-] Folder Deleted : C:\Users\Marcela\AppData\Local\Temp\apn
[-] Folder Deleted : C:\Users\Marcela\AppData\Local\Temp\AskSearch
[-] Folder Deleted : C:\Users\Marcela\AppData\Roaming\cpuminer
[-] Folder Deleted : C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[-] Folder Deleted : C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\Extensions\cxia0@4.net
[-] Folder Deleted : C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\Extensions\n@dkjSe.com
[-] Folder Deleted : C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\Extensions\ugWOy@l.net
[-] Folder Deleted : C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
[-] File Deleted : C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage
[-] File Deleted : C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\searchplugins\ask-search.xml
[-] File Deleted : C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\searchplugins\bingp.xml
[-] File Deleted : C:\Windows\Sysnative\cpuminer-gw64.exe

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter Search Scope Monitor]
[-] Key Deleted : HKLM\SOFTWARE\ab99bf2b-ec5c-0817-c186-b083e40dcce3
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{48d9be4d}
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [4zffxtbr@VideoDownloadConverter_4z.com]
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66292684-B2C2-4C7C-B3D2-BF446E30744C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469d-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1f6f39c1-00a8-4752-a94c-d0ea92d978b6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2a1260c1-2964-453f-b0ba-fa429472eb5f}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469d-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363d5c92-10dc-4287-93e5-1832eecc48ec}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3b41be90-f731-4137-aff3-2ca951e7f0d9}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{3d429207-4689-492d-a0e5-cdc5dfbb5005}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{4128c64d-f0dd-4811-9405-d22294e8151f}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{5354d921-3f52-47c5-938d-77a2fb6defe7}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{66292684-b2c2-4c7c-b3d2-bf446e30744c}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6bff4bcb-7a73-45a7-ac4c-389a34e1d1ef}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84b7b98f-e018-4dbb-ab4c-4ddd3dfcb5fb}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8fca5302-6d6d-4645-bf99-d43cf76ce474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99e1f6fd-2e94-4cf6-8344-1ba63cd3bd9b}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{a86782d8-7b41-452f-a217-1854f72dba54}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{dd385519-22e7-4be2-8a8d-35c66df4858e}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ed345812-2722-4dca-9976-d01832db44ee}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ff48dba6-5dd8-4d10-9eb0-0fa968502e66}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8BB736A5-5657-4B96-9CFF-4F19318E6F05}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A336F17E-321F-43FA-9BE6-873BBDFF418E}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f6f39c1-00a8-4752-a94c-d0ea92d978b6}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354d921-3f52-47c5-938d-77a2fb6defe7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99e1f6fd-2e94-4cf6-8344-1ba63cd3bd9b}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a86782d8-7b41-452f-a217-1854f72dba54}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ed345812-2722-4dca-9976-d01832db44ee}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3d429207-4689-492d-a0e5-cdc5dfbb5005}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKCU\Software\AskPartnerNetwork
[-] Key Deleted : HKCU\Software\VideoDownloadConverter_4z
[-] Key Deleted : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\VideoDownloadConverter_4z
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall Firefox
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall Firefox
[!] Key Not Deleted : [x64] HKCU\Software\AskPartnerNetwork
[!] Key Not Deleted : [x64] HKCU\Software\VideoDownloadConverter_4z
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cpuminer
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gpuminer
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [ Web browsers ] *****

[-] [C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\prefs.js] [Preference] Deleted : user_pref("extensions.ZqAHd1xkoBpYbZ02.scode", "(function(){try{if(window.location.href.indexOf(\"rTwFpdYHrTsHqjrGrHs4rHYFqE\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[-] [C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\prefs.js] [Preference] Deleted : user_pref("extensions.iXJlBSPMD8oG2vIm.scode", "(function(){try{if(window.location.href.indexOf(\"rTwFpdYHrTsHqjrGrHs4rHYFqE\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[-] [C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\prefs.js] [Preference] Deleted : user_pref("extensions.plZIndY4TUuZpaWa.scode", "(function(){try{if(window.location.href.indexOf(\"rTwFpdYHrTsHqjrGrHs4rHYFqE\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[-] [C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\prefs.js] [Preference] Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"4zffxtbr@VideoDownloadConverter_4z.com\":{\"d\":\"C:\\\\Users\\\\Marcela\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\xdpdbuyr.defau[...]

*************************

:: Proxy settings cleared
:: Winsock settings cleared
:: Chrome policies deleted

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15000 bytes] ##########


LOG z MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 20.8.2015
Čas skenování: 17:28
Protokol:
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.08.20.04
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Marcela

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 611036
Uplynulý čas: 3 hod, 36 min, 20 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 4
RiskWare.BitcoinMiner, C:\Users\Public\Other\minerd.exe, 5016, , [1cf88289563582b4ca1e5f6a55ac59a7]
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncvonv.exe, 4948, , [e52fd536444754e20807e00c9e62847c]
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncfyddgs.exe, 264, , [fe161af107840d299679e50731cf837d]
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncrwqa.exe, 1012, , [ab69bb50cbc0270f0d02dc10847cf50b]

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 9
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\VideoDownloadConverter_4z.SkinLauncherSettings, , [0e064dbebad15bdb752df3df986a748c],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\VideoDownloadConverter_4z.SkinLauncherSettings.1, , [da3a7596b9d2b77f336f11c19171857b],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VideoDownloadConverter_4z.SkinLauncherSettings, , [da3a7596b9d2b77f336f11c19171857b],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\VideoDownloadConverter_4z.SkinLauncherSettings.1, , [da3a7596b9d2b77f336f11c19171857b],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VideoDownloadConverter_4z.SkinLauncherSettings, , [da3a7596b9d2b77f336f11c19171857b],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\VideoDownloadConverter_4z.SkinLauncherSettings.1, , [da3a7596b9d2b77f336f11c19171857b],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{478472F9-9E09-492A-BDAB-42EE595EF1AD}, , [0e0660abccbfb1854e7a700abf42aa56],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2D9083CE-8758-4704-BA57-3C891D7452BD}, , [61b3808b8b00b38318a7366f34d015eb],
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5637-4300-76A7-A758B70C1D00}, , [74a0977493f8201653800f0fba493ac6],

Hodnoty registru: 7
Trojan.Agent.SCR, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSStp, C:\Windows\inf\msstp.vbe, , [050fad5e117a76c01f229abf5fa455ab]
PUP.Optional.Mindspark, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|VideoDownloadConverter Home Page Guard 64 bit, "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe", , [e62eb457494243f384f6562f19eb738d]
PUP.Optional.CPUMiner.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cpuminer, C:\Windows\system32\cpuminer-gw64.exe, , [3dd7ff0c8dfe6ec8b454ffaf788c9e62]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2d9083ce-8758-4704-ba57-3c891d7452bd}|AppPath, C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin, , [61b3808b8b00b38318a7366f34d015eb]
Trojan.Agent.VBSGen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|msgoydpSrv, C:\Windows\inf\msgoydp.vbe, , [62b20a014d3e65d144db74f0e41f619f]
Trojan.Agent.VBSGen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mslkkySrv, "C:\Windows\system32\mslkky.vbe" msqbcx mslujtdh, , [af6569a2701b72c437c191d33cc78d73]
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5637-4300-76A7-A758B70C1D00}|InstallSource, C:\ProgramData\APN\APN-Stub\ORJ-V7C\, , [74a0977493f8201653800f0fba493ac6]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 1
PUP.Optional.MultiPlug.Gen, C:\ProgramData\673627697438762463, , [0f0549c2503bff37bbdaf7b08d77ef11],

Soubory: 90
RiskWare.BitcoinMiner, C:\Users\Public\Other\minerd.exe, , [1cf88289563582b4ca1e5f6a55ac59a7],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncvonv.exe, , [e52fd536444754e20807e00c9e62847c],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncfyddgs.exe, , [fe161af107840d299679e50731cf837d],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncrwqa.exe, , [ab69bb50cbc0270f0d02dc10847cf50b],
RiskWare.BitcoinMiner, C:\$Recycle.Bin\S-1-5-21-18979662-4221188999-1439749539-1000\$R436VGB.exe, , [0d077f8c1f6c58de7d6bf3d617eaa45c],
PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-18979662-4221188999-1439749539-1000\$RVMO3E9.exe, , [2fe5e823266571c5b75b6041966b3ec2],
Trojan.Agent.VBS, C:\Program Files (x86)\carovny minecraft 1 5 2 rar plna verze\carovny minecraft 1 5 2 rar plna verze.exe, , [52c25bb0008b21154187c27037c926da],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\Window Resizer\Window Resizer.exe, , [858fab608407b97d75535f1bc33ef40c],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\Pocket\Pocket.exe, , [0e0660abccbfb1854e7a700abf42aa56],
PUP.Optional.Bundle, C:\Users\Marcela\itunes-for-windows-lista-centrumcz.exe, , [d63e3ad1127960d6f6407a216f92af51],
PUP.Optional.Amonetize, C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0005f9, , [12028a819fec3afc76e8b32bf40d36ca],
PUP.Optional.Handy.A, C:\Users\Marcela\AppData\Local\Temp\XVsgaJ29.exe.part, , [8e86d23986052610de11718377898b75],
PUP.Optional.APNToolBar.A, C:\Users\Marcela\AppData\Local\Temp\APNSetup.exe, , [32e2dd2eb6d56cca16e146609a67a957],
PUP.HistoryTool, C:\Users\Marcela\AppData\Roaming\wld\iehv.exe, , [0b09ba51dbb0be78184f4231bb45eb15],
PUP.Proxy.BCM, C:\Users\Public\Other\mining_proxy.exe, , [cc48010a216a7db9ab06b166e51bdf21],
PUP.BitCoinMiner, C:\Windows\inf\MSASGui.exe, , [d1436e9dfa91290d8763fbfd08f9c23e],
BitcoinMiner, C:\Windows\inf\msuyxxomm\msuyxxomm.exe, , [da3a63a8bad18ea8af3d7070f40c6997],
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumncfyddgs.exe, , [c94ba665acdfe74fcb54a1429e63e11f],
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumncrwqa.exe, , [56beed1e2e5d4aec0d12ebf8778a54ac],
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumncvonv.exe, , [b75d7c8fdcafb97de9368e555ca505fb],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmncfyddgs.exe, , [898b18f3a1ea162033fbeefadd24a25e],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmncrwqa.exe, , [fa1a36d51675e254b975be2a17ea946c],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmncvonv.exe, , [7c98a8632665bf77e7477672946d5ea2],
PUP.Optional.APNToolBar.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir, , [bd5723e85932be78fbfcecbab0518c74],
PUP.Optional.Multiplug.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\DiiscouuntExetensi\Z5s91HdeWt3IGA.exe.vir, , [4aca2cdf1a719a9c3a8ea9d1c140d927],
PUP.Optional.Multiplug.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\DiscountExtENsi\DiscountExtENsi.exe.vir, , [9183b05b315a62d48a3e54260bf6ea16],
PUP.Optional.Multiplug.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\DIsscounntExteaNsi\wiskxOrw5Wc8nl.exe.vir, , [10048a81cac152e472564931946d3dc3],
PUP.Optional.Multiplug.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\FunDEalss\HkLALjJtEP0kTD.exe.vir, , [65af9e6d7516a78f8048314925dc05fb],
PUP.Optional.Multiplug.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\FunDeealss\FunDeealss.exe.vir, , [6da747c499f263d361679fdb14edc040],
PUP.Optional.Multiplug.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\FuunDEAels\XjdD84RE7EyTJ7.exe.vir, , [090b779488032b0becdc0e6c4db47f81],
PUP.Optional.MultiPlug.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\mozilla firefox\dbghelp.dll.vir, , [c153d23942491f17ccef9040768b9b65],
PUP.Optional.Multiplug.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\PPriceLesos\SIiWIZmGqnbe5l.exe.vir, , [0d07f5162d5e61d522f14751aa5735cb],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll.vir, , [ed27f01bfd8e51e5a023ec9d759029d7],
PUP.Optional.AudioToAudioToolBar.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe.vir, , [3dd767a4b8d3dd59287f9f94ce326e92],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zdatact.dll.vir, , [c84cbc4f3a51c4724c77a6e34eb7a957],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zdyn.dll.vir, , [2aea5ead2b6090a600c36c1dc73e04fc],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zfeedmg.dll.vir, , [32e23bd0cdbee551fbc808810afb7888],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhighin.exe.vir, , [b65e24e7b9d28babbd06cbbebf464db3],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhkstub.dll.vir, , [c35160abfc8f38fe8a39deabab5afa06],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhtmlmu.dll.vir, , [3ed6b9523358f73f0cb75a2f768f32ce],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zhttpct.dll.vir, , [898be5260a811e18bf044643b64f946c],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zidle.dll.vir, , [38dc9f6cd1bab77f2c97cdbc74916997],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zimpipe.exe.vir, , [e13358b35b30ac8a5c67d1b807fe35cb],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe.vir, , [d44047c40784c373754e8207de27c53b],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zmlbtn.dll.vir, , [b1639e6d0289ac8a368d7e0ba164cd33],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zmsg.dll.vir, , [9c78719aa0eba0960eb56f1a887db64a],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zPlugin.dll.vir, , [090bfc0f0f7ca4922b985a2f31d4a55b],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zradio.dll.vir, , [56be5caf7e0de74ff3d0e3a60afb55ab],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zregfft.dll.vir, , [9f759b702863bb7bf2d1deab050050b0],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zreghk.dll.vir, , [1afabd4ebecd78beedd696f3907544bc],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zscript.dll.vir, , [da3a75968ffcab8b5b68e0a95ea73cc4],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll.vir, , [060e0209b6d563d3764dd7b23acbde22],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zsknlcr.dll.vir, , [28ec8f7c0f7cba7cc30090f93bcaa65a],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zskplay.exe.vir, , [9e76f01b5d2e71c5794afb8e09fc08f8],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe.vir, , [c3518784543770c650736623867fd030],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4ztpinst.dll.vir, , [46ce3ecd692274c2992a3e4b050036ca],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zuabtn.dll.vir, , [1202ff0c2665f83e1fa48bfeb94cc23e],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe.vir, , [3dd759b25b30fc3a9c27c4c531d414ec],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegratorStub64.dll.vir, , [f61e33d85f2cfb3b457ea8e1d72e6c94],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\CREXT.DLL.vir, , [898b63a8523974c261621673b74e7090],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\CrExtP4z.exe.vir, , [64b04fbcb0dbfa3cf0d3f59462a314ec],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\DPNMNGR.DLL.vir, , [d44082890a811323d2f11d6cda2bd828],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\EXEMANAGER.DLL.vir, , [3cd89477404bf93d6360791053b234cc],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\Hpg64.dll.vir, , [ad67ed1e662559ddd8ebb0d9b352c838],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll.vir, , [977dbf4c7c0f171fa71c395051b44eb2],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8EXTEX.DLL.vir, , [0014b05b5e2db87e992a4c3d29dc35cb],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8EXTPEX.DLL.vir, , [17fd9378bfcc88ae64f6b58407f948b8],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8HTML.DLL.vir, , [46cedd2e3f4cf93d3d867d0c21e4b54b],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8RES.DLL.vir, , [21f3c14a1f6c0d29259ed7b223e250b0],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8TICKER.DLL.vir, , [d63e62a96c1f60d6d495e1a05da80ef2],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\VERIFY.DLL.vir, , [4dc7f219602bdd59645f0c7da263ac54],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\ThirdPartyInstallers\VideoDownloadConverterWrapper.exe.vir, , [0b0929e2d3b886b03390b7d2f90cd030],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins\EXEManager.dll.vir, , [868eca411c6f3402e7dcb1d8fe0713ed],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins\FF-NativeMessagingDispatcher.dll.vir, , [d53fb05b018a95a1edd63950d530fc04],
PUP.Optional.Mindspark.A, C:\AdwCleaner\Quarantine\C\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins\Verify.dll.vir, , [839116f5088333036c57fd8ce02502fe],
PUP.Optional.AskAPN.Gen, C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\extensions\toolbar_ORJ-V7C@apn.ask.com.xpi, , [789c0efd3d4e70c68250be603dc6e719],
Trojan.Agent.SCR, C:\Windows\inf\msstp.vbe, , [050fad5e117a76c01f229abf5fa455ab],
Trojan.Script, C:\Windows\SysWOW64\mslkky.vbe, , [090b74979eed38fecf5ee87f8a792fd1],
Trojan.Script, C:\Windows\SysWOW64\mslujtdh.vbe, , [36de0efde0ab55e18f9ed79060a30000],
Trojan.Script, C:\Windows\SysWOW64\msqbcx.vbe, , [66aec942880370c6d7565b0cec177888],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\673627697438762463\37684fb0004d66251d679ab125178079.ini, , [0f0549c2503bff37bbdaf7b08d77ef11],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\673627697438762463\37775abd6f6704a21d679ab125178079.ini, , [0f0549c2503bff37bbdaf7b08d77ef11],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\673627697438762463\4775d99c57b1799e1d679ab125178079.ini, , [0f0549c2503bff37bbdaf7b08d77ef11],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\673627697438762463\954accd1ef18255b1d679ab125178079.ini, , [0f0549c2503bff37bbdaf7b08d77ef11],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\673627697438762463\ad5e6328e91d5a251d679ab125178079.ini, , [0f0549c2503bff37bbdaf7b08d77ef11],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\673627697438762463\c5dda881163646771d679ab125178079.ini, , [0f0549c2503bff37bbdaf7b08d77ef11],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\673627697438762463\d1b823d8a4cc41491d679ab125178079.ini, , [0f0549c2503bff37bbdaf7b08d77ef11],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\673627697438762463\d38e8734560118a91d679ab125178079.ini, , [0f0549c2503bff37bbdaf7b08d77ef11],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\673627697438762463\d6ae24e4beaa0e721d679ab125178079.ini, , [0f0549c2503bff37bbdaf7b08d77ef11],
Trojan.Agent.VBSGen, C:\Windows\inf\msgoydp.vbe, , [62b20a014d3e65d144db74f0e41f619f],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Márty84]

za minulé nedokončení se omlouvám, ale bohužel jsem propůjčil svůj login známé a ta bohužel spolupráci s vámi nedokončila.

To ve vlastnim zajmu uz nedelejte. V pripade nejakych problemu se objevi poznamka u vaseho jmena a pripadny postih odnesete vy.

Děkuji za pomoc, snad se nám to podaří vyčistit .

Co jste vyvadel, ze tam mate takove stado haveti???

Ještě bych měl malý dotaz co se týká přechodu na Windows 10 je dobré přejít nebo raději zůstat u Windows 8?

Je tu o tom par temat a nekteri uzivatele to chvali, jini nadavaji. Ja osobne zustavam u W8. Ma to jeste spoustu much. Lakave to je proto, ze to zatim nabizeji zadarmo, ale ja si radeji pockam, nez to vychytaji.
Nicmene musim priznat, ze jsem W10 na vlastni oci jeste nevidel, takze objektivne hodnotit nemuzu.



Vsechny nalezy MBAM nechte odstranit. Po odstraneni a restartu pc test zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.

[Gary545]

Poté to zkušenosti již nebudu

Bohužel mám teď svůj ntb v opravě, tak jsem byl nucen půjčit si tento. Takže jsem si řekl, že si ho radši před užíváním nechám raději zkontrolovat.

zde log

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 20.8.2015
Čas skenování: 23:08
Protokol:
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.08.20.05
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Marcela

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 610466
Uplynulý čas: 2 hod, 47 min, 14 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

děkuji

[Márty84]

MBAM muzete odinstalovat.


Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[Gary545]

ComboFix 15-08-20.01 - Marcela 21.08.2015 19:39:47.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4007.1860 [GMT 2:00]
Spuštěný z: c:\users\Marcela\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Marcela\AppData\Local\Microsoft\Windows\Temporary Internet Files\{51B51327-0B78-439F-B04B-6A1EDF9D2098}.xps
c:\users\Marcela\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AB047E5C-275C-46B0-B7F8-8F08BF0D073B}.xps
c:\windows\msdownld.tmp
Q:\Autorun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-21 do 2015-08-21 )))))))))))))))))))))))))))))))
.
.
2015-08-21 18:17 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5FF9F10-CCC9-4E25-88A2-C97E7F243C80}\mpengine.dll
2015-08-21 18:08 . 2015-08-21 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-20 15:18 . 2015-08-20 15:18 -------- d-----w- c:\programdata\Malwarebytes
2015-08-20 14:51 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-08-20 14:44 . 2015-08-20 14:48 -------- d-----w- C:\$Windows.~BT
2015-08-20 14:33 . 2015-08-20 14:36 -------- d-----w- C:\AdwCleaner
2015-08-19 18:54 . 2015-08-19 18:54 -------- d-----w- c:\program files\trend micro
2015-08-19 18:54 . 2015-08-19 18:54 -------- d-----w- C:\rsit
2015-08-19 18:51 . 2015-08-19 18:51 1222144 ----a-w- c:\users\Marcela\RSITx64.exe
2015-08-16 22:00 . 2015-07-01 18:12 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E01A81E-D5F9-4084-953F-A5A5CF1C8BAD}\gapaengine.dll
2015-08-16 08:55 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 08:55 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 09:56 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-14 09:52 . 2015-07-15 18:10 1163264 ----a-w- c:\windows\system32\kernel32.dll
2015-08-14 09:37 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-13 17:31 . 2015-07-30 18:06 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-08-13 17:31 . 2015-07-30 18:06 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-08-13 17:31 . 2015-07-30 17:57 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-08-13 17:31 . 2015-07-30 16:52 372736 ----a-w- c:\windows\system32\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-18 10:43 . 2012-10-02 16:31 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-18 10:43 . 2012-10-02 16:31 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-18 10:42 . 2015-07-15 14:42 9284296 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-08-16 22:07 . 2012-02-04 18:05 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-02 18:29 . 2015-07-05 17:50 20 ----a-w- c:\users\Marcela\AppData\Roaming\appdataFr2.bin
2015-07-28 16:43 . 2015-07-16 19:12 24 ----a-w- c:\users\Marcela\AppData\Roaming\appdataFr25.bin
2015-07-15 18:10 . 2015-08-14 09:52 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55 . 2015-08-14 09:52 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-07-15 17:54 . 2015-08-14 09:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-04 18:07 . 2015-07-15 15:18 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 15:18 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-01 18:12 . 2012-06-14 06:27 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-23 23:29 . 2015-06-23 23:29 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-17 17:47 . 2015-07-15 15:21 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 15:21 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-16 22:23 . 2015-06-16 22:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2015-06-16 22:23 . 2015-06-16 22:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2015-06-15 21:50 . 2015-07-15 15:18 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 15:18 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 15:18 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 15:18 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:45 . 2015-07-15 15:18 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:44 . 2015-07-15 15:18 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 15:18 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 15:18 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 15:18 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 15:18 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 15:18 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 15:18 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-15 16:04 . 2015-06-15 16:04 79 ----a-w- c:\program files (x86)\prefs.js
2015-06-14 15:07 . 2015-06-14 15:07 0 ----a-w- c:\windows\SysWow64\shoF5C.tmp
2015-06-10 21:08 . 2015-06-10 21:08 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2015-06-10 21:08 . 2015-06-10 21:08 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2015-06-09 18:03 . 2015-07-15 15:22 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-06-09 18:03 . 2015-07-15 15:22 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-06-02 00:07 . 2015-07-15 15:22 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-06-01 23:47 . 2015-07-15 15:22 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2015-05-25 18:19 . 2015-06-10 18:01 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-10 18:01 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-10 18:01 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:18 . 2015-06-10 18:01 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-10 18:01 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-10 18:01 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-10 18:01 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-10 18:01 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-10 18:01 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:01 . 2015-06-10 18:01 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-10 18:01 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-10 18:01 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:00 . 2015-06-10 18:01 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-10 18:01 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 18:01 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-10 18:01 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-10 18:01 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2015-05-25 17:00 . 2015-06-10 18:01 36864 ----a-w- c:\windows\system32\UtcResources.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemProc"="c:\users\Public\Other\run.vbs" [2014-02-06 74]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-03-25 31682656]
"cz.seznam.software.autoupdate"="c:\users\Marcela\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\Marcela\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2015-05-26 103080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [2013-05-01 543]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"mncrwqaSrv"="c:\windows\system32\mncrwqa.vbe" [2014-03-05 7670]
"mncfyddgsSrv"="c:\windows\system32\mncfyddgs.vbe" [2014-03-05 7670]
"mncvonvSrv"="c:\windows\system32\mncvonv.vbe" [2014-03-05 7670]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-06-16 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"iCloud"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloud.exe" [2015-04-26 43816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-4-28 1218336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-05 17:48 990024 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-02 10:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-04-26 310912]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-19 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-19 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-19 416024]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-07-11 170280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{4646A42A-F39C-4B33-BCB2-FC22091423EC}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF - ExtSQL: !HIDDEN! 2013-09-10 19:11; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-LTT - c:\program files\PC-Doctor\EnableToolbarW32.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-Printsrv - c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
HKLM-Run-gpuminer - c:\users\Marcela\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
AddRemove-VDC_is1 - c:\program files (x86)\Video Download Converter\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-08-21 21:17:11
ComboFix-quarantined-files.txt 2015-08-21 19:16
.
Před spuštěním: Volných bajtů: 391 625 248 768
Po spuštění: Volných bajtů: 393 082 945 536
.
- - End Of File - - 311913EEAFC7ACABA7B2441D51FAD8A9

[Márty84]

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\mncrwqa.vbe
c:\windows\system32\mncfyddgs.vbe
c:\windows\system32\mncvonv.vbe

Folder::
c:\programdata\Malwarebytes

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemProc"=-
"Skype"=-
"cz.seznam.software.autoupdate"=-
"cz.seznam.software.szndesktop"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"Printsrv"=-
"SunJavaUpdateSched"=-
"mncrwqaSrv"=-
"mncfyddgsSrv"=-
"mncvonvSrv"=-
"seznam-listicka-distribuce"=-
"QuickTime Task"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Driver::
SkypeUpdate
c2cautoupdatesvc
c2cpnrsvc

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[Gary545]

Dobrý den,
po restartu PC s neobjevil LOG, můžete prosím poradiť kde ho případně najít?

Děkuji

[Márty84]

Mel by byt nekde tady C:\ComboFix.txt , mozna s nejakym cislem, jelikoz by tam uz mely byt dva. Poznate podle data a casu, ktery je ten novejsi.

[Gary545]

Dobrý den, bohužel nemůžu soubor CF.txt najít. Objevuje se mi jen na C soubor CF s ikonkou obrazovky počítače a vždy, když na ikonku kliknu vrátí mě to zpět do "tento počítač". Kde je prosím zakopaný pes?

děkuji

[Márty84]

Dejte novy log z RSIT. Uvidim, jestli oprava probehla, nebo se to kouslo.

[Gary545]

Dobrý den,

tady to je, děkuji
Logfile of random's system information tool 1.10 (written by random/random)
Run by Marcela at 2015-08-23 12:43:27
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 376 GB (81%) free of 463 GB
Total RAM: 4007 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:43:29, on 23.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17937)
Boot mode: Normal

Running processes:
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Windows\SysWOW64\rundll32.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\trend micro\Marcela.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
O4 - HKUS\S-1-5-18\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [iCloud] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{4646A42A-F39C-4B33-BCB2-FC22091423EC}: NameServer = 0.0.0.0
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIPAppService - Symantec Corporation - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13776 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3f6bbb16-70a3-4fce-bcd7-0e7301d95f4f -SystemEventPortName:HostProcess-b0b06db4-eebb-4ae3-b40d-19f298b009a9 -IoCancelEventPortName:HostProcess-0a65e8dc-53e0-4385-a13d-9d77fe73370d -NonStateChangingEventPortName:HostProcess-f8091b46-fbc2-455b-b1f5-4af94e19b706 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:be2944bc-598d-4476-bfea-46f6df3432d3 -DeviceGroupId:
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe"
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe"
"C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe"
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe"
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2612
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\rundll32.exe "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook
taskeng.exe {16835DED-3A6B-4DBB-A217-92B5A0250909}
C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.MediaKey
C:\Windows\Explorer.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
"taskhost.exe"
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
"C:\Windows\System32\TpShocks.exe"
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe"
"C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Windows\SysWOW64\RunDll32.exe" "C:\Program Files\ThinkPad\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe" -Embedding
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\Lenovo\System Update\SUService.exe"
"C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
"C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" /start
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
taskeng.exe {E695A0C6-78B0-4AF0-9D49-85698204FDB7}

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Marcela\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://www.bing.com/search?FORM=UP97DF&PC=UP97&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL


C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\xdpdbuyr.default\extensions\
orxczmompbrbrmjpr@ewtxywnbzrzxzj.org

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01 2133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}]
Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2011-06-30 2417264]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-06 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01 1724032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}]
Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2011-06-30 2089584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-06 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2011-07-28 1935120]
"TpShocks"=C:\Windows\system32\TpShocks.exe [2011-03-30 380776]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2011-04-26 310912]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-08-19 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-08-19 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-08-19 416024]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2011-05-31 40808]
"ALCKRESI.EXE"=C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [2011-05-26 281960]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 1337000]
"Printsrv"=c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs []
"gpuminer"=C:\Users\Marcela\AppData\Roaming\cpuminer\sgminer\sgminer.cmd []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2015-07-11 170280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"=rundll32 netman.dll,ProcessQueue []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-31 55808]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"Lenovo Registration"=C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [2011-07-14 4351712]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-08-19 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2010-12-08 135504]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-08-22 13:29:50 ----SHD---- C:\$RECYCLE.BIN
2015-08-22 12:05:19 ----SD---- C:\ComboFix
2015-08-22 12:05:04 ----SD---- C:\32788R22FWJFW
2015-08-21 19:38:05 ----A---- C:\Windows\zip.exe
2015-08-21 19:38:05 ----A---- C:\Windows\SWSC.exe
2015-08-21 19:38:05 ----A---- C:\Windows\SWREG.exe
2015-08-21 19:38:05 ----A---- C:\Windows\sed.exe
2015-08-21 19:38:05 ----A---- C:\Windows\PEV.exe
2015-08-21 19:38:05 ----A---- C:\Windows\NIRCMD.exe
2015-08-21 19:38:05 ----A---- C:\Windows\MBR.exe
2015-08-21 19:38:05 ----A---- C:\Windows\grep.exe
2015-08-21 19:37:48 ----AD---- C:\Qoobox
2015-08-21 19:37:27 ----D---- C:\Windows\erdnt
2015-08-21 10:01:13 ----A---- C:\Windows\system32\mshtml.dll
2015-08-21 10:01:12 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-08-20 16:44:10 ----D---- C:\$Windows.~BT
2015-08-20 16:33:49 ----D---- C:\AdwCleaner
2015-08-19 20:54:05 ----D---- C:\Program Files\trend micro
2015-08-19 20:54:04 ----D---- C:\rsit
2015-08-16 10:55:11 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 10:55:11 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 11:56:19 ----A---- C:\Windows\system32\basesrv.dll
2015-08-14 11:53:34 ----A---- C:\Windows\system32\invagent.dll
2015-08-14 11:53:34 ----A---- C:\Windows\system32\generaltel.dll
2015-08-14 11:53:34 ----A---- C:\Windows\system32\devinv.dll
2015-08-14 11:53:34 ----A---- C:\Windows\system32\appraiser.dll
2015-08-14 11:53:34 ----A---- C:\Windows\system32\aeinv.dll
2015-08-14 11:53:34 ----A---- C:\Windows\system32\acmigration.dll
2015-08-14 11:53:30 ----A---- C:\Windows\system32\aepdu.dll
2015-08-14 11:53:29 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-08-14 11:53:24 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2015-08-14 11:53:24 ----A---- C:\Windows\system32\mstscax.dll
2015-08-14 11:53:20 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2015-08-14 11:53:19 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2015-08-14 11:53:19 ----A---- C:\Windows\system32\wksprt.exe
2015-08-14 11:53:19 ----A---- C:\Windows\system32\tsgqec.dll
2015-08-14 11:53:19 ----A---- C:\Windows\system32\rdvidcrl.dll
2015-08-14 11:53:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-08-14 11:53:00 ----A---- C:\Windows\system32\ntdll.dll
2015-08-14 11:52:59 ----A---- C:\Windows\system32\kernel32.dll
2015-08-14 11:52:58 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-08-14 11:52:57 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-08-14 11:52:57 ----A---- C:\Windows\system32\sysmain.dll
2015-08-14 11:52:54 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-08-14 11:52:54 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-08-14 11:52:52 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-08-14 11:52:52 ----A---- C:\Windows\system32\lsasrv.dll
2015-08-14 11:52:51 ----A---- C:\Windows\system32\KernelBase.dll
2015-08-14 11:52:50 ----A---- C:\Windows\system32\wow64.dll
2015-08-14 11:52:50 ----A---- C:\Windows\system32\rstrui.exe
2015-08-14 11:52:49 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-08-14 11:52:49 ----A---- C:\Windows\system32\srcore.dll
2015-08-14 11:52:49 ----A---- C:\Windows\system32\rpcrt4.dll
2015-08-14 11:52:48 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-08-14 11:52:48 ----A---- C:\Windows\system32\winsrv.dll
2015-08-14 11:52:48 ----A---- C:\Windows\system32\schannel.dll
2015-08-14 11:52:48 ----A---- C:\Windows\system32\msv1_0.dll
2015-08-14 11:52:48 ----A---- C:\Windows\system32\kerberos.dll
2015-08-14 11:52:48 ----A---- C:\Windows\system32\csrsrv.dll
2015-08-14 11:52:48 ----A---- C:\Windows\system32\conhost.exe
2015-08-14 11:52:47 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-08-14 11:52:47 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-08-14 11:52:47 ----A---- C:\Windows\system32\wdigest.dll
2015-08-14 11:52:47 ----A---- C:\Windows\system32\smss.exe
2015-08-14 11:52:47 ----A---- C:\Windows\system32\ncrypt.dll
2015-08-14 11:52:47 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-08-14 11:52:46 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-08-14 11:52:46 ----A---- C:\Windows\system32\TSpkg.dll
2015-08-14 11:52:46 ----A---- C:\Windows\system32\sspicli.dll
2015-08-14 11:52:46 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-08-14 11:52:45 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-08-14 11:52:44 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-08-14 11:52:44 ----A---- C:\Windows\system32\lsass.exe
2015-08-14 11:52:42 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-08-14 11:52:42 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-08-14 11:52:42 ----A---- C:\Windows\system32\auditpol.exe
2015-08-14 11:52:41 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-08-14 11:52:41 ----A---- C:\Windows\system32\srclient.dll
2015-08-14 11:52:41 ----A---- C:\Windows\system32\ntvdm64.dll
2015-08-14 11:52:41 ----A---- C:\Windows\system32\cryptbase.dll
2015-08-14 11:52:40 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-08-14 11:52:40 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-08-14 11:52:40 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-08-14 11:52:40 ----A---- C:\Windows\system32\sspisrv.dll
2015-08-14 11:52:40 ----A---- C:\Windows\system32\secur32.dll
2015-08-14 11:52:40 ----A---- C:\Windows\system32\msmmsp.dll
2015-08-14 11:52:39 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-14 11:52:39 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-08-14 11:52:39 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-08-14 11:52:39 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-08-14 11:52:39 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-08-14 11:52:39 ----A---- C:\Windows\system32\wow64win.dll
2015-08-14 11:52:39 ----A---- C:\Windows\system32\wow64cpu.dll
2015-08-14 11:52:39 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-08-14 11:52:39 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-08-14 11:52:39 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-08-14 11:52:39 ----A---- C:\Windows\system32\credssp.dll
2015-08-14 11:52:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-14 11:52:38 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-14 11:52:38 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-14 11:52:38 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-14 11:52:38 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-14 11:52:37 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-14 11:52:37 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-14 11:52:36 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-14 11:52:36 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-14 11:52:36 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-14 11:52:36 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-14 11:52:36 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-14 11:52:36 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-14 11:52:35 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-14 11:52:35 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-14 11:52:35 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-14 11:52:35 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-14 11:52:35 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-14 11:52:34 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-14 11:52:33 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-14 11:52:33 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-08-14 11:52:33 ----A---- C:\Windows\system32\apisetschema.dll
2015-08-14 11:52:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-14 11:52:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-14 11:52:32 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-08-14 11:52:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-14 11:52:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-14 11:52:30 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-14 11:52:30 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-14 11:52:28 ----A---- C:\Windows\SYSWOW64\user.exe
2015-08-14 11:52:28 ----A---- C:\Windows\system32\adtschema.dll
2015-08-14 11:52:27 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-08-14 11:52:26 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-08-14 11:52:26 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-08-14 11:52:26 ----A---- C:\Windows\system32\msobjs.dll
2015-08-14 11:52:26 ----A---- C:\Windows\system32\msaudite.dll
2015-08-14 11:37:56 ----A---- C:\Windows\system32\WebClnt.dll
2015-08-14 11:37:55 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2015-08-14 11:37:55 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2015-08-14 11:37:55 ----A---- C:\Windows\system32\davclnt.dll
2015-08-14 11:37:51 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-08-14 11:37:51 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-08-14 11:37:51 ----A---- C:\Windows\system32\iertutil.dll
2015-08-14 11:37:51 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-08-14 11:37:50 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-08-14 11:37:50 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-08-14 11:37:49 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-08-14 11:37:49 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-08-14 11:37:49 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-08-14 11:37:49 ----A---- C:\Windows\system32\iernonce.dll
2015-08-14 11:37:49 ----A---- C:\Windows\system32\ie4uinit.exe
2015-08-14 11:37:48 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-08-14 11:37:48 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-08-14 11:37:48 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-08-14 11:37:48 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-08-14 11:37:48 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-14 11:37:44 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-08-14 11:37:44 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-08-14 11:37:43 ----A---- C:\Windows\system32\urlmon.dll
2015-08-14 11:37:43 ----A---- C:\Windows\system32\iedkcs32.dll
2015-08-14 11:37:42 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-08-14 11:37:42 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-08-14 11:37:41 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-08-14 11:37:41 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-08-14 11:37:41 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-08-14 11:37:40 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-08-14 11:37:40 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-14 11:37:39 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-08-14 11:37:39 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-08-14 11:37:39 ----A---- C:\Windows\system32\msfeeds.dll
2015-08-14 11:37:39 ----A---- C:\Windows\system32\dxtrans.dll
2015-08-14 11:37:38 ----A---- C:\Windows\system32\iesetup.dll
2015-08-14 11:37:37 ----A---- C:\Windows\system32\ieapfltr.dll
2015-08-14 11:37:35 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-08-14 11:37:35 ----A---- C:\Windows\system32\vbscript.dll
2015-08-14 11:37:34 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-08-14 11:37:33 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-08-14 11:37:33 ----A---- C:\Windows\system32\jsproxy.dll
2015-08-14 11:37:33 ----A---- C:\Windows\system32\ieUnatt.exe
2015-08-14 11:37:32 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-08-14 11:37:32 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-08-14 11:37:31 ----A---- C:\Windows\system32\ieui.dll
2015-08-14 11:37:31 ----A---- C:\Windows\system32\ieframe.dll
2015-08-14 11:37:31 ----A---- C:\Windows\system32\dxtmsft.dll
2015-08-14 11:37:30 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-08-14 11:37:30 ----A---- C:\Windows\system32\mshtmled.dll
2015-08-14 11:37:30 ----A---- C:\Windows\system32\jscript9diag.dll
2015-08-14 11:37:30 ----A---- C:\Windows\system32\jscript.dll
2015-08-14 11:37:29 ----A---- C:\Windows\system32\wininet.dll
2015-08-14 11:37:29 ----A---- C:\Windows\system32\jscript9.dll
2015-08-14 11:37:28 ----A---- C:\Windows\system32\msrating.dll
2015-08-14 11:37:28 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-08-14 11:37:22 ----A---- C:\Windows\system32\msxml3.dll
2015-08-14 11:37:21 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-08-14 11:37:21 ----A---- C:\Windows\system32\msxml6.dll
2015-08-14 11:37:20 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2015-08-14 11:37:20 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2015-08-14 11:37:20 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-08-14 11:37:20 ----A---- C:\Windows\system32\msxml6r.dll
2015-08-14 11:37:20 ----A---- C:\Windows\system32\msxml3r.dll
2015-08-13 19:31:00 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-08-13 19:31:00 ----A---- C:\Windows\system32\FntCache.dll
2015-08-13 19:31:00 ----A---- C:\Windows\system32\DWrite.dll
2015-08-13 19:31:00 ----A---- C:\Windows\system32\atmfd.dll
2015-08-13 19:30:59 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-08-13 19:30:59 ----A---- C:\Windows\system32\win32k.sys
2015-08-13 19:30:55 ----A---- C:\Windows\system32\lpk.dll
2015-08-13 19:30:55 ----A---- C:\Windows\system32\d3d10warp.dll
2015-08-13 19:30:54 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-08-13 19:30:54 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-08-13 19:30:54 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2015-08-13 19:30:54 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-08-13 19:30:54 ----A---- C:\Windows\system32\fontsub.dll
2015-08-13 19:30:54 ----A---- C:\Windows\system32\dciman32.dll
2015-08-13 19:30:54 ----A---- C:\Windows\system32\atmlib.dll
2015-08-13 19:30:53 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-08-13 19:30:42 ----A---- C:\Windows\SYSWOW64\notepad.exe
2015-08-13 19:30:42 ----A---- C:\Windows\system32\notepad.exe
2015-08-13 19:30:42 ----A---- C:\Windows\notepad.exe
2015-08-13 19:30:40 ----A---- C:\Windows\system32\shell32.dll
2015-08-13 19:30:39 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-08-13 19:30:36 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-08-13 19:30:36 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-08-13 19:30:36 ----A---- C:\Windows\system32\wuwebv.dll
2015-08-13 19:30:36 ----A---- C:\Windows\system32\wucltux.dll
2015-08-13 19:30:36 ----A---- C:\Windows\system32\wuaueng.dll
2015-08-13 19:30:36 ----A---- C:\Windows\system32\wuauclt.exe
2015-08-13 19:30:36 ----A---- C:\Windows\system32\wuapi.dll
2015-08-13 19:30:35 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-08-13 19:30:35 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-08-13 19:30:35 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-08-13 19:30:35 ----A---- C:\Windows\system32\wups2.dll
2015-08-13 19:30:35 ----A---- C:\Windows\system32\wups.dll
2015-08-13 19:30:35 ----A---- C:\Windows\system32\wudriver.dll
2015-08-13 19:30:35 ----A---- C:\Windows\system32\wuapp.exe
2015-08-13 19:30:35 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-08-13 19:30:35 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-08-13 19:30:31 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll

======List of files/folders modified in the last 1 month======

2015-08-23 12:43:29 ----D---- C:\Windows\Prefetch
2015-08-23 12:43:22 ----D---- C:\Windows\tracing
2015-08-23 12:43:21 ----D---- C:\Windows\Temp
2015-08-23 03:00:51 ----D---- C:\Windows\SysWOW64
2015-08-23 03:00:51 ----D---- C:\Windows\System32
2015-08-23 03:00:45 ----SHD---- C:\System Volume Information
2015-08-22 22:05:09 ----D---- C:\Windows\inf
2015-08-22 22:05:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-08-22 22:01:31 ----A---- C:\Windows\SYSWOW64\log.txt
2015-08-22 21:59:19 ----D---- C:\Windows\winsxs
2015-08-22 21:59:19 ----D---- C:\Windows\system32\config
2015-08-22 12:20:09 ----D---- C:\ProgramData
2015-08-22 12:11:09 ----D---- C:\Windows\SYSWOW64\drivers
2015-08-22 12:11:09 ----D---- C:\Windows\AppPatch
2015-08-22 12:11:09 ----D---- C:\Windows
2015-08-22 12:11:09 ----D---- C:\Program Files (x86)\Common Files
2015-08-22 11:59:16 ----SD---- C:\Users\Marcela\AppData\Roaming\Microsoft
2015-08-22 11:55:37 ----D---- C:\Users\Marcela\AppData\Roaming\Skype
2015-08-21 20:11:47 ----A---- C:\Windows\system.ini
2015-08-21 20:10:09 ----D---- C:\Windows\system32\drivers\etc
2015-08-21 19:37:48 ----D---- C:\Windows\system32\drivers
2015-08-21 10:02:13 ----D---- C:\Users\Marcela\AppData\Roaming\Seznam.cz
2015-08-21 09:58:57 ----RD---- C:\Program Files (x86)
2015-08-20 23:05:39 ----D---- C:\Windows\IE90-CSY
2015-08-20 22:56:57 ----D---- C:\Users\Marcela\AppData\Roaming\wld
2015-08-20 22:56:56 ----D---- C:\Program Files (x86)\Window Resizer
2015-08-20 22:56:56 ----D---- C:\Program Files (x86)\Pocket
2015-08-20 22:56:56 ----D---- C:\Program Files (x86)\carovny minecraft 1 5 2 rar plna verze
2015-08-20 22:53:12 ----D---- C:\Windows\rescache
2015-08-20 16:48:35 ----D---- C:\Windows\Panther
2015-08-20 16:44:10 ----D---- C:\Windows\Logs
2015-08-20 16:36:24 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-08-20 16:27:22 ----D---- C:\Users\Marcela\AppData\Roaming\msct
2015-08-20 10:13:39 ----D---- C:\Windows\system32\DriverStore
2015-08-19 20:54:05 ----RD---- C:\Program Files
2015-08-18 12:43:24 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-08-18 12:42:36 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2015-08-17 09:51:20 ----SD---- C:\Windows\system32\CompatTel
2015-08-17 09:51:20 ----D---- C:\Windows\system32\appraiser
2015-08-17 09:51:18 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-08-17 09:51:18 ----D---- C:\Windows\system32\drivers\cs-CZ
2015-08-17 09:51:18 ----D---- C:\Windows\system32\cs-CZ
2015-08-17 09:51:11 ----D---- C:\Windows\SYSWOW64\en-US
2015-08-17 09:51:11 ----D---- C:\Program Files\Internet Explorer
2015-08-17 09:51:10 ----D---- C:\Windows\system32\en-US
2015-08-17 09:51:08 ----D---- C:\Program Files (x86)\Internet Explorer
2015-08-17 00:17:13 ----D---- C:\Windows\Microsoft.NET
2015-08-17 00:16:29 ----D---- C:\Windows\system32\MRT
2015-08-17 00:16:23 ----RSD---- C:\Windows\assembly
2015-08-17 00:07:20 ----A---- C:\Windows\system32\MRT.exe
2015-08-16 23:36:28 ----D---- C:\Program Files\Microsoft Silverlight
2015-08-16 23:36:26 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-08-16 10:55:53 ----SHD---- C:\Windows\Installer
2015-08-14 11:54:20 ----D---- C:\ProgramData\Microsoft Help
2015-08-14 11:39:36 ----D---- C:\Windows\system32\catroot2
2015-08-13 19:28:46 ----A---- C:\Windows\win.ini
2015-07-28 17:32:36 ----D---- C:\Windows\SoftwareDistribution
2015-07-25 14:00:10 ----D---- C:\Users\Marcela\AppData\Roaming\Apple Computer
2015-07-25 11:05:01 ----SD---- C:\Windows\system32\GWX
2015-07-24 09:53:29 ----D---- C:\Program Files (x86)\Funny Mood

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 280376]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2011-03-30 139888]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-03-30 23664]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-09 32104]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2011-08-31 14960]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-11-23 80384]
R3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2011-04-27 436776]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-04-27 150568]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2011-04-27 164392]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-04-27 39976]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2011-04-27 21544]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2011-03-24 1576064]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2011-07-12 86016]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2014-02-27 57144]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-08-19 12289472]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-08-19 317440]
R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys [2011-06-22 25496]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2011-11-23 40248]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-04-24 460528]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2011-07-12 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-07-12 13952]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2011-07-12 98816]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2011-07-12 28672]
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2011-07-12 213504]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2011-06-22 34200]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 124568]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2015-06-10 54784]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-05-29 77128]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2011-04-28 968480]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-17 198784]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-07-28 1517328]
R2 IBMPMSVC;Lenovo PM Service; C:\Windows\system32\ibmpmsvc.exe [2014-02-27 68440]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-22 326168]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 23816]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-12 193824]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-07-28 844560]
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
R2 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2011-07-26 28672]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R2 VIPAppService;VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-06-30 82544]
R3 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2015-07-11 644904]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-11-19 4925184]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-09 144232]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-18 269000]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-30 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-07-16 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-06-02 148080]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 366544]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400]
S3 PwmEWSvc;Cisco EnergyWise Enabler; C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2011-03-30 47728]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-13 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[Márty84]

Doporucoval bych zmenit Antivir. MSE za moc nestoji.


Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

[Gary545]

Dobrý den,
děkuji za odpověď. Udělal jsem, jak jste radil a přeposílám text. Prosím mrkněte na to.
Děkuji moc

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-08-2015
Ran by Marcela (2015-08-23 18:38:02)
Running from C:\Users\Marcela
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-18979662-4221188999-1439749539-500 - Administrator - Disabled)
Guest (S-1-5-21-18979662-4221188999-1439749539-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-18979662-4221188999-1439749539-1002 - Limited - Enabled)
Marcela (S-1-5-21-18979662-4221188999-1439749539-1000 - Administrator - Enabled) => C:\Users\Marcela

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BisonCam Twain Pro (HKLM-x32\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.7 - Bison WebCam Ap)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2200 - Broadcom Corporation)
carovny minecraft 1 5 2 exe plna verze version for Windows (HKLM-x32\...\{08FE95A0-B764-A953-D431-818A7DAAF2A2}_is1) (Version: for Windows - )
carovny minecraft 1 5 2 rar plna verze version for Windows (HKLM-x32\...\{12A60C68-666D-48C8-038E-3C4E8C396728}_is1) (Version: for Windows - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021F0}) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 8.4.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.4.0 - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Klikni a spusť 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4999.1042 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MINECRAFT 1.5.2 FULL 1.00 (HKLM-x32\...\MINECRAFT 1.5.2 FULL 1.00) (Version: - )
MINECRAFT 1.6.2 plna hra version for Windows (HKLM-x32\...\{F6F84A33-3CDC-C726-9E15-98079629422D}_is1) (Version: for Windows - )
Mozilla Firefox 38.0.5 (x86 cs) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 cs)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.00 - )
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Sada Compatibility Pack pro systém Office 2007 (HKLM-x32\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Seznam Software (HKU\S-1-5-21-18979662-4221188999-1439749539-1000\...\SeznamInstall) (Version: - Seznam.cz)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2200 - Broadcom Corporation)
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.2.140 - VeriSign)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Driver Package - Intel (iaStor) hdc (11/06/2010 10.1.0.1008) (HKLM\...\73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12) (Version: 11/06/2010 10.1.0.1008 - Intel)
Windows Driver Package - Lenovo 1.64.00.00 (07/28/2011 1.64.00.00) (HKLM\...\01E3B64834B04ABAC85D8E1D3EBDC567D83AD29B) (Version: 07/28/2011 1.64.00.00 - Lenovo)
Windows Driver Package - Realtek (RTL8167) Net (12/29/2010 7.037.1229.2010) (HKLM\...\828B05D2B647CDAEA22493F7BFB96847265EE596) (Version: 12/29/2010 7.037.1229.2010 - Realtek)
Windows Driver Package - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-08-21 20:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job =>

==================== Loaded Modules (Whitelisted) ==============

2011-11-23 08:13 - 2011-08-31 20:03 - 00045568 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2011-07-28 06:07 - 2011-07-28 06:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-11-23 08:10 - 2010-10-26 05:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-11-23 08:11 - 2011-08-19 07:20 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-05-28 08:09 - 2009-05-28 08:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2015-08-23 18:17 - 2015-08-23 18:27 - 02173440 _____ () C:\Users\Marcela\FRST64.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-18979662-4221188999-1439749539-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 81.90.240.1 - 81.90.240.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{BCE9171A-33AB-4987-BB74-8ACEA07002E4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{600C79C9-10D8-4CDC-8674-5A05EAFE291E}] => (Allow) LPort=2869
FirewallRules: [{E8DAB012-3B48-49E9-94FC-C84932967AFA}] => (Allow) LPort=1900
FirewallRules: [{AE76A1BF-2B54-4DA3-8337-88928C1319B2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D66B220C-F922-4986-B353-2CE3BC98B969}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{6BE3E52D-F39F-42F6-A0D6-8D63602D39DF}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{1AAE7B1A-B61A-4A65-85FF-016415B27C27}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{56F69F84-6432-407D-9A43-1B19A1305B9E}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{727E537D-10BF-4F8D-AA80-1A9E49087859}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{1E159FFB-3446-41ED-B1F3-BFA66A2527B0}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{8D753701-4589-42FB-9F25-269736DE7204}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{A78D92C0-2490-451E-95ED-69B010B8B349}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{C906B95A-8884-47A4-BCAD-23924D3AD844}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{04B9DC58-9F06-4060-93A1-C66D29A1BF76}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [TCP Query User{726ABD9B-BBD8-4786-A298-91F1B2C3FEB3}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{F3ADA048-420B-49FB-826E-4ABA6963E2ED}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{8137A933-5D5B-4BB2-A1D1-FD045D6B9107}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{02FFAD6B-4221-4AA2-AA30-FC4A710C217E}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{4142314C-5553-4477-8B01-5DF78CA338EF}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{DBA05775-9D54-4468-B0F5-2C53B1895C53}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{36627389-DA21-4309-8413-4B8AB9AA535F}C:\games\world_of_tanks\worldoftanks.exe] => (Block) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{5EFCA434-34C9-421B-86C7-D4D226AFB6C2}C:\games\world_of_tanks\worldoftanks.exe] => (Block) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{B581A97D-FACF-4EEB-BEA8-F5135DD6DCFD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{9BB3006E-DFD4-4567-AF31-6BC9E033523B}C:\games\world_of_tanks\wotlauncher.exe] => (Block) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{B9EADEB2-45FA-4BC4-96A0-08AD2E453AB4}C:\games\world_of_tanks\wotlauncher.exe] => (Block) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{04805603-8D15-45FE-9B36-7A98AAA2CA8D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5FF71868-8544-451A-8BF0-C720E593AD76}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E61E7FBE-990F-4A16-81FA-533DE06F6697}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7324B064-3A7D-4E2E-A146-066E4D5AAEA6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AB14B6D7-7184-4BB7-B971-F188D2E7D73A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{54FE8803-F140-47E5-8DFE-69BF7B670E18}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F5E7D26E-B15A-4986-9BB9-E1D789BFE72B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{016E73B4-0E5C-4E5E-82F8-A0B0CA73B093}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6D9A21BC-D56E-4D26-A6DB-FAB744E5485B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4B7D5CB0-0DE5-46F8-8922-03486AE4A23A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DC10FDE1-E717-4ACA-B0FB-F4557EB18BD1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2015 02:16:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

Error: (08/23/2015 02:16:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045

Error: (08/23/2015 02:16:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/23/2015 01:35:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1654453

Error: (08/23/2015 01:35:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1654453

Error: (08/23/2015 01:35:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/22/2015 09:59:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2015 04:02:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1691472

Error: (08/22/2015 04:02:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1691472

Error: (08/22/2015 04:02:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/23/2015 11:12:16 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Systém zjistil konflikt IP adresy 192.168.1.102 se systémem,
jehož síťová hardwarová adresa je 00-23-12-DA-1B-9A. Síťové operace v systému mohou
být přerušeny.

Error: (08/23/2015 09:25:25 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}

Error: (08/22/2015 10:01:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Google Update Service (gupdate) neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (08/22/2015 09:59:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN se nepodařilo spustit.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll
Kód chyby: 258

Error: (08/22/2015 12:32:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Google Update Service (gupdate) neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (08/22/2015 12:30:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN se nepodařilo spustit.

Cesta k modulu: C:\Windows\System32\IWMSSvc.dll
Kód chyby: 258

Error: (08/22/2015 12:19:07 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (08/22/2015 12:19:07 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (08/22/2015 12:11:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (08/22/2015 12:06:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.


Microsoft Office:
=========================
Error: (08/23/2015 02:16:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

Error: (08/23/2015 02:16:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045

Error: (08/23/2015 02:16:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/23/2015 01:35:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1654453

Error: (08/23/2015 01:35:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1654453

Error: (08/23/2015 01:35:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/22/2015 09:59:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2015 04:02:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1691472

Error: (08/22/2015 04:02:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1691472

Error: (08/22/2015 04:02:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity:
===================================
Date: 2015-08-22 12:19:07.584
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-22 12:19:07.534
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-22 12:19:07.474
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-22 12:19:07.414
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-22 12:06:51.535
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-22 12:06:51.485
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-22 12:06:51.425
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-22 12:06:51.375
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-21 19:51:01.414
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-08-21 19:51:01.364
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 68%
Total physical RAM: 4007.23 MB
Available physical RAM: 1278.79 MB
Total Virtual: 8012.67 MB
Available Virtual: 5067.7 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:452.58 GB) (Free:366.61 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:1.15 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of log ============================