VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

"čínský vir"

https://forum.viry.cz:443/viewtopic.php?t=146192

Stránka 1 z 1

"čínský vir"

Napsal: 25 zář 2015 10:39
od Lukass24
Ahoj...dostal se mi do PC nějaký čínský vir..nevěděl by někdo prosím, co s tím?

RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Lukáš Handl at 2015-09-25 11:28:26
Microsoft Windows 8.1 s aplikací Bing
System drive C: has 319 GB (74%) free of 434 GB
Total RAM: 3979 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:28:48, on 25. 9. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
C:\Program Files (x86)\Rising\RSD\popwndexe.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera_crashreporter.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files\trend micro\Lukáš Handl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=94493384_hao_pg
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [ QQPCTray] "C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTRAY.EXE" /regrun /qqrepair
O4 - HKLM\..\Run: [RSDTRAY] "C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: LUService - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PerfTraceService - Unknown owner - C:\Program Files (x86)\Tencent\QQBrowser\Service\PerfTraceService.exe
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: QQPCMgr RTP Service (QQPCRTP) - Tencent - C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: Rsd Service (RsMgrSvc) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
O23 - Service: Rav Service (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files (x86)\Rising\RAV\ravmond.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TAOFrame - Tencent - C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TAOFrame.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 11109 bytes

======Listing Processes======





wininit.exe

winlogon.exe

C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
"dwm.exe"
"C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe" -r
"C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe"
"C:\Program Files (x86)\Rising\RAV\ravmond.exe"
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\igfxCUIService.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\windows\system32\CxAudMsg64.exe
C:\windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
dashost.exe {481bf772-5f5e-4846-ae0d9e335ed435c0}
"C:\Program Files\Lenovo\iMController\SystemAgentService.exe"
C:\Windows\System32\LenovoWiFiHotspotSvr.exe
"C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe"
"C:\Program Files (x86)\Tencent\QQBrowser\Service\PerfTraceService.exe"
"C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe"
C:\windows\SysWOW64\SAsrv.exe
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-10d8c97f-7b61-4b73-abeb-3258dae5a713 -SystemEventPortName:HostProcess-67cbf03a-c626-4a51-9f03-676f329bb6ba -IoCancelEventPortName:HostProcess-17ee24a1-75ec-4f4d-8044-0ad0ec3f9a18 -NonStateChangingEventPortName:HostProcess-bfad9a0e-4581-43e3-ab53-e8e311a1b3fe -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:382f8ace-264b-455e-85ac-5a37561139fc -DeviceGroupId:WudfDefaultDevicePool
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\Explorer.EXE
taskhostex.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Users\Lukáš Handl\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe" /LOGON
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
C:\windows\system32\SearchIndexer.exe /Embedding
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe" /elevated /regrun
C:\Windows\System32\skydrive.exe -Embedding
"C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
"C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe"
"C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe" -Embedding
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe"
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
"C:\windows\system32\GWX\GWX.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
adb fork-server server
"C:\windows\FileManager\PhotosApp.exe" -ServerName:Microsoft.Windows.PhotoManager
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera\32.0.1948.25\opera_crashreporter.exe" --ran-launcher --crash-reporter-parent-id=2648
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --type=gpu-process --channel="2648.0.317849077\1524206141" --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=8088 --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,26,51 --gpu-vendor-id=0x8086 --gpu-device-id=0x0f31 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3496 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=8088 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_19_0_0_201.dll" --ppapi-flash-version=19.0.0.201 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=8088 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="2648.2.2131348293\1202395706" /prefetch:673131151
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_19_0_0_201.dll" --ppapi-flash-version=19.0.0.201 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=8088 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="2648.3.1909890863\1237639355" /prefetch:673131151
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_19_0_0_201.dll" --ppapi-flash-version=19.0.0.201 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=8088 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="2648.4.1724338208\88976254" /prefetch:673131151
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_19_0_0_201.dll" --ppapi-flash-version=19.0.0.201 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=8088 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="2648.5.732085868\1325385976" /prefetch:673131151
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_19_0_0_201.dll" --ppapi-flash-version=19.0.0.201 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=8088 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="2648.11.922462440\266188133" /prefetch:673131151
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_19_0_0_201.dll" --ppapi-flash-version=19.0.0.201 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=8088 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="2648.13.1782463725\1921301887" /prefetch:673131151
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe102_ Global\UsGthrCtrlFltPipeMssGthrPipe102 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 572 576 584 65536 580

"C:\Users\Lukáš Handl\Desktop\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\windows\tasks\5VpyJGkQ8eiTJLrydW.job - C:\Users\Luk� Handl\AppData\Roaming\5VpyJGkQ8eiTJLrydW.exe --c=XX0rPQ/tYC1v2JYocjwy6tEZTEln++MpT80ZDQxUc/oca3RUVMekhKp3AH0JKqCxWT4KbBx9CCeGyJqCEB2g64j8TLZOygLJ52c21mJEC8AyQdLWD5SmPQJYwSMoJP7tL3sXvZhh6b4HWBBx8qbaXMpoMTL77s5CacEHqtUc+bROYARhYQ8NHK8h8D+obT+46uCqqd4eppBTMpsa4KJ3fhAFrgVCWm6dNigC5qbvGbW2FuPhhGB2Equtg2+ze0vEgX24hq3ZXRzYoTxKUWw+jEdPjC+Bbyn3UA77Ul8gWCH/aYJwSdkW77TTFuuK6nwRQ/R/RNKyoaVOdhXMB2oW2A==
C:\windows\tasks\Adobe Flash box Files Update Ver 2015921.job - C:\ProgramData\uiksdl201592116\Dailaymation.exe /check_update
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\QQBrowser Udpater Task(Core).job - C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe -host= -tasks=1
C:\windows\tasks\QQBrowser Udpater Task.job - C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe -host= -tasks

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
电脑管家网页防火墙 - C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSWebMon64.dat [2015-09-21 414560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2013-09-05 907480]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-13 1647616]
"PhoneCompanion"=C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [2014-08-13 836592]
"Energy Manager"=C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [2014-08-13 16094704]
"Lenovo Utility"=C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [2014-08-13 10842096]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2015-02-13 169768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-10-30 132736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2014-12-23 833240]
"Zoner Photo Studio Service 16"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2014-12-23 833240]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2011-12-07 214312]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
" QQPCTray"=C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTRAY.EXE [2015-09-21 355296]
"RSDTRAY"=C:\Program Files (x86)\Rising\RSD\popwndexe.exe [2012-09-25 126808]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-10-30 132736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\QQPCRTP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDWFP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VisualDiscovery]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"midi4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-09-25 11:28:27 ----D---- C:\Program Files\trend micro
2015-09-25 11:28:26 ----D---- C:\rsit
2015-09-24 22:49:27 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\ProductData
2015-09-24 22:48:21 ----D---- C:\ProgramData\ProductData
2015-09-24 22:48:11 ----D---- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2015-09-24 22:48:08 ----D---- C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}
2015-09-24 22:46:18 ----D---- C:\ProgramData\IObit
2015-09-24 22:46:11 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\IObit
2015-09-24 22:46:07 ----D---- C:\Program Files (x86)\IObit
2015-09-24 15:03:52 ----SHD---- C:\Config.Msi
2015-09-24 11:55:20 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\AVG
2015-09-24 11:54:26 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\TuneUp Software
2015-09-24 11:49:23 ----D---- C:\ProgramData\MFAData
2015-09-24 11:46:50 ----D---- C:\ProgramData\Avg
2015-09-24 11:46:49 ----HD---- C:\ProgramData\Common Files
2015-09-22 19:46:20 ----D---- C:\ProgramData\Malwarebytes
2015-09-21 19:48:40 ----A---- C:\windows\SYSWOW64\drivers\TS888x64.sys
2015-09-21 19:42:39 ----N---- C:\windows\system32\drivers\rsndisp.sys
2015-09-21 19:42:38 ----N---- C:\windows\system32\drivers\sysmon.sys
2015-09-21 19:42:38 ----N---- C:\windows\system32\drivers\rsutils.sys
2015-09-21 19:39:54 ----D---- C:\ProgramData\TXQMPC
2015-09-21 19:39:51 ----D---- C:\Program Files (x86)\Rising
2015-09-21 19:39:50 ----D---- C:\ProgramData\Rising
2015-09-21 19:36:34 ----D---- C:\Program Files (x86)\yyzb_201509211936
2015-09-21 19:34:57 ----A---- C:\windows\system32\drivers\TAOAccelerator64.sys
2015-09-21 19:34:55 ----D---- C:\Program Files\Common Files\Tencent
2015-09-21 19:34:47 ----A---- C:\windows\system32\drivers\TAOKernel64.sys
2015-09-21 19:34:46 ----A---- C:\windows\system32\drivers\TFsFltX64.sys
2015-09-21 19:33:28 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\Tencent
2015-09-21 19:33:28 ----D---- C:\Program Files (x86)\Tencent
2015-09-21 19:33:13 ----D---- C:\ProgramData\Tencent
2015-09-21 19:10:45 ----D---- C:\Program Files (x86)\26770e5a-280e-4dfa-8260-ad71d031841e
2015-09-21 19:01:58 ----D---- C:\Program Files (x86)\334a952c-7f11-4051-8ef2-b8d6f554dc13
2015-09-21 19:01:28 ----D---- C:\Program Files (x86)\globalUpdate
2015-09-21 18:59:15 ----A---- C:\ProgramData\inf.dat
2015-09-21 18:59:13 ----A---- C:\ProgramData\mfkkhcmhltpt.dll
2015-09-21 18:58:52 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\cpuminer
2015-09-21 18:58:46 ----D---- C:\ProgramData\adb
2015-09-21 18:58:43 ----D---- C:\Program Files (x86)\Seznam.cz
2015-09-21 18:58:40 ----D---- C:\ProgramData\uiksdl201592116
2015-09-21 18:58:40 ----D---- C:\ProgramData\4997GameBox_Data
2015-09-21 18:58:08 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\Seznam.cz
2015-09-21 18:58:04 ----D---- C:\ppsfile
2015-09-21 18:56:46 ----D---- C:\IQIYI Video
2015-09-21 18:53:59 ----D---- C:\Program Files (x86)\baidu
2015-09-09 17:16:37 ----A---- C:\windows\SYSWOW64\msxml6.dll
2015-09-09 17:16:37 ----A---- C:\windows\system32\msxml6.dll
2015-09-09 17:16:37 ----A---- C:\windows\system32\msxml3.dll
2015-09-09 17:16:36 ----A---- C:\windows\SYSWOW64\msxml3.dll
2015-09-09 17:16:34 ----A---- C:\windows\system32\UtcResources.dll
2015-09-09 17:16:34 ----A---- C:\windows\system32\tdh.dll
2015-09-09 17:16:34 ----A---- C:\windows\system32\diagtrack.dll
2015-09-09 17:16:33 ----A---- C:\windows\SYSWOW64\tdh.dll
2015-09-09 17:16:32 ----A---- C:\windows\SYSWOW64\gdi32.dll
2015-09-09 17:16:32 ----A---- C:\windows\system32\gdi32.dll
2015-09-09 17:16:32 ----A---- C:\windows\system32\consent.exe
2015-09-09 17:16:30 ----A---- C:\windows\system32\SettingsHandlers.dll
2015-09-09 17:16:29 ----A---- C:\windows\system32\profsvc.dll
2015-09-09 17:16:20 ----AC---- C:\windows\system32\drivers\bthpan.sys
2015-09-09 16:18:26 ----A---- C:\windows\system32\wucltux.dll
2015-09-09 16:18:26 ----A---- C:\windows\system32\wuaueng.dll
2015-09-09 16:18:25 ----A---- C:\windows\SYSWOW64\wuapi.dll
2015-09-09 16:18:25 ----A---- C:\windows\system32\WUSettingsProvider.dll
2015-09-09 16:18:25 ----A---- C:\windows\system32\wuauclt.exe
2015-09-09 16:18:25 ----A---- C:\windows\system32\wuapi.dll
2015-09-09 16:18:24 ----A---- C:\windows\SYSWOW64\wuwebv.dll
2015-09-09 16:18:24 ----A---- C:\windows\SYSWOW64\wudriver.dll
2015-09-09 16:18:24 ----A---- C:\windows\system32\wuwebv.dll
2015-09-09 16:18:24 ----A---- C:\windows\system32\wudriver.dll
2015-09-09 16:18:24 ----A---- C:\windows\system32\wuapp.exe
2015-09-09 16:18:22 ----A---- C:\windows\SYSWOW64\wuapp.exe
2015-09-09 16:17:43 ----A---- C:\windows\system32\taskeng.exe
2015-09-09 16:17:43 ----A---- C:\windows\system32\schedsvc.dll
2015-09-09 16:17:42 ----A---- C:\windows\SYSWOW64\taskeng.exe
2015-09-09 16:17:42 ----A---- C:\windows\SYSWOW64\schtasks.exe
2015-09-09 16:17:42 ----A---- C:\windows\system32\schtasks.exe
2015-09-09 16:17:37 ----A---- C:\windows\SYSWOW64\InkEd.dll
2015-09-09 16:17:37 ----A---- C:\windows\system32\InkEd.dll
2015-09-09 16:17:35 ----A---- C:\windows\system32\Windows.UI.Immersive.dll
2015-09-09 16:17:34 ----A---- C:\windows\SYSWOW64\Windows.UI.Immersive.dll
2015-09-09 16:17:34 ----A---- C:\windows\system32\SettingSync.dll
2015-09-09 16:17:34 ----A---- C:\windows\system32\authui.dll
2015-09-09 16:17:33 ----A---- C:\windows\SYSWOW64\authui.dll
2015-09-09 16:17:30 ----A---- C:\windows\SYSWOW64\SettingSync.dll
2015-09-09 16:17:29 ----A---- C:\windows\SYSWOW64\shacct.dll
2015-09-09 16:17:29 ----A---- C:\windows\system32\shacct.dll
2015-09-09 16:17:10 ----A---- C:\windows\SYSWOW64\appidapi.dll
2015-09-09 16:17:10 ----A---- C:\windows\system32\appidsvc.dll
2015-09-09 16:17:10 ----A---- C:\windows\system32\appidapi.dll
2015-09-09 16:16:55 ----A---- C:\windows\system32\mshtml.dll
2015-09-09 16:16:49 ----A---- C:\windows\SYSWOW64\mshtml.dll
2015-09-09 16:16:41 ----A---- C:\windows\system32\ieframe.dll
2015-09-09 16:16:39 ----A---- C:\windows\SYSWOW64\ieframe.dll
2015-09-09 16:16:37 ----A---- C:\windows\system32\jscript9.dll
2015-09-09 16:16:34 ----A---- C:\windows\SYSWOW64\jscript9.dll
2015-09-09 16:16:33 ----A---- C:\windows\system32\iertutil.dll
2015-09-09 16:16:32 ----A---- C:\windows\system32\wininet.dll
2015-09-09 16:16:31 ----A---- C:\windows\SYSWOW64\wininet.dll
2015-09-09 16:16:31 ----A---- C:\windows\SYSWOW64\iertutil.dll
2015-09-09 16:16:30 ----A---- C:\windows\SYSWOW64\jscript.dll
2015-09-09 16:16:30 ----A---- C:\windows\system32\urlmon.dll
2015-09-09 16:16:29 ----A---- C:\windows\SYSWOW64\vbscript.dll
2015-09-09 16:16:29 ----A---- C:\windows\system32\jscript.dll
2015-09-09 16:16:28 ----A---- C:\windows\system32\iedkcs32.dll
2015-09-09 16:16:28 ----A---- C:\windows\system32\ie4uinit.exe
2015-09-09 16:16:27 ----A---- C:\windows\system32\vbscript.dll
2015-09-09 16:16:26 ----A---- C:\windows\SYSWOW64\urlmon.dll
2015-09-09 16:16:21 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2015-09-09 16:16:21 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2015-09-09 16:16:19 ----A---- C:\windows\system32\webcheck.dll
2015-09-09 16:16:19 ----A---- C:\windows\system32\msfeeds.dll
2015-09-09 16:16:18 ----A---- C:\windows\SYSWOW64\webcheck.dll
2015-09-09 16:16:16 ----A---- C:\windows\system32\inetcomm.dll
2015-09-09 16:16:10 ----A---- C:\windows\SYSWOW64\inetcomm.dll
2015-09-09 16:16:10 ----A---- C:\windows\system32\ieapfltr.dll
2015-09-09 16:16:08 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2015-09-09 16:14:52 ----A---- C:\windows\system32\win32k.sys
2015-09-09 16:14:52 ----A---- C:\windows\system32\atmfd.dll
2015-09-09 16:14:49 ----A---- C:\windows\SYSWOW64\atmlib.dll
2015-09-09 16:14:49 ----A---- C:\windows\SYSWOW64\atmfd.dll
2015-09-09 16:14:49 ----A---- C:\windows\system32\atmlib.dll
2015-09-09 16:13:51 ----A---- C:\windows\system32\tzsync.exe

======List of files/folders modified in the last 1 month======

2015-09-25 11:28:34 ----D---- C:\windows\Prefetch
2015-09-25 11:28:27 ----RD---- C:\Program Files
2015-09-25 11:16:13 ----D---- C:\windows\system32\sru
2015-09-25 10:00:06 ----D---- C:\windows\Temp
2015-09-25 02:24:44 ----D---- C:\windows\system32\config
2015-09-25 02:10:08 ----D---- C:\windows\Microsoft.NET
2015-09-25 00:45:15 ----SHD---- C:\System Volume Information
2015-09-24 23:13:31 ----D---- C:\windows\Tasks
2015-09-24 23:13:31 ----D---- C:\windows\system32\Tasks
2015-09-24 23:13:28 ----D---- C:\windows\system32\drivers
2015-09-24 22:48:21 ----HD---- C:\ProgramData
2015-09-24 22:48:21 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\Apple Computer
2015-09-24 22:48:07 ----D---- C:\Program Files (x86)\Common Files
2015-09-24 22:46:13 ----SHD---- C:\windows\Installer
2015-09-24 22:46:13 ----RD---- C:\Program Files (x86)
2015-09-24 22:45:07 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\vlc
2015-09-24 22:33:31 ----D---- C:\windows\SysWOW64
2015-09-24 22:16:30 ----RAD---- C:\windows\System32
2015-09-24 22:16:30 ----D---- C:\windows\Inf
2015-09-24 22:16:30 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-09-24 17:26:30 ----SD---- C:\Users\Lukáš Handl\AppData\Roaming\Microsoft
2015-09-24 15:22:22 ----AD---- C:\Users
2015-09-24 15:10:21 ----D---- C:\ProgramData\LU
2015-09-24 14:59:30 ----D---- C:\Program Files\Common Files
2015-09-24 14:57:39 ----D---- C:\Program Files (x86)\Google
2015-09-24 11:54:15 ----HD---- C:\windows\ELAMBKUP
2015-09-22 20:58:22 ----D---- C:\windows\CbsTemp
2015-09-22 20:58:16 ----D---- C:\windows\WinSxS
2015-09-22 20:57:56 ----D---- C:\windows\debug
2015-09-22 20:23:17 ----D---- C:\windows\addins
2015-09-22 20:21:53 ----D---- C:\Program Files (x86)\Lenovo
2015-09-22 20:21:46 ----D---- C:\Program Files (x86)\Apple Software Update
2015-09-22 20:21:46 ----D---- C:\Program Files (x86)\Adobe
2015-09-22 19:02:29 ----AD---- C:\Windows
2015-09-22 18:04:08 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\TeamViewer
2015-09-22 18:03:39 ----D---- C:\windows\Panther
2015-09-22 18:03:36 ----D---- C:\windows\Logs
2015-09-22 17:55:05 ----D---- C:\windows\rescache
2015-09-21 20:47:18 ----RSD---- C:\windows\Fonts
2015-09-21 19:48:40 ----D---- C:\windows\SYSWOW64\drivers
2015-09-21 18:58:12 ----SHD---- C:\$Recycle.Bin
2015-09-17 22:54:59 ----D---- C:\Program Files (x86)\Opera
2015-09-17 10:35:16 ----D---- C:\windows\system32\DriverStore
2015-09-16 00:08:40 ----D---- C:\windows\AppReadiness
2015-09-15 03:18:38 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2015-09-12 18:03:38 ----D---- C:\windows\system32\en-US
2015-09-12 18:03:38 ----D---- C:\windows\system32\cs-CZ
2015-09-12 18:03:36 ----D---- C:\windows\PolicyDefinitions
2015-09-12 18:03:36 ----D---- C:\Program Files\Windows Journal
2015-09-12 18:03:36 ----D---- C:\Program Files\Internet Explorer
2015-09-12 18:03:36 ----D---- C:\Program Files (x86)\Internet Explorer
2015-09-11 20:29:42 ----RSD---- C:\windows\assembly
2015-09-09 17:40:58 ----D---- C:\ProgramData\Microsoft Help
2015-09-09 17:32:23 ----A---- C:\windows\win.ini
2015-09-09 17:28:19 ----D---- C:\windows\system32\MRT
2015-09-09 17:19:36 ----D---- C:\windows\SYSWOW64\en-US
2015-09-09 17:19:36 ----D---- C:\windows\SYSWOW64\cs-CZ
2015-09-09 16:13:01 ----D---- C:\windows\system32\catroot2
2015-08-31 17:51:49 ----HD---- C:\Program Files\WindowsApps
2015-08-26 18:37:02 ----A---- C:\windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MBI;@oem10.inf,%MBI.SVCDESC%;Intel(R) Sideband Fabric Device Service; C:\windows\System32\drivers\MBI.sys [2013-10-10 29464]
R1 QMUdisk;tencent QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMUdisk64.sys [2015-09-21 80184]
R1 rsutils;rsutils; C:\windows\system32\DRIVERS\rsutils.sys [2015-04-09 71760]
R1 TSSysKit;TSSysKit; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSSysKit64.sys [2015-09-21 87352]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 QQSysMonX64;QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQSysMonX64.sys [2015-09-21 138040]
R2 sysmon;sysmon; C:\windows\system32\DRIVERS\sysmon.sys [2015-04-30 119256]
R2 TAOKernelDriver;Tencent TAO kernel driver.; \??\C:\windows\system32\drivers\TAOKernel64.sys [2015-09-21 274232]
R3 ACPIVPC;@oem26.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\windows\System32\drivers\AcpiVpc.sys [2014-08-13 35576]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 athr;@oem18.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athwbx.sys [2013-11-13 3880448]
R3 BTATH_BUS;@oem14.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\windows\System32\drivers\btath_bus.sys [2013-10-30 34384]
R3 BtFilter;BtFilter; C:\windows\system32\DRIVERS\btfilter.sys [2013-10-30 596168]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 CnxtHdAudService;@oem11.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2014-01-27 1474240]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2014-03-07 3729920]
R3 IntcDAud;@oem4.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2014-03-07 450520]
R3 iwdbus;@oem7.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\windows\System32\drivers\iwdbus.sys [2014-03-01 27032]
R3 RSUSBVSTOR;@oem22.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUVStor.sys [2013-09-24 329944]
R3 RTL8168;@oem8.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\windows\system32\DRIVERS\Rt630x64.sys [2013-08-15 830680]
R3 SmbDrvI;SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-12-24 34544]
R3 SNP2UVC;@oem20.inf,%SERVICE_DISPLAY_NAME%;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2014-01-24 2853400]
R3 SynTP;@oem13.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2013-12-24 532720]
R3 TAOAccelerator;Tencent TAOAccelerator driver.; \??\C:\windows\system32\Drivers\TAOAccelerator64.sys [2015-08-21 87160]
R3 TFsFlt;TFsFlt; C:\windows\system32\Drivers\TFsFltX64.sys [2015-09-21 87864]
R3 TS888x64;TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TS888x64.sys [2015-09-24 28984]
R3 TXEIx64;@oem9.inf,%TEE_SvcDesc%;Intel(R) Trusted Execution Engine Interface ; C:\windows\System32\drivers\TXEIx64.sys [2014-01-15 88592]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
R4 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys []
S1 TSDefenseBt;TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSDefenseBT64.sys [2015-09-21 28472]
S2 VDWFP;VDWFP; \??\C:\windows\system32\Drivers\VDWFP64.sys []
S3 AthBTPort;@oem17.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\windows\system32\DRIVERS\btath_flt.sys [2013-10-30 89800]
S3 BTATH_A2DP;@oem16.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\windows\system32\drivers\btath_a2dp.sys [2013-10-30 338120]
S3 btath_avdt;@oem16.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\windows\system32\drivers\btath_avdt.sys [2013-10-30 116424]
S3 BTATH_HCRP;@oem19.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\windows\System32\drivers\btath_hcrp.sys [2013-10-30 179432]
S3 BTATH_LWFLT;@oem21.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\windows\system32\DRIVERS\btath_lwflt.sys [2013-10-30 77464]
S3 BTATH_RCP;@oem23.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\windows\System32\drivers\btath_rcp.sys [2013-10-30 137928]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\windows\System32\drivers\BthEnum.sys [2014-10-29 53248]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\windows\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\windows\System32\drivers\bthpan.sys [2015-07-10 118272]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2015-05-11 1201664]
S3 dg_ssudbus;@oem31.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 e1iexpress;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\windows\system32\DRIVERS\e1i63x64.sys [2013-06-18 460288]
S3 intaud_WaveExtensible;@oem6.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\windows\system32\drivers\intelaud.sys [2014-03-01 38296]
S3 IT9135BDA;@oem28.inf,%IT9135Devcie.FriendlyName%;IT9135 BDA Devices; C:\windows\System32\Drivers\IT9135BDA.sys [2014-11-06 165504]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys []
S3 NETwNe64;@netwew02.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\windows\system32\DRIVERS\NETwew02.sys [2013-06-18 4649440]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\System32\drivers\rfcomm.sys [2015-01-30 167424]
S3 ssudmdm;@oem33.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 USBAAPL64;@oem29.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys [2014-08-16 54784]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-01-20 77128]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2013-10-30 317568]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 CxAudMsg;@C:\windows\system32\CxAudMsg64.exe,-100; C:\windows\system32\CxAudMsg64.exe [2013-07-25 206552]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\windows\System32\svchost.exe [2014-10-29 38792]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\windows\system32\igfxCUIService.exe [2014-03-12 282096]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 Lenovo System Agent Service;Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [2015-03-06 584632]
R2 LenovoWiFiHotspotSvr;Lenovo WiFiHotspot Service; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [2014-08-13 198192]
R2 LUService;LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [2014-02-18 38896]
R2 PerfTraceService;PerfTraceService; C:\Program Files (x86)\Tencent\QQBrowser\Service\PerfTraceService.exe [2015-09-21 278880]
R2 PhoneCompanionPusher;Lenovo PhoneCompanionPusher Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [2014-08-13 288240]
R2 QQPCRTP;QQPCMgr RTP Service; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe [2015-09-21 301728]
R2 RsMgrSvc;Rsd Service; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [2015-08-06 196288]
R2 RsRavMon;Rav Service; C:\Program Files (x86)\Rising\RAV\ravmond.exe [2014-05-15 277552]
R2 SAService;Conexant SmartAudio service; C:\windows\system32\SAsrv.exe []
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-03-25 5447952]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2014-03-18 43696]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2015-02-13 643880]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-09-24 2909472]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-24 269000]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\windows\System32\svchost.exe [2014-10-29 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2014-03-12 279024]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2014-10-28 654848]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 PhoneCompanionVap;Lenovo PhoneCompanionVap Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [2014-08-13 305136]
S3 TAOFrame;TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TAOFrame.exe [2015-09-21 293856]

-----------------EOF-----------------




Tady přidávám screeny:

Kód: Vybrat vše

http://i59.tinypic.com/2vb3ij6.jpg

Kód: Vybrat vše

http://i57.tinypic.com/2r5amgx.jpg

Kód: Vybrat vše

http://i62.tinypic.com/a4x24w.jpg
Když dám do PC flashku, tak to udělá třeba tohle:

Kód: Vybrat vše

http://i59.tinypic.com/j9q6i0.jpg
Nevíte, někdo co s tím? Projel jsem to CCleanerem, AVG...a nejde to nijak smazat..

Re: "čínský vir"

Napsal: 25 zář 2015 11:13
od Márty84
Zdravim :)

:arrow: Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Re: "čínský vir"

Napsal: 25 zář 2015 11:33
od Lukass24
Děkuju Vám strašně moc..vypadá to, že jsem se toho zbavil...ale pro jistotu, tady je ten LOG..

# AdwCleaner v5.008 - Logfile created 25/09/2015 at 12:25:28
# Updated 18/09/2015 by Xplode
# Database : 2015-09-23.1 [Server]
# Operating system : Windows 8.1 Connected (x64)
# Username : Lukáš Handl - LUKAS
# Running from : C:\Users\Lukáš Handl\Desktop\adwcleaner_5.008.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : QQPCRTP
[-] Service Deleted : VDWFP
[-] Service Deleted : TAOAccelerator
[-] Service Deleted : TSDefenseBt
[-] Service Deleted : TSSysKit
[-] Service Deleted : QMUdisk
[-] Service Deleted : TS888x64
[-] Service Deleted : QQSysMonX64
[-] Service Deleted : TFsFlt
[-] Service Deleted : TAOFrame
[-] Service Deleted : TAOKernelDriver
[-] Service Deleted : RsMgrSvc
[-] Service Deleted : RsRavMon
[-] Service Deleted : PerfTraceService

***** [ Folders ] *****

[-] Folder Deleted : C:\IQIYI Video
[-] Folder Deleted : C:\ppsfile
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[#] Folder Deleted : C:\Program Files (x86)\tencent
[-] Folder Deleted : C:\Program Files (x86)\Rising
[-] Folder Deleted : C:\Program Files (x86)\Common Files\tencent
[#] Folder Deleted : C:\Program Files\Common Files\tencent
[-] Folder Deleted : C:\ProgramData\pokki
[#] Folder Deleted : C:\ProgramData\tencent
[-] Folder Deleted : C:\ProgramData\TXQMPC
[-] Folder Deleted : C:\ProgramData\Rising
[-] Folder Deleted : C:\ProgramData\productdata
[-] Folder Deleted : C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}
[-] Folder Deleted : C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
[-] Folder Deleted : C:\Users\Guest\AppData\Local\pokki
[-] Folder Deleted : C:\Users\Lukáš Handl\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Lukáš Handl\AppData\Local\pokki
[-] Folder Deleted : C:\Users\Lukáš Handl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod
[-] Folder Deleted : C:\Users\Lukáš Handl\AppData\LocalLow\tencent
[#] Folder Deleted : C:\Users\Lukáš Handl\AppData\Roaming\tencent
[-] Folder Deleted : C:\Users\Lukáš Handl\AppData\Roaming\cpuminer
[-] Folder Deleted : C:\Users\Lukáš Handl\AppData\Roaming\productdata
[-] Folder Deleted : C:\Users\LUKHAN~1\AppData\Local\Temp\tencent
[-] Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent

***** [ Files ] *****

[-] File Deleted : C:\windows\Sysnative\cpuminer-conf.json
[-] File Deleted : C:\windows\Sysnative\drivers\TAOAccelerator64.sys
[-] File Deleted : C:\windows\Sysnative\drivers\TAOKernel64.sys
[-] File Deleted : C:\windows\Sysnative\drivers\TFsFltX64.sys
[-] File Deleted : C:\windows\SysWOW64\drivers\TS888x64.sys

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Pokki

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\METNSD
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\APPID\VISUALDISCOVERY.EXE
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPCMgr
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\GEEPLAYER.DIR
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\APPLICATIONS\GEEPLAYER.EXE
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{646BAAE7-7538-4866-8EEE-974C0AA910AB}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn
[-] Key Deleted : HKLM\SOFTWARE\545fcd06-9a39-424a-8bb8-566755e0977d
[-] Key Deleted : HKLM\SOFTWARE\674f0895-c475-4265-bccc-115c0fb4d1fb
[-] Key Deleted : HKLM\SOFTWARE\6ebaecdc-85e7-4b9b-9f88-dc345dff1a8f
[-] Key Deleted : HKLM\SOFTWARE\ecbe83cd-e86d-4519-aa38-68042abb44e8
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{646BAAE7-7538-4866-8EEE-974C0AA910AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E6F928E4-B672-4F3A-8CA2-53C4259235DE}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{646BAAE7-7538-4866-8EEE-974C0AA910AB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\VisualDiscovery
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cpuminer
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tab]

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8046 bytes] ##########

Re: "čínský vir"

Napsal: 25 zář 2015 11:36
od Márty84
Nemate zac! :-)

:!: Ale je potreba to docistit poradne, jinak je to za chvili zpatky.

:arrow: Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Re: "čínský vir"

Napsal: 25 zář 2015 12:19
od Lukass24
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 2
PUP.Optional.Spigot, C:\Users\Lukáš Handl\AppData\Local\Temp\is-FRSPL.tmp\iobitappsToolbar-stub-1.exe, , [51c4191b612aa492bdc5f1bba461bf41],
Backdoor.PcClient, C:\Users\Luk?? Handl\AppData\Local\Temp\TempQQPhoneManager-5.3.2_710201.4693.pa.exe, , [da3b5ada4f3ca591ecc03e1dcb3a936d],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Re: "čínský vir"

Napsal: 25 zář 2015 14:56
od Márty84
Jelikoz tu neni zacatek logu, nevim, jiste, zda byl test spravne nastaven, ale snad ano.


:arrow: Nalezy nechte odstranit, pak MBAM odinstalujte.

:arrow: Dejte novy log z RSIT

a k tomu

:arrow: Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach :)

Re: "čínský vir"

Napsal: 25 zář 2015 15:58
od Lukass24
RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Lukáš Handl at 2015-09-25 16:56:46
Microsoft Windows 8.1 s aplikací Bing
System drive C: has 320 GB (74%) free of 434 GB
Total RAM: 3979 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:56:48, on 25. 9. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera_crashreporter.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files\trend micro\Lukáš Handl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=94493384_hao_pg
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [ QQPCTray] "C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTRAY.EXE" /regrun /qqrepair
O4 - HKLM\..\Run: [RSDTRAY] "C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: LUService - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 10397 bytes

======Listing Processes======





wininit.exe

winlogon.exe

C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\igfxCUIService.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\windows\system32\CxAudMsg64.exe
C:\windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
dashost.exe {a9862db3-6a71-42a6-b0d845b1db48423f}
"C:\Program Files\Lenovo\iMController\SystemAgentService.exe"
C:\Windows\System32\LenovoWiFiHotspotSvr.exe
"C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe"
"C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe"
C:\windows\SysWOW64\SAsrv.exe
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5aedead4-60bd-4ad6-9ad9-78e8b77c1d83 -SystemEventPortName:HostProcess-014c8c6d-bb89-49ce-8967-c68f3a48f31d -IoCancelEventPortName:HostProcess-9e5585b2-9e34-47d7-9535-d29402b6ad32 -NonStateChangingEventPortName:HostProcess-ae3c9794-963a-4a9c-b093-4ba19d3707ed -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a5fa6b41-ec89-466b-9993-1620cb1a86e1 -DeviceGroupId:WudfDefaultDevicePool
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\Explorer.EXE
igfxHK.exe
igfxTray.exe
"C:\windows\system32\igfxEM.exe" -Embedding
taskhostex.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\windows\system32\GWX\GWX.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\skydrive.exe -Embedding
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe"
"C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe"
"C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe"
"C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE"
"C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe"
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
adb fork-server server
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera\32.0.1948.25\opera_crashreporter.exe" --ran-launcher --crash-reporter-parent-id=5036
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --type=gpu-process --channel="5036.0.1357657751\1577395061" --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=4960 --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,26,51 --gpu-vendor-id=0x8086 --gpu-device-id=0x0f31 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3496 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=4960 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_19_0_0_201.dll" --ppapi-flash-version=19.0.0.201 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=4960 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="5036.2.1108779858\1926629120" /prefetch:673131151
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_19_0_0_201.dll" --ppapi-flash-version=19.0.0.201 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=4960 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="5036.3.1184654229\435362647" /prefetch:673131151
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_19_0_0_201.dll" --ppapi-flash-version=19.0.0.201 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=4960 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="5036.5.979399368\839171969" /prefetch:673131151
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
taskhostex.exe Idle
taskhost.exe IdleSyncMaintenance
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_19_0_0_201.dll" --ppapi-flash-version=19.0.0.201 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=4960 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="5036.47.1645820659\677695067" /prefetch:673131151
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --type=ppapi --channel="5036.48.336370355\1442718536" --ppapi-flash-args --lang=cs --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=4960 --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_19_0_0_201.dll" --ppapi-flash-version=19.0.0.201 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=4960 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="5036.49.624743448\1657057898" /prefetch:673131151
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_19_0_0_201.dll" --ppapi-flash-version=19.0.0.201 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=4960 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="5036.50.205153548\1231488663" /prefetch:673131151
"C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\windows\SysWOW64\Macromed\Flash\pepflashplayer32_19_0_0_201.dll" --ppapi-flash-version=19.0.0.201 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=4960 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="5036.51.303941525\1266623320" /prefetch:673131151
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe9_ Global\UsGthrCtrlFltPipeMssGthrPipe9 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 572 576 584 65536 580

C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Lukáš Handl\Desktop\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\windows\tasks\5VpyJGkQ8eiTJLrydW.job - C:\Users\Luk� Handl\AppData\Roaming\5VpyJGkQ8eiTJLrydW.exe --c=XX0rPQ/tYC1v2JYocjwy6tEZTEln++MpT80ZDQxUc/oca3RUVMekhKp3AH0JKqCxWT4KbBx9CCeGyJqCEB2g64j8TLZOygLJ52c21mJEC8AyQdLWD5SmPQJYwSMoJP7tL3sXvZhh6b4HWBBx8qbaXMpoMTL77s5CacEHqtUc+bROYARhYQ8NHK8h8D+obT+46uCqqd4eppBTMpsa4KJ3fhAFrgVCWm6dNigC5qbvGbW2FuPhhGB2Equtg2+ze0vEgX24hq3ZXRzYoTxKUWw+jEdPjC+Bbyn3UA77Ul8gWCH/aYJwSdkW77TTFuuK6nwRQ/R/RNKyoaVOdhXMB2oW2A==
C:\windows\tasks\Adobe Flash box Files Update Ver 2015921.job - C:\ProgramData\uiksdl201592116\Dailaymation.exe /check_update
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\QQBrowser Udpater Task(Core).job - C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe -host= -tasks=1
C:\windows\tasks\QQBrowser Udpater Task.job - C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe -host= -tasks

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2013-09-05 907480]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-13 1647616]
"PhoneCompanion"=C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [2014-08-13 836592]
"Energy Manager"=C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [2014-08-13 16094704]
"Lenovo Utility"=C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [2014-08-13 10842096]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2015-02-13 169768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-10-30 132736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2014-12-23 833240]
"Zoner Photo Studio Service 16"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2014-12-23 833240]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2011-12-07 214312]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
" QQPCTray"=C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTRAY.EXE /regrun /qqrepair []
"RSDTRAY"=C:\Program Files (x86)\Rising\RSD\popwndexe.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-10-30 132736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDWFP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VisualDiscovery]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"midi4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-09-25 12:31:07 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\ProductData
2015-09-25 12:28:46 ----D---- C:\ProgramData\TXQMPC
2015-09-25 12:22:08 ----D---- C:\AdwCleaner
2015-09-25 11:28:27 ----D---- C:\Program Files\trend micro
2015-09-25 11:28:26 ----D---- C:\rsit
2015-09-24 22:46:18 ----D---- C:\ProgramData\IObit
2015-09-24 22:46:11 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\IObit
2015-09-24 22:46:07 ----D---- C:\Program Files (x86)\IObit
2015-09-24 11:55:20 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\AVG
2015-09-24 11:54:26 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\TuneUp Software
2015-09-24 11:49:23 ----D---- C:\ProgramData\MFAData
2015-09-24 11:46:50 ----D---- C:\ProgramData\Avg
2015-09-24 11:46:49 ----HD---- C:\ProgramData\Common Files
2015-09-22 19:46:20 ----D---- C:\ProgramData\Malwarebytes
2015-09-21 19:42:39 ----N---- C:\windows\system32\drivers\rsndisp.sys
2015-09-21 19:42:38 ----N---- C:\windows\system32\drivers\sysmon.sys
2015-09-21 19:42:38 ----N---- C:\windows\system32\drivers\rsutils.sys
2015-09-21 19:36:34 ----D---- C:\Program Files (x86)\yyzb_201509211936
2015-09-21 19:34:46 ----N---- C:\windows\system32\drivers\TFsFltX64.sys
2015-09-21 19:33:28 ----D---- C:\Program Files (x86)\Tencent
2015-09-21 19:33:13 ----D---- C:\ProgramData\Tencent
2015-09-21 19:10:45 ----D---- C:\Program Files (x86)\26770e5a-280e-4dfa-8260-ad71d031841e
2015-09-21 19:01:58 ----D---- C:\Program Files (x86)\334a952c-7f11-4051-8ef2-b8d6f554dc13
2015-09-21 18:59:15 ----A---- C:\ProgramData\inf.dat
2015-09-21 18:59:13 ----A---- C:\ProgramData\mfkkhcmhltpt.dll
2015-09-21 18:58:46 ----D---- C:\ProgramData\adb
2015-09-21 18:58:43 ----D---- C:\Program Files (x86)\Seznam.cz
2015-09-21 18:58:40 ----D---- C:\ProgramData\uiksdl201592116
2015-09-21 18:58:40 ----D---- C:\ProgramData\4997GameBox_Data
2015-09-21 18:58:08 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\Seznam.cz
2015-09-21 18:53:59 ----D---- C:\Program Files (x86)\baidu
2015-09-09 17:16:37 ----A---- C:\windows\SYSWOW64\msxml6.dll
2015-09-09 17:16:37 ----A---- C:\windows\system32\msxml6.dll
2015-09-09 17:16:37 ----A---- C:\windows\system32\msxml3.dll
2015-09-09 17:16:36 ----A---- C:\windows\SYSWOW64\msxml3.dll
2015-09-09 17:16:34 ----A---- C:\windows\system32\UtcResources.dll
2015-09-09 17:16:34 ----A---- C:\windows\system32\tdh.dll
2015-09-09 17:16:34 ----A---- C:\windows\system32\diagtrack.dll
2015-09-09 17:16:33 ----A---- C:\windows\SYSWOW64\tdh.dll
2015-09-09 17:16:32 ----A---- C:\windows\SYSWOW64\gdi32.dll
2015-09-09 17:16:32 ----A---- C:\windows\system32\gdi32.dll
2015-09-09 17:16:32 ----A---- C:\windows\system32\consent.exe
2015-09-09 17:16:30 ----A---- C:\windows\system32\SettingsHandlers.dll
2015-09-09 17:16:29 ----A---- C:\windows\system32\profsvc.dll
2015-09-09 17:16:20 ----AC---- C:\windows\system32\drivers\bthpan.sys
2015-09-09 16:18:26 ----A---- C:\windows\system32\wucltux.dll
2015-09-09 16:18:26 ----A---- C:\windows\system32\wuaueng.dll
2015-09-09 16:18:25 ----A---- C:\windows\SYSWOW64\wuapi.dll
2015-09-09 16:18:25 ----A---- C:\windows\system32\WUSettingsProvider.dll
2015-09-09 16:18:25 ----A---- C:\windows\system32\wuauclt.exe
2015-09-09 16:18:25 ----A---- C:\windows\system32\wuapi.dll
2015-09-09 16:18:24 ----A---- C:\windows\SYSWOW64\wuwebv.dll
2015-09-09 16:18:24 ----A---- C:\windows\SYSWOW64\wudriver.dll
2015-09-09 16:18:24 ----A---- C:\windows\system32\wuwebv.dll
2015-09-09 16:18:24 ----A---- C:\windows\system32\wudriver.dll
2015-09-09 16:18:24 ----A---- C:\windows\system32\wuapp.exe
2015-09-09 16:18:22 ----A---- C:\windows\SYSWOW64\wuapp.exe
2015-09-09 16:17:43 ----A---- C:\windows\system32\taskeng.exe
2015-09-09 16:17:43 ----A---- C:\windows\system32\schedsvc.dll
2015-09-09 16:17:42 ----A---- C:\windows\SYSWOW64\taskeng.exe
2015-09-09 16:17:42 ----A---- C:\windows\SYSWOW64\schtasks.exe
2015-09-09 16:17:42 ----A---- C:\windows\system32\schtasks.exe
2015-09-09 16:17:37 ----A---- C:\windows\SYSWOW64\InkEd.dll
2015-09-09 16:17:37 ----A---- C:\windows\system32\InkEd.dll
2015-09-09 16:17:35 ----A---- C:\windows\system32\Windows.UI.Immersive.dll
2015-09-09 16:17:34 ----A---- C:\windows\SYSWOW64\Windows.UI.Immersive.dll
2015-09-09 16:17:34 ----A---- C:\windows\system32\SettingSync.dll
2015-09-09 16:17:34 ----A---- C:\windows\system32\authui.dll
2015-09-09 16:17:33 ----A---- C:\windows\SYSWOW64\authui.dll
2015-09-09 16:17:30 ----A---- C:\windows\SYSWOW64\SettingSync.dll
2015-09-09 16:17:29 ----A---- C:\windows\SYSWOW64\shacct.dll
2015-09-09 16:17:29 ----A---- C:\windows\system32\shacct.dll
2015-09-09 16:17:10 ----A---- C:\windows\SYSWOW64\appidapi.dll
2015-09-09 16:17:10 ----A---- C:\windows\system32\appidsvc.dll
2015-09-09 16:17:10 ----A---- C:\windows\system32\appidapi.dll
2015-09-09 16:16:55 ----A---- C:\windows\system32\mshtml.dll
2015-09-09 16:16:49 ----A---- C:\windows\SYSWOW64\mshtml.dll
2015-09-09 16:16:41 ----A---- C:\windows\system32\ieframe.dll
2015-09-09 16:16:39 ----A---- C:\windows\SYSWOW64\ieframe.dll
2015-09-09 16:16:37 ----A---- C:\windows\system32\jscript9.dll
2015-09-09 16:16:34 ----A---- C:\windows\SYSWOW64\jscript9.dll
2015-09-09 16:16:33 ----A---- C:\windows\system32\iertutil.dll
2015-09-09 16:16:32 ----A---- C:\windows\system32\wininet.dll
2015-09-09 16:16:31 ----A---- C:\windows\SYSWOW64\wininet.dll
2015-09-09 16:16:31 ----A---- C:\windows\SYSWOW64\iertutil.dll
2015-09-09 16:16:30 ----A---- C:\windows\SYSWOW64\jscript.dll
2015-09-09 16:16:30 ----A---- C:\windows\system32\urlmon.dll
2015-09-09 16:16:29 ----A---- C:\windows\SYSWOW64\vbscript.dll
2015-09-09 16:16:29 ----A---- C:\windows\system32\jscript.dll
2015-09-09 16:16:28 ----A---- C:\windows\system32\iedkcs32.dll
2015-09-09 16:16:28 ----A---- C:\windows\system32\ie4uinit.exe
2015-09-09 16:16:27 ----A---- C:\windows\system32\vbscript.dll
2015-09-09 16:16:26 ----A---- C:\windows\SYSWOW64\urlmon.dll
2015-09-09 16:16:21 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2015-09-09 16:16:21 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2015-09-09 16:16:19 ----A---- C:\windows\system32\webcheck.dll
2015-09-09 16:16:19 ----A---- C:\windows\system32\msfeeds.dll
2015-09-09 16:16:18 ----A---- C:\windows\SYSWOW64\webcheck.dll
2015-09-09 16:16:16 ----A---- C:\windows\system32\inetcomm.dll
2015-09-09 16:16:10 ----A---- C:\windows\SYSWOW64\inetcomm.dll
2015-09-09 16:16:10 ----A---- C:\windows\system32\ieapfltr.dll
2015-09-09 16:16:08 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2015-09-09 16:14:52 ----A---- C:\windows\system32\win32k.sys
2015-09-09 16:14:52 ----A---- C:\windows\system32\atmfd.dll
2015-09-09 16:14:49 ----A---- C:\windows\SYSWOW64\atmlib.dll
2015-09-09 16:14:49 ----A---- C:\windows\SYSWOW64\atmfd.dll
2015-09-09 16:14:49 ----A---- C:\windows\system32\atmlib.dll
2015-09-09 16:13:51 ----A---- C:\windows\system32\tzsync.exe

======List of files/folders modified in the last 1 month======

2015-09-25 16:00:00 ----D---- C:\windows\system32\sru
2015-09-25 14:57:37 ----D---- C:\windows\Prefetch
2015-09-25 14:57:31 ----D---- C:\windows\Temp
2015-09-25 14:57:30 ----D---- C:\ProgramData\LU
2015-09-25 14:57:25 ----SHD---- C:\windows\Installer
2015-09-25 14:57:12 ----SHD---- C:\System Volume Information
2015-09-25 14:51:20 ----RD---- C:\Program Files (x86)
2015-09-25 14:51:20 ----D---- C:\windows\system32\drivers
2015-09-25 14:45:24 ----RD---- C:\windows\ImmersiveControlPanel
2015-09-25 12:34:53 ----RAD---- C:\windows\System32
2015-09-25 12:34:53 ----D---- C:\windows\Inf
2015-09-25 12:34:53 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-09-25 12:29:20 ----D---- C:\Program Files\Common Files
2015-09-25 12:28:46 ----HD---- C:\ProgramData
2015-09-25 12:28:06 ----D---- C:\windows\system32\Tasks
2015-09-25 12:28:05 ----D---- C:\windows\SYSWOW64\drivers
2015-09-25 12:26:23 ----D---- C:\Program Files (x86)\Common Files
2015-09-25 11:28:27 ----RD---- C:\Program Files
2015-09-25 02:24:44 ----D---- C:\windows\system32\config
2015-09-25 02:10:08 ----D---- C:\windows\Microsoft.NET
2015-09-24 23:13:31 ----D---- C:\windows\Tasks
2015-09-24 22:48:21 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\Apple Computer
2015-09-24 22:45:07 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\vlc
2015-09-24 22:33:31 ----D---- C:\windows\SysWOW64
2015-09-24 17:26:30 ----SD---- C:\Users\Lukáš Handl\AppData\Roaming\Microsoft
2015-09-24 15:22:22 ----AD---- C:\Users
2015-09-24 14:57:39 ----D---- C:\Program Files (x86)\Google
2015-09-24 14:54:12 ----HD---- C:\windows\ELAMBKUP
2015-09-22 20:58:22 ----D---- C:\windows\CbsTemp
2015-09-22 20:58:16 ----D---- C:\windows\WinSxS
2015-09-22 20:57:56 ----D---- C:\windows\debug
2015-09-22 20:23:17 ----D---- C:\windows\addins
2015-09-22 20:21:53 ----D---- C:\Program Files (x86)\Lenovo
2015-09-22 20:21:46 ----D---- C:\Program Files (x86)\Apple Software Update
2015-09-22 20:21:46 ----D---- C:\Program Files (x86)\Adobe
2015-09-22 19:02:29 ----AD---- C:\Windows
2015-09-22 18:04:08 ----D---- C:\Users\Lukáš Handl\AppData\Roaming\TeamViewer
2015-09-22 18:03:39 ----D---- C:\windows\Panther
2015-09-22 18:03:36 ----D---- C:\windows\Logs
2015-09-22 17:55:05 ----D---- C:\windows\rescache
2015-09-21 20:47:18 ----RSD---- C:\windows\Fonts
2015-09-21 18:58:12 ----SHD---- C:\$Recycle.Bin
2015-09-17 22:54:59 ----D---- C:\Program Files (x86)\Opera
2015-09-17 10:35:16 ----D---- C:\windows\system32\DriverStore
2015-09-16 00:08:40 ----D---- C:\windows\AppReadiness
2015-09-15 03:18:38 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2015-09-12 18:03:38 ----D---- C:\windows\system32\en-US
2015-09-12 18:03:38 ----D---- C:\windows\system32\cs-CZ
2015-09-12 18:03:36 ----D---- C:\windows\PolicyDefinitions
2015-09-12 18:03:36 ----D---- C:\Program Files\Windows Journal
2015-09-12 18:03:36 ----D---- C:\Program Files\Internet Explorer
2015-09-12 18:03:36 ----D---- C:\Program Files (x86)\Internet Explorer
2015-09-11 20:29:42 ----RSD---- C:\windows\assembly
2015-09-09 17:40:58 ----D---- C:\ProgramData\Microsoft Help
2015-09-09 17:32:23 ----A---- C:\windows\win.ini
2015-09-09 17:28:19 ----D---- C:\windows\system32\MRT
2015-09-09 17:19:36 ----D---- C:\windows\SYSWOW64\en-US
2015-09-09 17:19:36 ----D---- C:\windows\SYSWOW64\cs-CZ
2015-09-09 16:13:01 ----D---- C:\windows\system32\catroot2
2015-08-31 17:51:49 ----HD---- C:\Program Files\WindowsApps
2015-08-26 18:37:02 ----A---- C:\windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MBI;@oem10.inf,%MBI.SVCDESC%;Intel(R) Sideband Fabric Device Service; C:\windows\System32\drivers\MBI.sys [2013-10-10 29464]
R1 rsutils;rsutils; C:\windows\system32\DRIVERS\rsutils.sys [2015-04-09 71760]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 sysmon;sysmon; C:\windows\system32\DRIVERS\sysmon.sys [2015-04-30 119256]
R3 ACPIVPC;@oem26.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\windows\System32\drivers\AcpiVpc.sys [2014-08-13 35576]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 athr;@oem18.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athwbx.sys [2013-11-13 3880448]
R3 BTATH_BUS;@oem14.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\windows\System32\drivers\btath_bus.sys [2013-10-30 34384]
R3 BtFilter;BtFilter; C:\windows\system32\DRIVERS\btfilter.sys [2013-10-30 596168]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 CnxtHdAudService;@oem11.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2014-01-27 1474240]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2014-03-07 3729920]
R3 IntcDAud;@oem4.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2014-03-07 450520]
R3 iwdbus;@oem7.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\windows\System32\drivers\iwdbus.sys [2014-03-01 27032]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys []
R3 RSUSBVSTOR;@oem22.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUVStor.sys [2013-09-24 329944]
R3 RTL8168;@oem8.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\windows\system32\DRIVERS\Rt630x64.sys [2013-08-15 830680]
R3 SmbDrvI;SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-12-24 34544]
R3 SNP2UVC;@oem20.inf,%SERVICE_DISPLAY_NAME%;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2014-01-24 2853400]
R3 SynTP;@oem13.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2013-12-24 532720]
R3 TXEIx64;@oem9.inf,%TEE_SvcDesc%;Intel(R) Trusted Execution Engine Interface ; C:\windows\System32\drivers\TXEIx64.sys [2014-01-15 88592]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S1 TSDefenseBt;TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSDefenseBT64.sys []
S3 AthBTPort;@oem17.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\windows\system32\DRIVERS\btath_flt.sys [2013-10-30 89800]
S3 BTATH_A2DP;@oem16.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\windows\system32\drivers\btath_a2dp.sys [2013-10-30 338120]
S3 btath_avdt;@oem16.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\windows\system32\drivers\btath_avdt.sys [2013-10-30 116424]
S3 BTATH_HCRP;@oem19.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\windows\System32\drivers\btath_hcrp.sys [2013-10-30 179432]
S3 BTATH_LWFLT;@oem21.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\windows\system32\DRIVERS\btath_lwflt.sys [2013-10-30 77464]
S3 BTATH_RCP;@oem23.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\windows\System32\drivers\btath_rcp.sys [2013-10-30 137928]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\windows\System32\drivers\BthEnum.sys [2014-10-29 53248]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\windows\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\windows\System32\drivers\bthpan.sys [2015-07-10 118272]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2015-05-11 1201664]
S3 dg_ssudbus;@oem31.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 e1iexpress;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\windows\system32\DRIVERS\e1i63x64.sys [2013-06-18 460288]
S3 intaud_WaveExtensible;@oem6.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\windows\system32\drivers\intelaud.sys [2014-03-01 38296]
S3 IT9135BDA;@oem28.inf,%IT9135Devcie.FriendlyName%;IT9135 BDA Devices; C:\windows\System32\Drivers\IT9135BDA.sys [2014-11-06 165504]
S3 NETwNe64;@netwew02.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\windows\system32\DRIVERS\NETwew02.sys [2013-06-18 4649440]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\System32\drivers\rfcomm.sys [2015-01-30 167424]
S3 ssudmdm;@oem33.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 USBAAPL64;@oem29.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys [2014-08-16 54784]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-01-20 77128]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2013-10-30 317568]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 CxAudMsg;@C:\windows\system32\CxAudMsg64.exe,-100; C:\windows\system32\CxAudMsg64.exe [2013-07-25 206552]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\windows\System32\svchost.exe [2014-10-29 38792]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\windows\system32\igfxCUIService.exe [2014-03-12 282096]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 Lenovo System Agent Service;Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [2015-03-06 584632]
R2 LenovoWiFiHotspotSvr;Lenovo WiFiHotspot Service; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [2014-08-13 198192]
R2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-09-24 2909472]
R2 PhoneCompanionPusher;Lenovo PhoneCompanionPusher Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [2014-08-13 288240]
R2 SAService;Conexant SmartAudio service; C:\windows\system32\SAsrv.exe []
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-03-25 5447952]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2014-03-18 43696]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2015-02-13 643880]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 LUService;LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [2014-04-21 37624]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-24 269000]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\windows\System32\svchost.exe [2014-10-29 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2014-03-12 279024]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2014-10-28 654848]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 PhoneCompanionVap;Lenovo PhoneCompanionVap Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [2014-08-13 305136]

-----------------EOF-----------------

Re: "čínský vir"

Napsal: 25 zář 2015 16:04
od Lukass24
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Lukáš Handl (administrator) on LUKAS (25-09-2015 17:01:42)
Running from C:\Users\Lukáš Handl\Desktop
Loaded Profiles: Lukáš Handl (Available Profiles: Lukáš Handl & Guest)
Platform: Windows 8.1 Connected (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.25\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
(forum.viry.cz) C:\Users\Lukáš Handl\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-08-13] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-08-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2014-08-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTRAY.EXE" /regrun /qqrepair
HKLM-x32\...\Run: [RSDTRAY] => "C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-10-30] (Qualcomm®Atheros®)
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software)
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27864 2014-12-23] ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMGCShellExt64.dll No File
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => No File
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.11.0.251 10.11.1.101
Tcpip\..\Interfaces\{39988937-4D4E-4F8C-9CBE-6B1E2731AA9B}: [DhcpNameServer] 150.206.1.3
Tcpip\..\Interfaces\{87DE76CA-3A3F-4643-840A-932EA34BACB9}: [DhcpNameServer] 10.11.0.251 10.11.1.101

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=94493384_hao_pg
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1890199532-669019267-3749307274-1001 -> DefaultScope {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg
SearchScopes: HKU\S-1-5-21-1890199532-669019267-3749307274-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg
SearchScopes: HKU\S-1-5-21-1890199532-669019267-3749307274-1001 -> {916E3299-32E4-4B96-AC03-A05660F74FE5} URL =
SearchScopes: HKU\S-1-5-21-1890199532-669019267-3749307274-1001 -> {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg
SearchScopes: HKU\S-1-5-21-1890199532-669019267-3749307274-1001 -> {CE6CE45F-3998-4E80-92BC-C24F945E270C} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1890199532-669019267-3749307274-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File

Chrome:
=======
CHR Profile: C:\Users\Lukáš Handl\AppData\Local\Google\Chrome\User Data\Default

Opera:
=======
OPR StartupUrls: "hxxp://www.seznam.cz/"],"urls_signature":"BETU9clk7bkaQYKSEYWARpTXuhlzIQfV2ftAqjfjqGtTkikZMkAJyvTtwdnZ6QUy"},"speeddial":{"bookmarks_folder_guid":"D734C92D-39FB-4E64-A049-DB8C0DFF1977","imported_to_bookmarks":true},"spellcheck":{"dictionaries":["cs"
OPR Extension: (singleclickapps) - C:\Users\Lukáš Handl\AppData\Roaming\Opera Software\Opera Stable\Extensions\okolehhdmfccanphdbibhgjmkgbgbdif [2014-10-27]
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [317568 2013-10-30] (Windows (R) Win 7 DDK provider) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-10-28] (Macrovision Europe Ltd.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-08-13] (Lenovo(beijing) Limited)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-09-24] (IObit)
S2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [37624 2014-04-21] (Lenovo(beijing) Limited)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-08-13] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-08-13] (Lenovo)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5447952 2015-03-25] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-10-30] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-30] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2014-11-06] (ITE )
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-04-09] (Beijing Rising Information Technology Co., Ltd.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-24] (Synaptics Incorporated)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [2853400 2014-01-24] (Sonix Co. Ltd.)
R2 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-04-30] (Beijing Rising Information Technology Co., Ltd.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSDefenseBT64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-25 17:01 - 2015-09-25 17:02 - 00017334 _____ C:\Users\Lukáš Handl\Desktop\FRST.txt
2015-09-25 17:01 - 2015-09-25 17:01 - 00000000 ____D C:\FRST
2015-09-25 17:00 - 2015-09-25 17:00 - 00112640 _____ (forum.viry.cz) C:\Users\Lukáš Handl\Desktop\FRSTLauncher.exe
2015-09-25 16:59 - 2015-09-25 16:59 - 02192384 _____ (Farbar) C:\Users\Lukáš Handl\Desktop\FRST64.exe
2015-09-25 16:56 - 2015-09-25 16:56 - 01222144 _____ C:\Users\Lukáš Handl\Desktop\RSITx64.exe
2015-09-25 12:31 - 2015-09-25 12:31 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Roaming\ProductData
2015-09-25 12:28 - 2015-09-25 12:28 - 00000000 ____D C:\ProgramData\TXQMPC
2015-09-25 12:22 - 2015-09-25 12:25 - 00000000 ____D C:\AdwCleaner
2015-09-25 11:28 - 2015-09-25 16:56 - 00000000 ____D C:\Program Files\trend micro
2015-09-25 11:28 - 2015-09-25 11:28 - 00000000 ____D C:\rsit
2015-09-24 22:48 - 2015-09-24 22:48 - 00000000 ____D C:\windows\Tasks\ImCleanDisabled
2015-09-24 22:46 - 2015-09-24 23:15 - 00000000 ____D C:\Program Files (x86)\IObit
2015-09-24 22:46 - 2015-09-24 22:48 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Roaming\IObit
2015-09-24 22:46 - 2015-09-24 22:48 - 00000000 ____D C:\ProgramData\IObit
2015-09-24 15:22 - 2015-09-24 15:22 - 00000000 ____D C:\Users\Luk谩拧 Handl
2015-09-24 14:58 - 2015-09-24 14:58 - 00000000 ____D C:\Users\Luk釟 Handl\AppData\Roaming\Tencent
2015-09-24 14:58 - 2015-09-24 14:58 - 00000000 ____D C:\Users\Luk釟 Handl
2015-09-24 11:55 - 2015-09-24 11:55 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Roaming\AVG
2015-09-24 11:54 - 2015-09-24 11:54 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Roaming\TuneUp Software
2015-09-24 11:49 - 2015-09-24 14:59 - 00000000 ____D C:\ProgramData\MFAData
2015-09-24 11:49 - 2015-09-24 11:49 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Local\MFAData
2015-09-24 11:46 - 2015-09-24 15:03 - 00000000 ____D C:\ProgramData\Avg
2015-09-24 11:44 - 2015-09-24 15:03 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Local\AvgSetupLog
2015-09-24 11:44 - 2015-09-24 14:59 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Local\Avg
2015-09-22 19:46 - 2015-09-22 19:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-22 19:02 - 2015-09-25 14:45 - 00100038 _____ C:\windows\PFRO.log
2015-09-22 18:35 - 2015-09-22 18:35 - 00013248 ____H C:\Users\Lukáš Handl\Desktop\~WRL3742.tmp
2015-09-22 18:06 - 2015-09-25 14:45 - 00000696 _____ C:\windows\setupact.log
2015-09-22 18:06 - 2015-09-22 18:06 - 00000000 _____ C:\windows\setuperr.log
2015-09-21 19:42 - 2015-04-30 03:17 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\windows\system32\Drivers\sysmon.sys
2015-09-21 19:42 - 2015-04-09 07:00 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\windows\system32\Drivers\rsutils.sys
2015-09-21 19:42 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\windows\system32\Drivers\rsndisp.sys
2015-09-21 19:37 - 2015-09-21 19:37 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Local\YYZB2
2015-09-21 19:36 - 2015-09-21 19:36 - 00000000 ____D C:\Program Files (x86)\yyzb_201509211936
2015-09-21 19:35 - 2015-09-25 16:32 - 00000316 _____ C:\windows\Tasks\QQBrowser Udpater Task.job
2015-09-21 19:35 - 2015-09-25 14:46 - 00000320 _____ C:\windows\Tasks\QQBrowser Udpater Task(Core).job
2015-09-21 19:35 - 2015-09-21 19:35 - 00003212 _____ C:\windows\System32\Tasks\QQBrowser Udpater Task
2015-09-21 19:35 - 2015-09-21 19:35 - 00002586 _____ C:\windows\System32\Tasks\QQBrowser Udpater Task(Core)
2015-09-21 19:34 - 2015-09-21 19:34 - 00087864 ____N (电脑管家) C:\windows\system32\Drivers\TFsFltX64.sys
2015-09-21 19:33 - 2015-09-25 12:29 - 00000000 ____D C:\ProgramData\Tencent
2015-09-21 19:33 - 2015-09-25 12:25 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-09-21 19:10 - 2015-09-22 20:21 - 00000000 ____D C:\Program Files (x86)\26770e5a-280e-4dfa-8260-ad71d031841e
2015-09-21 19:02 - 2015-09-21 19:02 - 00001042 _____ C:\windows\Tasks\5VpyJGkQ8eiTJLrydW.job
2015-09-21 19:01 - 2015-09-22 20:21 - 00000000 ____D C:\Program Files (x86)\334a952c-7f11-4051-8ef2-b8d6f554dc13
2015-09-21 18:59 - 2015-09-21 18:59 - 00443200 _____ (dajiayou) C:\ProgramData\mfkkhcmhltpt.dll
2015-09-21 18:59 - 2015-09-21 18:59 - 00002286 _____ C:\Users\Default\Desktop\Google Chrome.lnk
2015-09-21 18:59 - 2015-09-21 18:59 - 00002286 _____ C:\Users\Default User\Desktop\Google Chrome.lnk
2015-09-21 18:59 - 2015-09-21 18:59 - 00000000 ____D C:\Users\Lukáš Handl\.android
2015-09-21 18:59 - 2015-09-21 18:59 - 00000000 _____ C:\ProgramData\inf.dat
2015-09-21 18:58 - 2015-09-25 17:00 - 00000474 _____ C:\windows\Tasks\Adobe Flash box Files Update Ver 2015921.job
2015-09-21 18:58 - 2015-09-24 12:03 - 00000000 ____D C:\ProgramData\uiksdl201592116
2015-09-21 18:58 - 2015-09-22 18:06 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Roaming\Seznam.cz
2015-09-21 18:58 - 2015-09-21 18:59 - 00000000 ____D C:\ProgramData\adb
2015-09-21 18:58 - 2015-09-21 18:58 - 00003524 _____ C:\windows\System32\Tasks\Adobe Flash box Files Update Ver 2015921
2015-09-21 18:58 - 2015-09-21 18:58 - 00000000 ____D C:\ProgramData\4997GameBox_Data
2015-09-21 18:58 - 2015-09-21 18:58 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-09-21 18:57 - 2015-09-21 19:51 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Local\Unity
2015-09-21 18:56 - 2015-09-21 18:56 - 00000000 ____D C:\Users\Public\QiYi
2015-09-21 18:53 - 2015-09-22 20:21 - 00000000 ____D C:\Program Files (x86)\baidu
2015-09-16 19:03 - 2015-09-24 16:13 - 00000000 ____D C:\Users\Lukáš Handl\Desktop\Škola
2015-09-09 17:16 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-09-09 17:16 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-09-09 17:16 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-09-09 17:16 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-09-09 17:16 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-09-09 17:16 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-09-09 17:16 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-09-09 17:16 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-09-09 17:16 - 2015-07-13 21:10 - 00411455 _____ C:\windows\system32\ApnDatabase.xml
2015-09-09 17:16 - 2015-07-10 21:06 - 00118272 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthpan.sys
2015-09-09 17:16 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-09-09 17:16 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-09-09 17:16 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-09-09 17:16 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-09-09 17:16 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2015-09-09 16:18 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-09-09 16:18 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-09-09 16:18 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-09-09 16:18 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-09-09 16:18 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-09-09 16:18 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-09-09 16:18 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-09-09 16:18 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-09-09 16:18 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-09-09 16:18 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-09-09 16:18 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-09-09 16:18 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-09-09 16:17 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-09-09 16:17 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-09-09 16:17 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-09-09 16:17 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\schtasks.exe
2015-09-09 16:17 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\windows\SysWOW64\schtasks.exe
2015-09-09 16:17 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2015-09-09 16:17 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\windows\system32\taskeng.exe
2015-09-09 16:17 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\windows\SysWOW64\taskeng.exe
2015-09-09 16:17 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-09-09 16:17 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-09-09 16:17 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-09-09 16:17 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Immersive.dll
2015-09-09 16:17 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-09-09 16:17 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 16:17 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\shacct.dll
2015-09-09 16:17 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2015-09-09 16:17 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\windows\SysWOW64\shacct.dll
2015-09-09 16:17 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2015-09-09 16:16 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-09-09 16:16 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-09-09 16:16 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-09-09 16:16 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-09-09 16:16 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-09-09 16:16 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-09-09 16:16 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-09-09 16:16 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-09-09 16:16 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-09-09 16:16 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-09-09 16:16 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-09-09 16:16 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-09-09 16:16 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-09-09 16:16 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-09-09 16:16 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-09-09 16:16 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-09-09 16:16 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-09-09 16:16 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-09-09 16:16 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-09-09 16:16 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-09-09 16:16 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-09-09 16:16 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-09-09 16:16 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-09-09 16:16 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-09-09 16:16 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-09-09 16:16 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-09-09 16:16 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-09-09 16:16 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-09-09 16:16 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-09-09 16:14 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-09-09 16:14 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-09-09 16:14 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-09-09 16:14 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-09-09 16:14 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-09-09 16:13 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\tzsync.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-25 17:00 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\sru
2015-09-25 16:33 - 2014-10-22 21:13 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-09-25 16:05 - 2014-08-13 14:47 - 01796706 _____ C:\windows\WindowsUpdate.log
2015-09-25 15:26 - 2014-10-22 19:45 - 00003982 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{23E07C23-06D0-4E96-91A2-9EF0D96AB483}
2015-09-25 15:21 - 2014-10-22 19:46 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1890199532-669019267-3749307274-1001
2015-09-25 14:57 - 2014-08-13 16:43 - 00000000 ____D C:\ProgramData\LU
2015-09-25 14:55 - 2015-07-12 15:39 - 00001279 _____ C:\Users\Lukáš Handl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2015-09-25 14:47 - 2014-10-22 23:48 - 00000000 __RDO C:\Users\Lukáš Handl\OneDrive
2015-09-25 14:46 - 2014-10-26 18:45 - 00003486 _____ C:\windows\System32\Tasks\AutoKMS
2015-09-25 14:45 - 2013-08-22 17:36 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2015-09-25 14:45 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-25 14:44 - 2014-08-13 15:35 - 14979352 _____ C:\Users\Public\CAFADEBUG.log
2015-09-25 12:34 - 2014-08-13 15:29 - 00739924 _____ C:\windows\system32\perfh005.dat
2015-09-25 12:34 - 2014-08-13 15:29 - 00151610 _____ C:\windows\system32\perfc005.dat
2015-09-25 12:34 - 2014-03-18 11:53 - 01745984 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-24 23:04 - 2014-10-28 18:13 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Local\CrashDumps
2015-09-24 22:48 - 2014-12-30 00:10 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Roaming\Apple Computer
2015-09-24 22:46 - 2014-10-22 21:13 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Local\Google
2015-09-24 22:45 - 2014-10-26 15:04 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Roaming\vlc
2015-09-24 22:43 - 2014-10-26 15:06 - 00000000 ____D C:\Users\Lukáš Handl\Desktop\Filmy
2015-09-24 22:33 - 2014-10-22 21:13 - 00003802 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-09-24 14:57 - 2014-10-22 21:13 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-24 14:54 - 2013-08-22 17:36 - 00000000 ___HD C:\windows\ELAMBKUP
2015-09-24 11:59 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-09-22 20:58 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2015-09-22 20:23 - 2013-08-22 17:36 - 00000000 ____D C:\windows\addins
2015-09-22 20:22 - 2014-10-22 19:38 - 00000000 ____D C:\Users\Lukáš Handl
2015-09-22 20:21 - 2014-12-30 00:07 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-22 20:21 - 2014-08-13 16:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-09-22 20:21 - 2014-08-13 15:47 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-09-22 18:04 - 2015-03-26 20:39 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Roaming\TeamViewer
2015-09-22 18:03 - 2014-04-02 19:34 - 00000000 ____D C:\windows\Panther
2015-09-22 17:56 - 2013-08-22 16:44 - 02438968 _____ C:\windows\system32\FNTCACHE.DAT
2015-09-22 17:55 - 2013-08-22 17:36 - 00000000 ____D C:\windows\rescache
2015-09-22 00:40 - 2014-10-22 19:42 - 00000000 ____D C:\Users\Lukáš Handl\Documents\Bluetooth Folder
2015-09-21 20:26 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-09-21 19:38 - 2014-12-08 21:24 - 00000000 __SHD C:\Users\Lukáš Handl\AppData\Local\EmieBrowserModeList
2015-09-21 19:38 - 2014-10-22 19:45 - 00000000 __SHD C:\Users\Lukáš Handl\AppData\Local\EmieUserList
2015-09-21 19:38 - 2014-10-22 19:45 - 00000000 __SHD C:\Users\Lukáš Handl\AppData\Local\EmieSiteList
2015-09-21 19:34 - 2014-10-22 19:39 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Local\VirtualStore
2015-09-17 22:54 - 2015-08-07 00:08 - 00001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-09-17 22:54 - 2014-10-27 00:23 - 00003824 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1414362219
2015-09-17 22:54 - 2014-10-22 20:03 - 00000000 ____D C:\Program Files (x86)\Opera
2015-09-16 00:08 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2015-09-15 03:18 - 2015-05-15 18:35 - 00812008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-09-15 03:18 - 2015-05-15 18:35 - 00178152 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-12 18:03 - 2014-03-18 11:38 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-12 18:03 - 2013-08-22 17:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-09-09 17:40 - 2014-10-26 17:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 17:32 - 2013-08-22 15:25 - 00000167 _____ C:\windows\win.ini
2015-09-09 17:28 - 2014-10-25 11:08 - 00000000 ____D C:\windows\system32\MRT
2015-09-04 18:30 - 2014-10-26 18:56 - 00000000 ____D C:\Users\Lukáš Handl\Desktop\Fotky
2015-08-31 16:49 - 2014-10-22 19:56 - 00002627 _____ C:\Users\Lukáš Handl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo Web Start.lnk
2015-08-31 16:49 - 2014-10-22 19:56 - 00002470 _____ C:\Users\Lukáš Handl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-08-26 18:37 - 2014-10-25 11:08 - 134753440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Lukáš Handl\AppData\Roaming\5VpyJGkQ8eiTJLrydW
2014-08-13 15:35 - 2014-08-13 15:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-21 18:59 - 2015-09-21 18:59 - 0000000 _____ () C:\ProgramData\inf.dat
2015-09-21 18:59 - 2015-09-21 18:59 - 0443200 _____ (dajiayou) C:\ProgramData\mfkkhcmhltpt.dll

Files to move or delete:
====================
C:\ProgramData\inf.dat
C:\ProgramData\mfkkhcmhltpt.dll


Some files in TEMP:
====================
C:\Users\Lukáš Handl\AppData\Local\Temp\install1754835.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\IQIYIsetup_spl004@kb037.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\qdsetup12.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881493_Silence.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\setup3.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\sqlite3.dll
C:\Users\Lukáš Handl\AppData\Local\Temp\V8._85773_20150906124525.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\wgjiklit_533_setup.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\Users\Luk谩拧 Handl\AppData\Local\Temp\TempQMSystemSetup_10.11.16575.227_1777425748.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-25 02:05

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows8_OS) (Fixed) (Total:423.68 GB) (Free:312.14 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.04 GB) NTFS

Available physical RAM: 2271.28 MB
Total physical RAM: 3979.21 MB
Percentage of memory in use: 42%

==================== MBR and Partition Table ==================

Reduce PDF Size (HKLM-x32\...\{32BD8FD9-8990-46A0-B86B-857F11014DF6}_is1) (Version: - reducepdfsize.com)
Disk: 0 (Size: 465.8 GB) (Disk ID: 2B67FC36)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\5VpyJGkQ8eiTJLrydW.job => C:\Users\Luk� Handl\AppData\Roaming\5VpyJGkQ8eiTJLrydW.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash box Files Update Ver 2015921.job => C:\ProgramData\uiksdl201592116\Dailaymation.exe/check_update C:\ProgramData\uiksdl201592116\LUKAS\Lukáš Handl6This task detect has update for box files.Ver
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\QQBrowser Udpater Task(Core).job => C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Task: C:\windows\Tasks\QQBrowser Udpater Task.job => C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\Lukáš Handl\OneDrive:ms-properties

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Luk�� Handl\Desktop" je 61491 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: "čínský vir"

Napsal: 25 zář 2015 17:20
od Márty84
***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Luk�� Handl\Desktop" je 61491 MB.
:arrow: Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku :)




:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTRAY.EXE" /regrun /qqrepair
HKLM-x32\...\Run: [RSDTRAY] => "C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMGCShellExt64.dll No File
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => No File

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=94493384_hao_pg
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1890199532-669019267-3749307274-1001 -> DefaultScope {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg
SearchScopes: HKU\S-1-5-21-1890199532-669019267-3749307274-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg
SearchScopes: HKU\S-1-5-21-1890199532-669019267-3749307274-1001 -> {916E3299-32E4-4B96-AC03-A05660F74FE5} URL =
SearchScopes: HKU\S-1-5-21-1890199532-669019267-3749307274-1001 -> {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg
SearchScopes: HKU\S-1-5-21-1890199532-669019267-3749307274-1001 -> {CE6CE45F-3998-4E80-92BC-C24F945E270C} URL =

FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [No File]
FF Plugin HKU\S-1-5-21-1890199532-669019267-3749307274-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File

R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-04-09] (Beijing Rising Information Technology Co., Ltd.)
R2 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-04-30] (Beijing Rising Information Technology Co., Ltd.)
R3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSDefenseBT64.sys [X]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]

2015-09-24 14:58 - 2015-09-24 14:58 - 00000000 ____D C:\Users\Luk釟 Handl\AppData\Roaming\Tencent
2015-09-24 11:55 - 2015-09-24 11:55 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Roaming\AVG
2015-09-24 11:54 - 2015-09-24 11:54 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Roaming\TuneUp Software
2015-09-24 11:46 - 2015-09-24 15:03 - 00000000 ____D C:\ProgramData\Avg
2015-09-24 11:44 - 2015-09-24 15:03 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Local\AvgSetupLog
2015-09-24 11:44 - 2015-09-24 14:59 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Local\Avg
2015-09-22 19:46 - 2015-09-22 19:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-21 19:42 - 2015-04-30 03:17 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\windows\system32\Drivers\sysmon.sys
2015-09-21 19:42 - 2015-04-09 07:00 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\windows\system32\Drivers\rsutils.sys
2015-09-21 19:42 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\windows\system32\Drivers\rsndisp.sys
2015-09-21 19:37 - 2015-09-21 19:37 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Local\YYZB2
2015-09-21 19:36 - 2015-09-21 19:36 - 00000000 ____D C:\Program Files (x86)\yyzb_201509211936
2015-09-21 19:35 - 2015-09-25 16:32 - 00000316 _____ C:\windows\Tasks\QQBrowser Udpater Task.job
2015-09-21 19:35 - 2015-09-25 14:46 - 00000320 _____ C:\windows\Tasks\QQBrowser Udpater Task(Core).job
2015-09-21 19:35 - 2015-09-21 19:35 - 00003212 _____ C:\windows\System32\Tasks\QQBrowser Udpater Task
2015-09-21 19:35 - 2015-09-21 19:35 - 00002586 _____ C:\windows\System32\Tasks\QQBrowser Udpater Task(Core)
2015-09-21 19:34 - 2015-09-21 19:34 - 00087864 ____N (电脑管家) C:\windows\system32\Drivers\TFsFltX64.sys
2015-09-21 19:33 - 2015-09-25 12:29 - 00000000 ____D C:\ProgramData\Tencent
2015-09-21 19:33 - 2015-09-25 12:25 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-09-21 19:10 - 2015-09-22 20:21 - 00000000 ____D C:\Program Files (x86)\26770e5a-280e-4dfa-8260-ad71d031841e
2015-09-21 19:02 - 2015-09-21 19:02 - 00001042 _____ C:\windows\Tasks\5VpyJGkQ8eiTJLrydW.job
2015-09-21 19:01 - 2015-09-22 20:21 - 00000000 ____D C:\Program Files (x86)\334a952c-7f11-4051-8ef2-b8d6f554dc13
2015-09-21 18:59 - 2015-09-21 18:59 - 00443200 _____ (dajiayou) C:\ProgramData\mfkkhcmhltpt.dll

C:\Users\Lukáš Handl\AppData\Local\Temp\install1754835.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\IQIYIsetup_spl004@kb037.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\qdsetup12.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881493_Silence.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\setup3.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\sqlite3.dll
C:\Users\Lukáš Handl\AppData\Local\Temp\V8._85773_20150906124525.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\wgjiklit_533_setup.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\Users\Luk谩拧 Handl\AppData\Local\Temp\TempQMSystemSetup_10.11.16575.227_1777425748.exe
C:\Users\Luk� Handl\AppData\Roaming\5VpyJGkQ8eiTJLrydW.exe
C:\Program Files (x86)\Tencent

Task: C:\windows\Tasks\5VpyJGkQ8eiTJLrydW.job => C:\Users\Luk� Handl\AppData\Roaming\5VpyJGkQ8eiTJLrydW.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash box Files Update Ver 2015921.job => C:\ProgramData\uiksdl201592116\Dailaymation.exe/check_update C:\ProgramData\uiksdl201592116\LUKAS\Lukáš Handl6This task detect has update for box files.Ver
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\QQBrowser Udpater Task(Core).job => C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Task: C:\windows\Tasks\QQBrowser Udpater Task.job => C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

Hosts:
EmptyTemp:
Reboot:
End
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Re: "čínský vir"

Napsal: 25 zář 2015 17:53
od Lukass24
Tak plochu jsem zredukoval na 15 MB... :)

Ted jdu na ten druhej úkol:D

Re: "čínský vir"

Napsal: 25 zář 2015 18:03
od Lukass24
Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Lukáš Handl (2015-09-25 18:55:46) Run:1
Running from C:\Users\Lukáš Handl\Desktop
Loaded Profiles: Lukáš Handl (Available Profiles: Lukáš Handl & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTRAY.EXE" /regrun /qqrepair
HKLM-x32\...\Run: [RSDTRAY] => "C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMGCShellExt64.dll No File
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => No File

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=94493384_hao_pg
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1890199532-669019267-3749307274-1001 -> DefaultScope {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg
SearchScopes: HKU\S-1-5-21-1890199532-669019267-3749307274-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg
SearchScopes: HKU\S-1-5-21-1890199532-669019267-3749307274-1001 -> {916E3299-32E4-4B96-AC03-A05660F74FE5} URL =
SearchScopes: HKU\S-1-5-21-1890199532-669019267-3749307274-1001 -> {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=96010190_dg
SearchScopes: HKU\S-1-5-21-1890199532-669019267-3749307274-1001 -> {CE6CE45F-3998-4E80-92BC-C24F945E270C} URL =

FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [No File]
FF Plugin HKU\S-1-5-21-1890199532-669019267-3749307274-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File

R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-04-09] (Beijing Rising Information Technology Co., Ltd.)
R2 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-04-30] (Beijing Rising Information Technology Co., Ltd.)
R3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSDefenseBT64.sys [X]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]

2015-09-24 14:58 - 2015-09-24 14:58 - 00000000 ____D C:\Users\Luk? Handl\AppData\Roaming\Tencent
2015-09-24 11:55 - 2015-09-24 11:55 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Roaming\AVG
2015-09-24 11:54 - 2015-09-24 11:54 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Roaming\TuneUp Software
2015-09-24 11:46 - 2015-09-24 15:03 - 00000000 ____D C:\ProgramData\Avg
2015-09-24 11:44 - 2015-09-24 15:03 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Local\AvgSetupLog
2015-09-24 11:44 - 2015-09-24 14:59 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Local\Avg
2015-09-22 19:46 - 2015-09-22 19:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-21 19:42 - 2015-04-30 03:17 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\windows\system32\Drivers\sysmon.sys
2015-09-21 19:42 - 2015-04-09 07:00 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\windows\system32\Drivers\rsutils.sys
2015-09-21 19:42 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\windows\system32\Drivers\rsndisp.sys
2015-09-21 19:37 - 2015-09-21 19:37 - 00000000 ____D C:\Users\Lukáš Handl\AppData\Local\YYZB2
2015-09-21 19:36 - 2015-09-21 19:36 - 00000000 ____D C:\Program Files (x86)\yyzb_201509211936
2015-09-21 19:35 - 2015-09-25 16:32 - 00000316 _____ C:\windows\Tasks\QQBrowser Udpater Task.job
2015-09-21 19:35 - 2015-09-25 14:46 - 00000320 _____ C:\windows\Tasks\QQBrowser Udpater Task(Core).job
2015-09-21 19:35 - 2015-09-21 19:35 - 00003212 _____ C:\windows\System32\Tasks\QQBrowser Udpater Task
2015-09-21 19:35 - 2015-09-21 19:35 - 00002586 _____ C:\windows\System32\Tasks\QQBrowser Udpater Task(Core)
2015-09-21 19:34 - 2015-09-21 19:34 - 00087864 ____N (????) C:\windows\system32\Drivers\TFsFltX64.sys
2015-09-21 19:33 - 2015-09-25 12:29 - 00000000 ____D C:\ProgramData\Tencent
2015-09-21 19:33 - 2015-09-25 12:25 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-09-21 19:10 - 2015-09-22 20:21 - 00000000 ____D C:\Program Files (x86)\26770e5a-280e-4dfa-8260-ad71d031841e
2015-09-21 19:02 - 2015-09-21 19:02 - 00001042 _____ C:\windows\Tasks\5VpyJGkQ8eiTJLrydW.job
2015-09-21 19:01 - 2015-09-22 20:21 - 00000000 ____D C:\Program Files (x86)\334a952c-7f11-4051-8ef2-b8d6f554dc13
2015-09-21 18:59 - 2015-09-21 18:59 - 00443200 _____ (dajiayou) C:\ProgramData\mfkkhcmhltpt.dll

C:\Users\Lukáš Handl\AppData\Local\Temp\install1754835.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\IQIYIsetup_spl004@kb037.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\qdsetup12.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881493_Silence.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\setup3.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\sqlite3.dll
C:\Users\Lukáš Handl\AppData\Local\Temp\V8._85773_20150906124525.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\wgjiklit_533_setup.exe
C:\Users\Lukáš Handl\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\Users\Luk?? Handl\AppData\Local\Temp\TempQMSystemSetup_10.11.16575.227_1777425748.exe
C:\Users\Luk? Handl\AppData\Roaming\5VpyJGkQ8eiTJLrydW.exe
C:\Program Files (x86)\Tencent

Task: C:\windows\Tasks\5VpyJGkQ8eiTJLrydW.job => C:\Users\Luk? Handl\AppData\Roaming\5VpyJGkQ8eiTJLrydW.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash box Files Update Ver 2015921.job => C:\ProgramData\uiksdl201592116\Dailaymation.exe/check_update C:\ProgramData\uiksdl201592116\LUKAS\Lukáš Handl6This task detect has update for box files.Ver
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\QQBrowser Udpater Task(Core).job => C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
Task: C:\windows\Tasks\QQBrowser Udpater Task.job => C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RSDTRAY => value removed successfully
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Autoupdate => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully
"HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Fatlfn" => key removed successfully
HKCR\CLSID\{646BAAE7-7538-4866-8EEE-974C0AA910AB} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value removed successfully
HKU\S-1-5-21-1890199532-669019267-3749307274-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1890199532-669019267-3749307274-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-1890199532-669019267-3749307274-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{916E3299-32E4-4B96-AC03-A05660F74FE5}" => key removed successfully
HKCR\CLSID\{916E3299-32E4-4B96-AC03-A05660F74FE5} => key not found.
"HKU\S-1-5-21-1890199532-669019267-3749307274-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A060E7FB-91F5-4c7c-BD0F-4A11A581D878}" => key removed successfully
HKCR\CLSID\{A060E7FB-91F5-4c7c-BD0F-4A11A581D878} => key not found.
"HKU\S-1-5-21-1890199532-669019267-3749307274-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CE6CE45F-3998-4E80-92BC-C24F945E270C}" => key removed successfully
HKCR\CLSID\{CE6CE45F-3998-4E80-92BC-C24F945E270C} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@rising.com.cn/nprising" => key removed successfully
"HKU\S-1-5-21-1890199532-669019267-3749307274-1001\Software\MozillaPlugins\@rising.com.cn/nprising" => key removed successfully
C:\Program Files (x86)\Rising\RAV\nprising.dll => not found.
rsutils => Unable to stop service.
rsutils => service removed successfully
sysmon => Unable to stop service.
sysmon => service removed successfully
MBAMSwissArmy => Unable to stop service.
MBAMSwissArmy => service removed successfully
TSDefenseBt => service removed successfully
AdobeARMservice => service removed successfully
"C:\Users\Luk? Handl\AppData\Roaming\Tencent" => File/Folder not found.
C:\Users\Lukáš Handl\AppData\Roaming\AVG => moved successfully
C:\Users\Lukáš Handl\AppData\Roaming\TuneUp Software => moved successfully
C:\ProgramData\Avg => moved successfully
C:\Users\Lukáš Handl\AppData\Local\AvgSetupLog => moved successfully
C:\Users\Lukáš Handl\AppData\Local\Avg => moved successfully
C:\ProgramData\Malwarebytes => moved successfully
C:\windows\system32\Drivers\sysmon.sys => moved successfully
C:\windows\system32\Drivers\rsutils.sys => moved successfully
C:\windows\system32\Drivers\rsndisp.sys => moved successfully
C:\Users\Lukáš Handl\AppData\Local\YYZB2 => moved successfully
C:\Program Files (x86)\yyzb_201509211936 => moved successfully
C:\windows\Tasks\QQBrowser Udpater Task.job => moved successfully
C:\windows\Tasks\QQBrowser Udpater Task(Core).job => moved successfully
C:\windows\System32\Tasks\QQBrowser Udpater Task => moved successfully
C:\windows\System32\Tasks\QQBrowser Udpater Task(Core) => moved successfully
C:\windows\system32\Drivers\TFsFltX64.sys => moved successfully
C:\ProgramData\Tencent => moved successfully
C:\Program Files (x86)\Tencent => moved successfully
C:\Program Files (x86)\26770e5a-280e-4dfa-8260-ad71d031841e => moved successfully
C:\windows\Tasks\5VpyJGkQ8eiTJLrydW.job => moved successfully
C:\Program Files (x86)\334a952c-7f11-4051-8ef2-b8d6f554dc13 => moved successfully
C:\ProgramData\mfkkhcmhltpt.dll => moved successfully
C:\Users\Lukáš Handl\AppData\Local\Temp\install1754835.exe => moved successfully
C:\Users\Lukáš Handl\AppData\Local\Temp\IQIYIsetup_spl004@kb037.exe => moved successfully
C:\Users\Lukáš Handl\AppData\Local\Temp\qdsetup12.exe => moved successfully
C:\Users\Lukáš Handl\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881493_Silence.exe => moved successfully
C:\Users\Lukáš Handl\AppData\Local\Temp\setup3.exe => moved successfully
C:\Users\Lukáš Handl\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Lukáš Handl\AppData\Local\Temp\V8._85773_20150906124525.exe => moved successfully
C:\Users\Lukáš Handl\AppData\Local\Temp\wgjiklit_533_setup.exe => moved successfully
C:\Users\Lukáš Handl\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe => moved successfully
"C:\Users\Luk?? Handl\AppData\Local\Temp\TempQMSystemSetup_10.11.16575.227_1777425748.exe" => File/Folder not found.
"C:\Users\Luk? Handl\AppData\Roaming\5VpyJGkQ8eiTJLrydW.exe" => File/Folder not found.
"C:\Program Files (x86)\Tencent" => File/Folder not found.
C:\windows\Tasks\5VpyJGkQ8eiTJLrydW.job => not found.
C:\windows\Tasks\Adobe Flash box Files Update Ver 2015921.job => moved successfully
C:\windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\windows\Tasks\QQBrowser Udpater Task(Core).job => not found.
C:\windows\Tasks\QQBrowser Udpater Task.job => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 995.4 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 18:58:05 ====

Re: "čínský vir"

Napsal: 25 zář 2015 18:25
od Márty84
:arrow: Fajn, chtelo by to nainstalovat nejaky antivir (napriklad Avast free, Bitdefender free, Avira).



:!: Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

:arrow:
vyosek píše: :arrow: DelFix https://toolslib.net/downloads/finish/2/
  • Stahnete a spustte
  • Ponechte zatrzitkou pouze u volby Remove disinfection tools
  • Kliknete na Run
:arrow: Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

:arrow: Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




:arrow: Pak napiste, jak to s pc vypada.

Re: "čínský vir"

Napsal: 25 zář 2015 18:31
od Lukass24
A co když už bych to nechal ve stavu, jakým to mám teďka?:D

Měl jsem na ploše filmy, fotky atd..tak jsem to dal všechno do dokumentů, a velikost plochy sw stáhla na 15 MB..:)

Anebo se k tomu jestě vrátím zítra..uvidím podle času, ale už mi to řpijde krásně pročisštěný...


Strasně Vám děkuju za ochotu...

Re: "čínský vir"

Napsal: 25 zář 2015 18:44
od Márty84
DelFix uklidi po mnou pouzitych programech, je to rychlovka.
CCleaner uklidi neplatne zaznamy a registry po mazani, taky otazka minutky.
Defragmentace je na delsi dobu, ale az bude cas, doporucuji ji provest, mazalo se, premistovalo, na disku je binec, defragmentaci se to pekne urovna a prodlouzi to stabilni chod pc. Nerikam ze musite dneska, ale v dohledne dobe ji udelejte :-)


Jinak tedy pokud vse bezi jak ma, muzem to uzavrit.


Nemate zac!

Mejte se a treba zase nekdy :bye:

:closed:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz