VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Virus - trojský kůň

https://forum.viry.cz:443/viewtopic.php?t=146805

Stránka 1 z 6

Virus - trojský kůň

Napsal: 10 lis 2015 20:06
od P-e-tula
Dobrý den, prosím o pomoc. Od mého přítele mi přišel přes skype soubor s koncovkou .vbs Ruce byly rychlejší než hlava a já daný soubor stáhla. Od té doby se mi sama zapínala webcamera a bylo vidět, že se někdo pokouší dostat se na můj účet na Facebooku, zjevovaly se mi tu hesla, počítač si prostě dělal co chtěl. Projela jsem počítač windowd defenderem - nic, AVG - nic až nakonec jsem spustila online scan přes ESET našlo a odstranilo to 7 souborů napadených nějakým trojským koněm. Od té doby je vše v pořádku, nezapíná se webcamera ani se mi nikdo nepokouší dostat do PC avšak po zapnutí PC naskočí hláška: Soubor scriptu C:/Users/appData/Roaming/Microsoft/PetraRolincová.vbs nebyl nalezen.

To je problém číslo 1.

Další problém je že mi nejde připojit se k internetu doma. Máme 2 wi-fi. Jedna je v obýváku, jenže má slabý signál a do mého pokoje nedosáhne, mám tedy v pokoji další router, do dnešního dne jsem se připojovala naprosto v pohodě, ale dnes po připojení mi to píše: Systému windows se nepodařilo automaticky zjistit nastavení proxy serveru sítě.


Jsem PC laik nedokáži tedy odhadnout, zda tyto problémy spolu nějak souvisí nebo ne. Přikládám Log RSIT.

Logfile of random's system information tool 1.10 (written by random/random)
Run by User at 2015-11-10 19:56:27
Microsoft Windows 8.1
System drive C: has 302 GB (70%) free of 433 GB
Total RAM: 3979 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:05:14, on 10.11.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
C:\windows\SysWOW64\UMonit64.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
C:\Model\cmssservice\cmssservice.exe
C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\User.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 7886F6223B
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [Lenovo Recommends] C:\Program Files (x86)\Lenovo\Lenovo Recommends\Lenovo Recommends.exe -s
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\RunOnce: [Application Restart #3] C:\Users\User\AppData\Local\Pokki\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\User\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --enable-touch-events --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - Global Startup: addToTrustedSites.vbs
O4 - Global Startup: cmssservice.lnk = C:\Model\cmssservice\cmssservice.exe
O4 - Global Startup: runModel.vbs
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.http://127.0.0.1
O15 - Trusted Zone: *.http://localhost
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: LenovoRecommends.AppService - Unknown owner - C:\Program Files (x86)\Lenovo\Lenovo Recommends\Service\x64\LenovoRecommends.AppService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LsvUIService - Lenovo - C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
O23 - Service: LUService - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TESHelper - Lenovo - c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ymc - Lenovo - C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 13267 bytes

======Listing Processes======





wininit.exe

C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\igfxCUIService.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\windows\System32\svchost.exe -k utcsvc
dashost.exe {744672ce-bc31-44da-b39f87603c1b642c}
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
"C:\Program Files\Lenovo\iMController\SystemAgentService.exe"
"C:\Program Files (x86)\Lenovo\Lenovo Recommends\Service\x64\LenovoRecommends.AppService.exe"
C:\Windows\System32\LenovoWiFiHotspotSvr.exe
"C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe"
"C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe"
"c:\Program Files (x86)\eLiska4\MSSQL10_50.ELISKA4CLIENT\MSSQL\Binn\sqlservr.exe" -sELISKA4CLIENT
"C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe"
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\eLiska4\eLiska.exe" preloadbackground
C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-8f80aaca-a11d-4a3c-8fd4-aeee2676613a -SystemEventPortName:HostProcess-c6e04c27-d805-4f02-9a05-1a45c1663325 -IoCancelEventPortName:HostProcess-552a54dd-977d-4c1a-9bcc-b4d92f4827e6 -NonStateChangingEventPortName:HostProcess-f0a4dff4-1c5f-4d00-b388-908f9486f18c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:770ca881-dd77-41a5-9709-9a62e05706df -DeviceGroupId:WudfDefaultDevicePool
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
taskeng.exe {A7F1817E-ED8C-4BB9-84B7-9D66A4EDE494}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe"

"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

C:\windows\System32\WinLogon.exe -SpecialSession
-hiberboot
C:\windows\Explorer.EXE
igfxHK.exe
igfxTray.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
taskhostex.exe
ClassicStartMenu.exe -startup
C:\Windows\System32\skydrive.exe -Embedding
/QuitInfo:0000000000000DCC;0000000000000E8C;
/loadhooks /Parent:0000000000001bc0
"C:\windows\system32\igfxEM.exe" -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=7772 --on-initialized-event-handle=432 --parent-handle=348
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="980.0.738074802\1184856940" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,20,45 --gpu-vendor-id=0x8086 --gpu-device-id=0x0f31 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3496 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutofillClassifier/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="980.2.39987973\1567063942" --font-cache-shared-handle=2480 /prefetch:673131151
"C:\windows\system32\GWX\GWX.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
"C:\Windows\RTFTrack.exe"
"C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe" AutoRun
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
C:\windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe" --parent-window=0 chrome-extension://fkepacicchenbjecpbpbclokcabebhah/ < \\.\pipe\chrome.nativeMessaging.in.7a034dd18f091b4a > \\.\pipe\chrome.nativeMessaging.out.7a034dd18f091b4a
\??\C:\windows\system32\conhost.exe 0x4
"C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe" --parent-window=0 chrome-extension://fkepacicchenbjecpbpbclokcabebhah/
"C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe"
C:\windows\SysWOW64\UMonit64.exe
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" -Embedding
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe"
"C:\Windows\System32\StikyNot.exe"
"C:\Model\cmssservice\cmssservice.exe"
"C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe" /AutoRun
"C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe" -run
"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="*AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutofillClassifier/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="980.15.976197731\293092525" --font-cache-shared-handle=7128 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="*AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutofillClassifier/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="980.21.811237121\167683065" --font-cache-shared-handle=5672 /prefetch:673131151
"C:\Program Files\Windows Defender\MpCmdRun.exe" SpyNetServiceDss -RestrictPrivileges -AccessKey 83171C71-E091-D03D-F8F7-742AA1584E8A -Reinvoke
"C:\Users\User\Downloads\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="*AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutofillClassifier/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoIdForLargePopulation/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/" --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="980.22.1285438626\847427506" --font-cache-shared-handle=7040 /prefetch:673131151

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09 809408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12 2134656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09 487360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09 687040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12 1725056]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09 442816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09 809408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09 687040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-02-24 13667032]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-02-25 1381744]
"RtHDVBg_LENOVO_DOLBYDRAGON"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-02-25 1381744]
"RtHDVBg_LENOVO_MICPKEY"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-02-25 1381744]
"RtsFT"=C:\windows\RTFTrack.exe [2014-01-21 6340312]
"AutoStartTransition"=C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [2014-08-12 294672]
"PhoneCompanion"=C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [2014-08-12 836592]
"Energy Manager"=C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [2014-08-12 16094704]
"Lenovo Utility"=C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [2014-08-12 10841584]
"Classic Start Menu"=C:\Program Files\Classic Shell\ClassicStartMenu.exe [2015-08-09 161728]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2015-10-16 170256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2014-02-26 134784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2015-10-21 60688]
"iCloudDrive"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [2015-10-21 103696]
"iCloudPhotos"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [2015-10-21 349968]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2014-10-29 479744]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #3"=C:\Users\User\AppData\Local\Pokki\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\User\AppData\Local\Pokki\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --enable-touch-events --flag-switches-begin --flag-switches-end --restore-last-session []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Lenovo Recommends"=C:\Program Files (x86)\Lenovo\Lenovo Recommends\Lenovo Recommends.exe [2014-01-10 119280]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2014-02-26 134784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
addToTrustedSites.vbs
cmssservice.lnk - C:\Model\cmssservice\cmssservice.exe
runModel.vbs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDWFP]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"midi4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-11-10 19:56:28 ----D---- C:\Program Files\trend micro
2015-11-10 19:56:27 ----D---- C:\rsit
2015-11-10 13:07:19 ----RD---- C:\Program Files (x86)\Skype
2015-11-10 11:06:36 ----D---- C:\Program Files (x86)\ESET
2015-11-09 21:53:18 ----D---- C:\Users\User\AppData\Roaming\AVG
2015-11-09 21:51:38 ----D---- C:\Users\User\AppData\Roaming\TuneUp Software
2015-11-09 21:51:14 ----HD---- C:\$AVG
2015-11-09 21:49:19 ----D---- C:\ProgramData\MFAData
2015-11-09 21:48:07 ----HD---- C:\ProgramData\Common Files
2015-11-09 21:48:06 ----D---- C:\ProgramData\Avg
2015-11-09 21:31:27 ----D---- C:\ProgramData\STOPzilla!
2015-11-09 21:31:22 ----D---- C:\Program Files (x86)\iS3
2015-11-02 19:20:33 ----D---- C:\Program Files (x86)\EvilLyrics
2015-10-24 10:34:10 ----D---- C:\Program Files\iPod
2015-10-24 10:34:10 ----D---- C:\Program Files (x86)\iTunes
2015-10-24 10:34:07 ----D---- C:\Program Files\iTunes
2015-10-22 16:08:17 ----HD---- C:\ProgramData\CanonBJ
2015-10-22 16:07:18 ----D---- C:\windows\LastGood.Tmp
2015-10-22 14:36:10 ----RD---- C:\Users\User\AppData\Roaming\Brother
2015-10-15 14:57:21 ----A---- C:\windows\system32\devinv.dll
2015-10-15 14:57:21 ----A---- C:\windows\system32\appraiser.dll
2015-10-15 14:57:20 ----A---- C:\windows\system32\invagent.dll
2015-10-15 14:57:19 ----A---- C:\windows\system32\generaltel.dll
2015-10-15 14:57:19 ----A---- C:\windows\system32\aeinv.dll
2015-10-15 14:57:18 ----A---- C:\windows\system32\CompatTelRunner.exe
2015-10-15 14:57:18 ----A---- C:\windows\system32\acmigration.dll
2015-10-15 12:54:43 ----A---- C:\windows\SYSWOW64\CNHMCA.dll
2015-10-15 12:54:43 ----A---- C:\windows\SYSWOW64\CNC495U.dll
2015-10-15 12:54:43 ----A---- C:\windows\SYSWOW64\CNC495L.dll
2015-10-15 12:54:43 ----A---- C:\windows\system32\CNHMCA6.dll
2015-10-15 12:54:43 ----A---- C:\windows\system32\CNC495L.dll
2015-10-15 12:54:43 ----A---- C:\windows\system32\CNC495I.dll
2015-10-15 12:54:43 ----A---- C:\windows\system32\CNC495C.dll
2015-10-15 12:54:36 ----A---- C:\windows\system32\CNMLMA9.DLL
2015-10-14 13:44:49 ----A---- C:\windows\SYSWOW64\d2d1.dll
2015-10-14 13:44:30 ----A---- C:\windows\system32\d2d1.dll
2015-10-14 13:42:51 ----A---- C:\windows\system32\KernelBase.dll
2015-10-14 13:42:21 ----A---- C:\windows\system32\advapi32.dll
2015-10-14 13:41:20 ----A---- C:\windows\SYSWOW64\advapi32.dll
2015-10-14 13:41:07 ----A---- C:\windows\SYSWOW64\KernelBase.dll
2015-10-14 13:39:58 ----A---- C:\windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:39:58 ----A---- C:\windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:39:58 ----A---- C:\windows\system32\NcdAutoSetup.dll
2015-10-14 13:39:58 ----A---- C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:39:57 ----A---- C:\windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:39:57 ----A---- C:\windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:39:57 ----A---- C:\windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:39:57 ----A---- C:\windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:39:57 ----A---- C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:39:57 ----A---- C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:39:57 ----A---- C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:39:57 ----A---- C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:39:57 ----A---- C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:39:56 ----A---- C:\windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:39:56 ----A---- C:\windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:39:56 ----A---- C:\windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:39:56 ----A---- C:\windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:39:56 ----A---- C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:39:56 ----A---- C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:39:54 ----A---- C:\windows\SYSWOW64\ucrtbase.dll
2015-10-14 13:39:50 ----A---- C:\windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:39:50 ----A---- C:\windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:39:50 ----A---- C:\windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:39:50 ----A---- C:\windows\system32\ucrtbase.dll
2015-10-14 13:39:50 ----A---- C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:39:50 ----A---- C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:39:50 ----A---- C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:39:50 ----A---- C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:39:50 ----A---- C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:39:50 ----A---- C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:39:50 ----A---- C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:39:49 ----A---- C:\windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:39:44 ----A---- C:\windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 10:56:24 ----A---- C:\windows\system32\shell32.dll
2015-10-14 10:56:16 ----A---- C:\windows\SYSWOW64\shell32.dll
2015-10-14 10:56:13 ----A---- C:\windows\system32\ntoskrnl.exe
2015-10-14 10:56:12 ----A---- C:\windows\system32\winresume.exe
2015-10-14 10:56:12 ----A---- C:\windows\system32\winload.exe
2015-10-14 10:56:11 ----A---- C:\windows\SYSWOW64\ntdll.dll
2015-10-14 10:56:11 ----A---- C:\windows\system32\ntdll.dll
2015-10-14 10:56:11 ----A---- C:\windows\system32\fveapi.dll
2015-10-14 10:56:11 ----A---- C:\windows\system32\bdesvc.dll
2015-10-14 10:55:46 ----A---- C:\windows\system32\mshtml.dll
2015-10-14 10:55:43 ----A---- C:\windows\SYSWOW64\mshtml.dll
2015-10-14 10:55:20 ----A---- C:\windows\system32\jscript9.dll
2015-10-14 10:55:17 ----A---- C:\windows\system32\ieframe.dll
2015-10-14 10:55:15 ----A---- C:\windows\SYSWOW64\jscript9.dll
2015-10-14 10:55:14 ----A---- C:\windows\SYSWOW64\ieframe.dll
2015-10-14 10:55:12 ----A---- C:\windows\SYSWOW64\iertutil.dll
2015-10-14 10:55:12 ----A---- C:\windows\system32\iertutil.dll
2015-10-14 10:55:11 ----A---- C:\windows\system32\wininet.dll
2015-10-14 10:55:10 ----A---- C:\windows\SYSWOW64\wininet.dll
2015-10-14 10:55:10 ----A---- C:\windows\system32\ieui.dll
2015-10-14 10:55:10 ----A---- C:\windows\system32\dxtmsft.dll
2015-10-14 10:55:09 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2015-10-14 10:55:09 ----A---- C:\windows\system32\dxtrans.dll
2015-10-14 10:55:08 ----A---- C:\windows\SYSWOW64\ieui.dll
2015-10-14 10:55:08 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2015-10-14 10:55:08 ----A---- C:\windows\system32\urlmon.dll
2015-10-14 10:55:07 ----A---- C:\windows\SYSWOW64\jscript.dll
2015-10-14 10:55:04 ----A---- C:\windows\system32\jscript.dll
2015-10-14 10:55:03 ----A---- C:\windows\SYSWOW64\urlmon.dll
2015-10-14 10:55:00 ----A---- C:\windows\SYSWOW64\vbscript.dll
2015-10-14 10:54:59 ----A---- C:\windows\system32\vbscript.dll
2015-10-14 10:54:53 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2015-10-14 10:54:52 ----A---- C:\windows\system32\mshtmled.dll
2015-10-14 10:54:50 ----A---- C:\windows\system32\msfeeds.dll
2015-10-14 10:54:49 ----A---- C:\windows\system32\ie4uinit.exe
2015-10-14 10:54:39 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2015-10-14 10:54:39 ----A---- C:\windows\system32\webcheck.dll
2015-10-14 10:54:37 ----A---- C:\windows\SYSWOW64\webcheck.dll
2015-10-14 10:54:33 ----A---- C:\windows\system32\iedkcs32.dll
2015-10-14 10:54:28 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2015-10-14 10:54:26 ----A---- C:\windows\system32\inetcomm.dll
2015-10-14 10:54:14 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2015-10-14 10:54:14 ----A---- C:\windows\SYSWOW64\inetcomm.dll
2015-10-14 10:54:12 ----A---- C:\windows\system32\MshtmlDac.dll
2015-10-14 10:54:11 ----A---- C:\windows\system32\ieapfltr.dll
2015-10-14 10:54:08 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2015-10-14 10:51:58 ----A---- C:\windows\SYSWOW64\wuapi.dll
2015-10-14 10:51:58 ----A---- C:\windows\system32\wuaueng.dll
2015-10-14 10:51:58 ----A---- C:\windows\system32\wuapi.dll
2015-10-14 10:51:57 ----A---- C:\windows\SYSWOW64\wudriver.dll
2015-10-14 10:51:57 ----A---- C:\windows\SYSWOW64\wuapp.exe
2015-10-14 10:51:57 ----A---- C:\windows\system32\wuwebv.dll
2015-10-14 10:51:57 ----A---- C:\windows\system32\WUSettingsProvider.dll
2015-10-14 10:51:57 ----A---- C:\windows\system32\wudriver.dll
2015-10-14 10:51:57 ----A---- C:\windows\system32\wucltux.dll
2015-10-14 10:51:57 ----A---- C:\windows\system32\wuauclt.exe
2015-10-14 10:51:57 ----A---- C:\windows\system32\wuapp.exe
2015-10-14 10:51:56 ----A---- C:\windows\SYSWOW64\wuwebv.dll
2015-10-11 11:51:19 ----D---- C:\Program Files (x86)\Free AVI to MP4 Converter
2015-10-11 11:02:20 ----D---- C:\Users\User\AppData\Roaming\FlashIntegro
2015-10-11 11:01:42 ----A---- C:\windows\SYSWOW64\msvcr71.dll
2015-10-11 11:01:42 ----A---- C:\windows\SYSWOW64\msvcp71.dll
2015-10-11 11:01:40 ----A---- C:\windows\SYSWOW64\msxml3a.dll
2015-10-11 11:01:40 ----A---- C:\windows\SYSWOW64\Lagarith.dll
2015-10-11 11:01:39 ----A---- C:\windows\SYSWOW64\vp6vfw.dll
2015-10-11 11:01:38 ----A---- C:\windows\SYSWOW64\xvidvfw.dll
2015-10-11 11:01:38 ----A---- C:\windows\SYSWOW64\xvidcore.dll
2015-10-11 11:01:38 ----A---- C:\windows\SYSWOW64\mpg4c32.dll
2015-10-11 11:01:38 ----A---- C:\windows\SYSWOW64\mcdvd_32.dll
2015-10-11 11:01:38 ----A---- C:\windows\SYSWOW64\divx.dll
2015-10-11 10:41:22 ----D---- C:\ProgramData\Pinnacle
2015-10-11 10:18:26 ----D---- C:\Users\User\AppData\Roaming\DVDVideoSoft
2015-10-11 10:16:33 ----D---- C:\Program Files (x86)\WiliSoft Video Splitter

======List of files/folders modified in the last 1 month======

2015-11-10 20:00:02 ----D---- C:\windows\system32\sru
2015-11-10 19:56:41 ----D---- C:\windows\Prefetch
2015-11-10 19:56:28 ----RD---- C:\Program Files
2015-11-10 19:49:52 ----D---- C:\windows\Temp
2015-11-10 19:39:36 ----D---- C:\windows\system32\NDF
2015-11-10 19:31:27 ----D---- C:\windows\Inf
2015-11-10 18:16:17 ----D---- C:\Program Files (x86)\eLiska4
2015-11-10 17:07:35 ----D---- C:\Users\User\AppData\Roaming\Skype
2015-11-10 15:18:24 ----SHD---- C:\windows\Installer
2015-11-10 15:18:24 ----D---- C:\ProgramData\Skype
2015-11-10 15:13:22 ----SD---- C:\Users\User\AppData\Roaming\Microsoft
2015-11-10 13:45:39 ----D---- C:\Users\User\AppData\Roaming\vlc
2015-11-10 13:07:21 ----D---- C:\Program Files (x86)\Common Files
2015-11-10 13:07:19 ----RD---- C:\Program Files (x86)
2015-11-10 13:06:45 ----D---- C:\windows\system32\Tasks
2015-11-10 11:11:25 ----AD---- C:\Windows
2015-11-10 11:06:37 ----SD---- C:\windows\Downloaded Program Files
2015-11-10 09:48:02 ----RAD---- C:\windows\System32
2015-11-10 09:48:02 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-11-10 03:46:21 ----D---- C:\windows\Microsoft.NET
2015-11-09 23:16:13 ----D---- C:\Program Files\Common Files
2015-11-09 23:13:43 ----HD---- C:\windows\ELAMBKUP
2015-11-09 23:13:43 ----D---- C:\windows\system32\drivers
2015-11-09 22:25:47 ----D---- C:\INVOZ
2015-11-09 22:24:06 ----D---- C:\windows\SysWOW64
2015-11-09 21:57:13 ----HD---- C:\ProgramData
2015-11-09 21:57:13 ----D---- C:\windows\Tasks
2015-11-09 21:30:43 ----SHD---- C:\System Volume Information
2015-11-05 09:26:34 ----HD---- C:\Program Files\WindowsApps
2015-11-05 09:26:34 ----D---- C:\windows\AppReadiness
2015-10-30 10:42:23 ----D---- C:\Users\User\AppData\Roaming\Apple Computer
2015-10-30 10:32:16 ----D---- C:\Program Files\Common Files\Apple
2015-10-24 11:05:03 ----D---- C:\windows\system32\wdi
2015-10-22 16:07:39 ----RSD---- C:\windows\Media
2015-10-22 16:07:21 ----D---- C:\windows\twain_32
2015-10-22 14:59:58 ----A---- C:\windows\BRWMARK.INI
2015-10-21 11:27:16 ----D---- C:\windows\system32\config
2015-10-21 10:15:42 ----D---- C:\windows\WinSxS
2015-10-20 18:59:04 ----D---- C:\windows\CbsTemp
2015-10-20 16:50:07 ----SD---- C:\windows\system32\CompatTel
2015-10-20 16:50:07 ----D---- C:\windows\system32\appraiser
2015-10-20 16:50:07 ----D---- C:\windows\apppatch
2015-10-17 14:31:58 ----SHD---- C:\$RECYCLE.BIN
2015-10-16 12:28:13 ----D---- C:\windows\system32\MRT
2015-10-16 12:20:05 ----A---- C:\windows\system32\MRT.exe
2015-10-16 05:51:29 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2015-10-15 18:52:08 ----D---- C:\windows\rescache
2015-10-15 12:54:43 ----D---- C:\windows\system32\DriverStore
2015-10-14 12:48:19 ----D---- C:\ProgramData\Lenovo
2015-10-14 12:47:59 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-10-14 12:47:55 ----D---- C:\Program Files (x86)\Lenovo
2015-10-14 12:35:35 ----D---- C:\windows\system32\en-US
2015-10-14 12:35:35 ----D---- C:\windows\system32\cs-CZ
2015-10-14 12:35:35 ----D---- C:\windows\system32\CodeIntegrity
2015-10-14 12:35:34 ----RD---- C:\windows\ToastData
2015-10-14 12:35:32 ----D---- C:\windows\system32\Boot
2015-10-14 12:35:32 ----D---- C:\Program Files\Internet Explorer
2015-10-14 12:35:32 ----D---- C:\Program Files (x86)\Internet Explorer
2015-10-14 12:35:24 ----D---- C:\ProgramData\Microsoft Help
2015-10-14 12:33:37 ----A---- C:\windows\win.ini
2015-10-14 10:50:14 ----D---- C:\windows\system32\catroot2
2015-10-11 10:59:33 ----RSD---- C:\windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTATH_BUS;@oem15.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\windows\System32\drivers\btath_bus.sys [2014-02-26 35016]
R1 pfmfs_853;pfmfs_853; C:\windows\system32\Drivers\pfmfs_853.sys [2013-04-10 251128]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\windows\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R3 ACPIVPC;@oem40.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\windows\System32\drivers\AcpiVpc.sys [2014-08-12 35576]
R3 AthBTPort;@oem18.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\windows\system32\DRIVERS\btath_flt.sys [2014-02-26 89800]
R3 athr;@oem12.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athwbx.sys [2014-03-07 3892224]
R3 BTATH_A2DP;@oem17.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\windows\system32\drivers\btath_a2dp.sys [2014-02-26 355528]
R3 btath_avdt;@oem17.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\windows\system32\drivers\btath_avdt.sys [2014-02-26 118984]
R3 BTATH_HCRP;@oem20.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\windows\System32\drivers\btath_hcrp.sys [2014-02-26 179432]
R3 BTATH_LWFLT;@oem22.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\windows\system32\DRIVERS\btath_lwflt.sys [2014-02-26 77464]
R3 BTATH_RCP;@oem24.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\windows\System32\drivers\btath_rcp.sys [2014-02-26 137928]
R3 BtFilter;BtFilter; C:\windows\system32\DRIVERS\btfilter.sys [2014-02-26 598216]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\windows\System32\drivers\BthEnum.sys [2014-10-29 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\windows\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\windows\System32\drivers\bthpan.sys [2015-07-10 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2014-03-07 3729920]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2014-03-04 3882456]
R3 IntcDAud;@oem5.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2014-03-07 450520]
R3 iwdbus;@oem8.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\windows\System32\drivers\iwdbus.sys [2014-03-01 27032]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\System32\drivers\rfcomm.sys [2015-01-30 167424]
R3 RTL8168;@oem11.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\windows\system32\DRIVERS\Rt630x64.sys [2013-12-18 839896]
R3 rtsuvc;@oem28.inf,%rtsuvc.DeviceDesc%;Lenovo EasyCamera; C:\windows\system32\DRIVERS\rtsuvc.sys [2014-01-21 9105624]
R3 SmbDrvI;SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-02-25 34544]
R3 SynTP;@oem14.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2014-02-25 532720]
R3 TXEIx64;@oem4.inf,%TEE_SvcDesc%;Intel(R) Trusted Execution Engine Interface ; C:\windows\System32\drivers\TXEIx64.sys [2014-01-15 88592]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\windows\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2015-05-11 1201664]
S3 e1iexpress;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\windows\system32\DRIVERS\e1i63x64.sys [2013-06-18 460288]
S3 GeneStor;@oem10.inf,%GENESTOR.SvcDesc%;Genesys Logic Storage Driver; C:\windows\System32\drivers\GeneStor.sys [2014-04-17 111336]
S3 intaud_WaveExtensible;@oem7.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\windows\system32\drivers\intelaud.sys [2014-03-01 38296]
S3 NETwNe64;@netwew02.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\windows\system32\DRIVERS\NETwew02.sys [2013-06-18 4649440]
S3 USBAAPL64;@oem42.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys [2015-06-10 54784]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2014-10-29 44544]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
S4 RsFx0153;RsFx0153 Driver; C:\windows\system32\DRIVERS\RsFx0153.sys [2015-03-29 322736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-07 77104]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2014-02-26 319104]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\windows\System32\svchost.exe [2014-10-29 38792]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\windows\system32\igfxCUIService.exe [2014-03-12 282096]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 Lenovo System Agent Service;Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [2014-05-22 584960]
R2 LenovoRecommends.AppService;LenovoRecommends.AppService; C:\Program Files (x86)\Lenovo\Lenovo Recommends\Service\x64\LenovoRecommends.AppService.exe [2014-01-10 19440]
R2 LenovoWiFiHotspotSvr;Lenovo WiFiHotspot Service; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [2014-08-12 198192]
R2 LsvUIService;LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [2014-08-12 70416]
R2 LUService;LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [2014-02-18 38896]
R2 MSSQL$ELISKA4CLIENT;SQL Server (ELISKA4CLIENT); c:\Program Files (x86)\eLiska4\MSSQL10_50.ELISKA4CLIENT\MSSQL\Binn\sqlservr.exe [2015-03-29 62382256]
R2 PhoneCompanionPusher;Lenovo PhoneCompanionPusher Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [2014-08-12 288240]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-04-24 390632]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-04-03 146272]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2014-03-18 43696]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01 107848]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\windows\System32\svchost.exe [2014-10-29 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2014-03-12 279024]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01 107848]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2015-10-16 644880]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 30814400]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PhoneCompanionVap;Lenovo PhoneCompanionVap Service; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [2014-08-12 308720]
S3 TESHelper;TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [2014-08-12 104696]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
S4 SQLAgent$ELISKA4CLIENT;SQL Server Agent (ELISKA4CLIENT); c:\Program Files (x86)\eLiska4\MSSQL10_50.ELISKA4CLIENT\MSSQL\Binn\SQLAGENT.EXE [2015-03-29 442536]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2015-03-29 278704]

-----------------EOF-----------------

Re: Virus - trojský kůň

Napsal: 10 lis 2015 20:51
od Márty84
Zdravim :)

:arrow: Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

:arrow: Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce


P-e-tula píše:Další problém je že mi nejde připojit se k internetu doma.
:???: Jinde se pripojite normalne?

Re: Virus - trojský kůň

Napsal: 10 lis 2015 21:06
od P-e-tula
Posílám log z AdwCleaner .. ten druhý pošlu za chvíli


# AdwCleaner v5.019 - Logfile created 10/11/2015 at 21:02:12
# Updated 08/11/2015 by Xplode
# Database : 2015-11-09.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : User - LENOVO-PC
# Running from : C:\Users\User\Desktop\adwcleaner_5.019.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\EvilLyrics
[-] Folder Deleted : C:\ProgramData\pokki
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EvilLyrics
[-] Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EvilLyrics
[#] Folder Deleted : C:\windows\SysNative\Tasks\pokki

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Pokki

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\APPID\VISUALDISCOVERY.EXE
[-] Key Deleted : HKCU\Software\fd7a2b5f53dba50c2b3282b3e0f77e06
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{053957FE-CB0A-11D0-8988-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF469F02-13E3-11D1-8988-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{053957FD-CB0A-11D0-8988-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{053957F0-CB0A-11D0-8988-444553540000}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{053957FD-CB0A-11D0-8988-444553540000}
[-] Key Deleted : HKCU\Software\SweetLabs App Platform
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EvilLyrics
[-] Key Deleted : [x64] HKLM\SOFTWARE\Description
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5369 bytes] ##########

Re: Virus - trojský kůň

Napsal: 10 lis 2015 21:12
od Márty84
P-e-tula píše:ten druhý pošlu za chvíli
To nevim, test nekdy trva i nekolik hodin :D Ale nekdy je rychly, tak uvidime. Kazdopadne, kdybych uz vecer neodpovedel, pokud to bude mozne, MBAM nezavirejte a nechte pc bezet, odpovim rano. Jinak budete muset pro smazani pripadnych nalezu test zopakovat :-)

Re: Virus - trojský kůň

Napsal: 10 lis 2015 21:39
od P-e-tula
Několik hodin? :shock: proč jste to nenapsal dřív? :D no dobrá.. běží poslední část, tak uvidím.. kdyžtak to sem přidám ráno, zavírat to rozhodně nebudu.. jinak.. problém s wi-fi vyřešen.. stačil restart :|

Re: Virus - trojský kůň

Napsal: 11 lis 2015 07:37
od Márty84
P-e-tula píše:jinak.. problém s wi-fi vyřešen.. stačil restart :|
Vyborne, to je dobra zprava :-)

P-e-tula píše:proč jste to nenapsal dřív? :D
Nechtel jsem pokazit prekvapeni :lol:

P-e-tula píše:kdyžtak to sem přidám ráno
Pokud tu nedate log do plus minus 8:15, napisu az vecer, protoze odchazim do prace a tam se k pc nedostanu.

Re: Virus - trojský kůň

Napsal: 11 lis 2015 09:02
od P-e-tula
Nestihla jsem to..nevadí :)

tady je log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 10.11.2015
Čas skenování: 21:10
Protokol: log malware.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.11.10.07
Databáze rootkitů: v2015.11.04.02
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: User

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 559122
Uplynulý čas: 3 hod, 2 min, 20 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 1
Trojan.Agent.CK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{36407501-11B6-A3E4-F588-2AFBF152200A}_is1, , [7be4215b0388989e0a3665df1ee5847c],

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 3
Trojan.Agent.CK, C:\Program Files (x86)\WinRAR 3.93 pln verze CZ x86 a x64 + CRACK, , [7be4215b0388989e0a3665df1ee5847c],
Trojan.Agent.BCM, C:\Windows\Inf\mncdcjud, , [045b592339527abc11672d1e1ce6ab55],
Trojan.Agent.BCM, C:\Windows\Inf\mncdcjud\bitstreams, , [045b592339527abc11672d1e1ce6ab55],

Soubory: 19
Trojan.BitCoinMiner, C:\Windows\Inf\mncdcjud\mncdcjud.exe, , [f8676b111b701a1c47ea9658dc252fd1],
Trojan.Agent.CK, C:\Program Files (x86)\WinRAR 3.93 pln verze CZ x86 a x64 + CRACK\unins000.dat, , [7be4215b0388989e0a3665df1ee5847c],
Trojan.Agent.CK, C:\Program Files (x86)\WinRAR 3.93 pln verze CZ x86 a x64 + CRACK\unins000.exe, , [7be4215b0388989e0a3665df1ee5847c],
Trojan.Agent.CK, C:\Program Files (x86)\WinRAR 3.93 pln verze CZ x86 a x64 + CRACK\WinRAR 3.93 pln verze CZ x86 a x64 + CRACK.zip, , [7be4215b0388989e0a3665df1ee5847c],
PUP.Optional.VisualDiscovery, C:\Windows\Temp\VisualDiscovery.log, , [e57afa828cff4fe7e15e049427dcb848],
PUP.Optional.VisualDiscovery, C:\Windows\Temp\VisualDiscoveryr.log, , [ea75abd1276490a664dcf3a5a45fe818],
Trojan.Agent.BCM, C:\Windows\Inf\mncdcjud\diablo130302.cl, , [045b592339527abc11672d1e1ce6ab55],
Trojan.Agent.BCM, C:\Windows\Inf\mncdcjud\diakgcn121016.cl, , [045b592339527abc11672d1e1ce6ab55],
Trojan.Agent.BCM, C:\Windows\Inf\mncdcjud\libcurl-4.dll, , [045b592339527abc11672d1e1ce6ab55],
Trojan.Agent.BCM, C:\Windows\Inf\mncdcjud\libeay32.dll, , [045b592339527abc11672d1e1ce6ab55],
Trojan.Agent.BCM, C:\Windows\Inf\mncdcjud\libidn-11.dll, , [045b592339527abc11672d1e1ce6ab55],
Trojan.Agent.BCM, C:\Windows\Inf\mncdcjud\librtmp.dll, , [045b592339527abc11672d1e1ce6ab55],
Trojan.Agent.BCM, C:\Windows\Inf\mncdcjud\libssh2.dll, , [045b592339527abc11672d1e1ce6ab55],
Trojan.Agent.BCM, C:\Windows\Inf\mncdcjud\phatk121016.cl, , [045b592339527abc11672d1e1ce6ab55],
Trojan.Agent.BCM, C:\Windows\Inf\mncdcjud\poclbm130302.cl, , [045b592339527abc11672d1e1ce6ab55],
Trojan.Agent.BCM, C:\Windows\Inf\mncdcjud\scrypt130511.cl, , [045b592339527abc11672d1e1ce6ab55],
Trojan.Agent.BCM, C:\Windows\Inf\mncdcjud\ssleay32.dll, , [045b592339527abc11672d1e1ce6ab55],
Trojan.Agent.BCM, C:\Windows\Inf\mncdcjud\zlib1.dll, , [045b592339527abc11672d1e1ce6ab55],
Trojan.Agent.BCM, C:\Windows\Inf\mncdcjud\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [045b592339527abc11672d1e1ce6ab55],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Re: Virus - trojský kůň

Napsal: 11 lis 2015 21:01
od Márty84
Pekna sbirka :boxed:


Vsechny nalezy nechte odstranit. Po odstraneni a restartu pc test s MBAM zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.

Re: Virus - trojský kůň

Napsal: 11 lis 2015 21:11
od P-e-tula
Taky mě to trochu vyděsilo :o .. nicméně.. smazala jsem to a nyní jsem spustila další scan.

Re: Virus - trojský kůň

Napsal: 11 lis 2015 21:16
od Márty84
P-e-tula píše:smazala jsem to a nyní jsem spustila další scan.
:thumbsup:

Re: Virus - trojský kůň

Napsal: 12 lis 2015 10:18
od P-e-tula
Tak jo, druhý scan byl naprosto čistý :idea: .. po zapnutí windows mi ale stále naskakuje stejná tabulka - viz. příloha

Re: Virus - trojský kůň

Napsal: 12 lis 2015 10:45
od JaRon
zaskocim jednorazovo:
vloz kolegovi log FRST - bude to treba este docistit :)

Re: Virus - trojský kůň

Napsal: 12 lis 2015 10:58
od P-e-tula
Děkuji, provedu :)

Re: Virus - trojský kůň

Napsal: 12 lis 2015 11:15
od P-e-tula
LOG FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by User (administrator) on LENOVO-PC (12-11-2015 11:10:37)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
() C:\Program Files (x86)\Lenovo\Lenovo Recommends\Service\x64\LenovoRecommends.AppService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(Microsoft Corporation) C:\Program Files (x86)\eLiska4\MSSQL10_50.ELISKA4CLIENT\MSSQL\Binn\sqlservr.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(http://www.logos.cz) C:\Program Files (x86)\eLiska4\eLiska.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
() C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
() C:\Model\cmssservice\cmssservice.exe
(Oracle Corporation) C:\Model\java\bin\java.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-01-21] (Realtek semiconductor)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-08-12] ()
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-08-12] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-08-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2014-08-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [Lenovo Recommends] => C:\Program Files (x86)\Lenovo\Lenovo Recommends\Lenovo Recommends.exe [119280 2014-01-10] (Lenovo)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-789525210-3307182626-2393355962-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-789525210-3307182626-2393355962-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-789525210-3307182626-2393355962-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-789525210-3307182626-2393355962-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-789525210-3307182626-2393355962-1001\...\RunOnce: [Application Restart #3] => C:\Users\User\AppData\Local\Pokki\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-clie (the data entry has 569 more characters).
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers: [{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}] -> {4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B} => C:\windows\system32\pfmshx_853.dll [2013-04-10] (Pismo Technic Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}] -> {4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B} => C:\windows\SysWow64\pfmshx_853.dll [2013-04-10] (Pismo Technic Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\addToTrustedSites.vbs [2013-11-04] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cmssservice.lnk [2015-10-01]
ShortcutTarget: cmssservice.lnk -> C:\Model\cmssservice\cmssservice.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\runModel.vbs [2013-05-15] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9CE42EDD-626A-4BE9-B5A7-038A7B2EA4E1}: [DhcpNameServer] 172.168.130.2
Tcpip\..\Interfaces\{C29E1424-C679-425D-844F-C8D9D838B717}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-789525210-3307182626-2393355962-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130906720400365939&GUID=5864AB8E-8855-43B3-931E-ED7886F6223B
HKU\S-1-5-21-789525210-3307182626-2393355962-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-789525210-3307182626-2393355962-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-789525210-3307182626-2393355962-1001 -> DefaultScope {1A699E11-5CDA-4037-861D-7A23910CAF09} URL =
SearchScopes: HKU\S-1-5-21-789525210-3307182626-2393355962-1001 -> {1A699E11-5CDA-4037-861D-7A23910CAF09} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-789525210-3307182626-2393355962-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-01]
CHR Extension: (Dokumenty Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-01]
CHR Extension: (Disk Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Vyhledávání Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Tabulky Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-01]
CHR Extension: (Záložky na iCloudu) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-10-30]
CHR Extension: (Dokumenty Google offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-01]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoRecommends.AppService; C:\Program Files (x86)\Lenovo\Lenovo Recommends\Service\x64\LenovoRecommends.AppService.exe [19440 2014-01-10] ()
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-08-12] (Lenovo(beijing) Limited)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-08-12] (Lenovo)
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSSQL$ELISKA4CLIENT; c:\Program Files (x86)\eLiska4\MSSQL10_50.ELISKA4CLIENT\MSSQL\Binn\sqlservr.exe [62382256 2015-03-29] (Microsoft Corporation)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-08-12] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2014-08-12] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S4 SQLAgent$ELISKA4CLIENT; c:\Program Files (x86)\eLiska4\MSSQL10_50.ELISKA4CLIENT\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-29] (Microsoft Corporation)
S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2014-08-12] (Lenovo)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2014-08-12] (Lenovo)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-26] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [111336 2014-04-17] (GenesysLogic)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 pfmfs_853; C:\Windows\System32\Drivers\pfmfs_853.sys [251128 2013-04-10] (Pismo Technic Inc.)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2015-03-29] (Microsoft Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9105624 2014-01-21] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-02-25] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 11:10 - 2015-11-12 11:11 - 00024008 _____ C:\Users\User\Desktop\FRST.txt
2015-11-12 11:10 - 2015-11-12 11:10 - 00000000 ____D C:\FRST
2015-11-12 11:06 - 2015-11-12 11:06 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
2015-11-12 10:59 - 2015-11-12 11:00 - 02198528 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-11-11 15:53 - 2015-11-11 15:54 - 00000000 ____D C:\Users\User\Desktop\Viry
2015-11-11 05:41 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 05:41 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 05:41 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 05:41 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 05:41 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 05:41 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-11 05:41 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-11 05:41 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-11 05:41 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-11-11 05:41 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-11 05:41 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 05:41 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 05:41 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 05:41 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 05:41 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-11 05:41 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-11-11 05:41 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-11 05:41 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-11 05:41 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 05:41 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 05:41 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-11 05:41 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-11 05:41 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-11 05:41 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 05:41 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 05:41 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 05:41 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 05:41 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-11-11 05:41 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 05:41 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 05:41 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 05:41 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-11 05:41 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-11 05:41 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-11 05:41 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-11 05:41 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 05:41 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-11 05:41 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 05:41 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-11-11 05:41 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-11-11 05:41 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-11-11 05:41 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-11-11 05:41 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 05:41 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 05:41 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 05:41 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-11 05:41 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 05:41 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-11 05:41 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2015-11-11 05:41 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2015-11-11 05:41 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 05:41 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 05:41 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 05:41 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 05:41 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-11-11 05:41 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 05:41 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 05:41 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-11-11 05:41 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-11 05:41 - 2015-09-29 13:24 - 00155480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2015-11-11 05:41 - 2015-09-12 14:47 - 00414559 _____ C:\windows\system32\ApnDatabase.xml
2015-11-11 05:41 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-11-11 05:41 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-11-11 05:41 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-11-11 05:41 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys
2015-11-11 05:41 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2015-11-11 05:41 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-11-11 05:41 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-11-11 05:41 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2015-11-11 05:41 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2015-11-11 05:40 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-11 05:40 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2015-11-11 05:40 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2015-11-11 05:40 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2015-11-11 05:40 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2015-11-11 05:40 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 05:40 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2015-11-11 05:40 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2015-11-10 21:09 - 2015-11-11 21:13 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-10 21:08 - 2015-11-10 21:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-10 21:08 - 2015-11-10 21:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-10 21:08 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-11-10 21:08 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-11-10 21:08 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-11-10 21:07 - 2015-11-10 21:07 - 22908888 _____ (Malwarebytes ) C:\Users\User\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-10 20:56 - 2015-11-10 21:02 - 00000000 ____D C:\AdwCleaner
2015-11-10 19:56 - 2015-11-10 20:20 - 00000000 ____D C:\Program Files\trend micro
2015-11-10 19:56 - 2015-11-10 20:05 - 00000000 ____D C:\rsit
2015-11-10 19:55 - 2015-11-10 19:56 - 01222144 _____ C:\Users\User\Downloads\RSITx64.exe
2015-11-10 15:00 - 2015-11-10 15:00 - 00005097 _____ C:\Users\User\Downloads\Sabina Harajová.m8x
2015-11-10 13:07 - 2015-11-10 13:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-10 13:07 - 2015-11-10 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-10 13:06 - 2015-11-10 13:06 - 00003160 _____ C:\windows\System32\Tasks\{0534493F-834E-45B2-BB69-DDFBD0D6537E}
2015-11-10 11:06 - 2015-11-10 11:06 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-10 10:46 - 2015-11-10 10:46 - 00000283 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Koš.lnk
2015-11-10 10:34 - 2015-11-10 10:35 - 55461968 _____ C:\Users\User\Downloads\SkypeSetupFull.exe
2015-11-09 21:53 - 2015-11-09 21:53 - 00000000 ____D C:\Users\User\AppData\Roaming\AVG
2015-11-09 21:51 - 2015-11-09 23:13 - 00000000 ___HD C:\$AVG
2015-11-09 21:51 - 2015-11-09 21:51 - 00000000 ____D C:\Users\User\AppData\Roaming\TuneUp Software
2015-11-09 21:49 - 2015-11-09 23:16 - 00000000 ____D C:\ProgramData\MFAData
2015-11-09 21:49 - 2015-11-09 21:49 - 00000000 ____D C:\Users\User\AppData\Local\MFAData
2015-11-09 21:48 - 2015-11-09 21:51 - 00000000 ____D C:\ProgramData\Avg
2015-11-09 21:46 - 2015-11-09 23:16 - 00000000 ____D C:\Users\User\AppData\Local\Avg
2015-11-09 21:46 - 2015-11-09 23:14 - 00000000 ____D C:\Users\User\AppData\Local\AvgSetupLog
2015-11-09 21:46 - 2015-11-09 21:46 - 02894552 _____ (AVG Technologies) C:\Users\User\Downloads\AVG_Antivirus_Free_1103.exe
2015-11-09 21:31 - 2015-11-09 21:33 - 00000000 ____D C:\ProgramData\STOPzilla!
2015-11-09 21:31 - 2015-11-09 21:31 - 00000000 ____D C:\Program Files (x86)\iS3
2015-11-09 21:27 - 2015-11-09 21:28 - 02042328 _____ (iS3, Inc.) C:\Users\User\Downloads\STOPzillaPRO_Downloader.exe
2015-11-09 20:52 - 2015-11-09 20:52 - 00003276 _____ C:\windows\System32\Tasks\WindowsUpda2ta
2015-11-06 19:13 - 2015-11-06 19:13 - 00000000 ____D C:\Users\User\AppData\Local\IsolatedStorage
2015-11-06 18:35 - 2015-11-06 18:41 - 00000000 ____D C:\Users\User\AppData\Local\ČSOB_Pojišťovna,_a.s
2015-11-03 12:50 - 2015-11-03 14:08 - 00389632 _____ C:\Users\User\Desktop\uverova a sporici kalkulacka od 26 10 2015.xls
2015-11-03 09:44 - 2015-11-03 09:44 - 00000000 ____D C:\Users\User\Downloads\objednavka_390695
2015-11-02 20:49 - 2015-11-02 22:24 - 1703779868 _____ C:\Users\User\Downloads\Martan--(Martian)-2015-cz-titulky-vloz.mp4
2015-11-02 19:20 - 2015-11-02 19:20 - 00001062 _____ C:\Users\User\Desktop\EvilLyrics.lnk
2015-11-02 19:19 - 2015-11-02 19:19 - 00848493 _____ C:\Users\User\Downloads\evillyrics_setup.exe
2015-11-01 19:21 - 2015-11-01 19:36 - 231229380 _____ C:\Users\User\Downloads\The.Big.Bang.Theory.S09E03-+CZ-tit.vloženy.avi
2015-11-01 19:10 - 2015-11-01 19:21 - 180895744 _____ C:\Users\User\Downloads\The.Big.Bang.Theory.S09E04.The.2003.Approximation.HDTV.XviD.CZtit.avi
2015-10-30 10:41 - 2015-11-12 10:19 - 00000000 ____D C:\Users\User\AppData\Local\5D1F9447-A25A-434E-B17E-7C045F50AEB7.aplzod
2015-10-30 10:41 - 2015-11-12 10:14 - 00000000 ___RD C:\Users\User\iCloudDrive
2015-10-30 10:41 - 2015-10-30 10:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2015-10-30 10:41 - 2015-10-30 10:41 - 00000000 ____D C:\Users\User\AppData\Local\Apple Inc
2015-10-30 10:32 - 2015-10-30 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-10-30 10:25 - 2015-10-30 10:28 - 125138200 _____ (Apple Inc.) C:\Users\User\Downloads\icloudsetup.exe
2015-10-28 12:59 - 2015-10-28 13:36 - 540390516 _____ C:\Users\User\Downloads\Ulice-2903.dil-28.10.2015.avi
2015-10-27 12:06 - 2015-10-27 12:06 - 00000000 ____D C:\Users\User\AppData\LocalLow\Unity
2015-10-27 12:06 - 2015-10-27 12:06 - 00000000 ____D C:\Users\User\AppData\Local\Unity
2015-10-27 11:51 - 2015-10-27 12:57 - 00000000 ____D C:\Users\User\Downloads\Enya---Best-of-Enya
2015-10-24 20:41 - 2015-10-24 20:41 - 00087110 _____ C:\Users\User\Downloads\stažený soubor.htm
2015-10-24 10:35 - 2015-10-24 10:35 - 00001776 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-24 10:35 - 2015-10-24 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-24 10:34 - 2015-10-24 10:34 - 00000000 ____D C:\Program Files\iTunes
2015-10-24 10:34 - 2015-10-24 10:34 - 00000000 ____D C:\Program Files\iPod
2015-10-24 10:34 - 2015-10-24 10:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-22 16:08 - 2015-10-22 16:08 - 00000000 ___HD C:\ProgramData\CanonBJ
2015-10-22 14:36 - 2015-10-22 14:36 - 00000000 ___RD C:\Users\User\AppData\Roaming\Brother
2015-10-16 14:20 - 2015-10-16 19:46 - 00000000 ____D C:\Users\User\Desktop\Renča
2015-10-15 16:10 - 2015-10-15 16:10 - 00000000 ___HD C:\Users\User\Downloads\.picasaoriginals
2015-10-15 16:07 - 2015-10-15 16:10 - 00000063 ____H C:\Users\User\Downloads\.picasa.ini
2015-10-15 14:57 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-10-15 14:57 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-10-15 14:57 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-10-15 14:57 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-10-15 14:57 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-10-15 14:57 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-10-15 14:57 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-10-15 12:54 - 2010-08-25 04:00 - 00361472 _____ (CANON INC.) C:\windows\system32\CNMLMA9.DLL
2015-10-15 12:54 - 2010-03-18 18:26 - 00348672 _____ (CANON INC.) C:\windows\system32\CNC495L.dll
2015-10-15 12:54 - 2010-03-18 18:25 - 00307200 _____ (CANON INC.) C:\windows\SysWOW64\CNC495L.dll
2015-10-15 12:54 - 2010-03-18 16:13 - 01354240 _____ (CANON INC.) C:\windows\system32\CNC495C.dll
2015-10-15 12:54 - 2010-03-18 16:13 - 00112128 _____ (CANON INC.) C:\windows\system32\CNC495I.dll
2015-10-15 12:54 - 2010-03-18 16:11 - 00106496 _____ (CANON INC.) C:\windows\SysWOW64\CNC495U.dll
2015-10-15 12:54 - 2009-11-13 13:35 - 00012800 _____ C:\windows\SysWOW64\CNC1747D.TBL
2015-10-15 12:54 - 2008-08-25 17:02 - 00017920 _____ (CANON INC.) C:\windows\system32\CNHMCA6.dll
2015-10-15 12:54 - 2008-08-25 17:02 - 00015872 _____ (CANON INC.) C:\windows\SysWOW64\CNHMCA.dll
2015-10-14 13:44 - 2015-08-06 17:47 - 04710400 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2015-10-14 13:44 - 2015-08-06 17:18 - 04068352 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2015-10-14 13:42 - 2015-08-07 22:40 - 01134752 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-10-14 13:42 - 2015-08-07 22:40 - 00686960 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-10-14 13:41 - 2015-08-07 22:40 - 00507176 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-10-14 13:41 - 2015-08-07 15:13 - 00862720 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-10-14 13:40 - 2015-08-06 18:05 - 00669184 _____ (Microsoft Corporation) C:\windows\system32\hhctrl.ocx
2015-10-14 13:40 - 2015-08-06 17:37 - 00536576 _____ (Microsoft Corporation) C:\windows\SysWOW64\hhctrl.ocx
2015-10-14 13:39 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2015-10-14 13:39 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2015-10-14 13:39 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:39 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:39 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\NcdAutoSetup.dll
2015-10-14 10:56 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\windows\system32\bdesvc.dll
2015-10-14 10:56 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2015-10-14 10:56 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-10-14 10:56 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-10-14 10:56 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-10-14 10:56 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-10-14 10:55 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-10-14 10:55 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-10-14 10:55 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-10-14 10:55 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-10-14 10:55 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-10-14 10:55 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-10-14 10:54 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-10-14 10:54 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-10-14 10:54 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-10-14 10:54 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-10-14 10:54 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-10-14 10:54 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-10-14 10:54 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-10-14 10:54 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-10-14 10:54 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-10-14 10:54 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 11:10 - 2015-10-01 15:07 - 00000000 ____D C:\Users\User\Documents\Soubory aplikace Outlook
2015-11-12 11:06 - 2015-10-01 15:23 - 00000000 ____D C:\Users\User\AppData\Local\ClassicShell
2015-11-12 11:00 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\sru
2015-11-12 10:36 - 2014-08-12 05:29 - 01870809 _____ C:\windows\WindowsUpdate.log
2015-11-12 10:17 - 2015-10-04 15:41 - 00988672 ___SH C:\Users\User\Desktop\Thumbs.db
2015-11-12 10:14 - 2015-10-01 15:13 - 00000000 __RDO C:\Users\User\OneDrive
2015-11-12 05:59 - 2015-09-21 10:45 - 00003970 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{FEF4331C-D138-4AAD-BF47-8C487C72EFE4}
2015-11-12 01:02 - 2015-09-21 19:08 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-789525210-3307182626-2393355962-1001
2015-11-11 21:08 - 2013-08-22 15:46 - 00030002 _____ C:\windows\setupact.log
2015-11-11 21:08 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-11 21:08 - 2013-08-22 15:44 - 00491704 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-11 21:07 - 2014-03-18 10:44 - 00040452 _____ C:\windows\PFRO.log
2015-11-11 21:06 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ToastData
2015-11-11 20:44 - 2015-10-04 16:36 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-11-11 15:51 - 2015-10-01 17:10 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2015-11-11 09:27 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2015-11-11 09:26 - 2015-10-01 14:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 09:16 - 2015-10-01 21:31 - 00000000 ____D C:\windows\system32\MRT
2015-11-11 09:08 - 2015-10-01 21:31 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-10 21:05 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\NDF
2015-11-10 19:40 - 2015-09-21 19:04 - 00000000 ____D C:\Users\User\Documents\Bluetooth Folder
2015-11-10 19:30 - 2015-10-04 10:53 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2015-11-10 18:16 - 2015-10-01 18:26 - 00000000 ____D C:\Program Files (x86)\eLiska4
2015-11-10 15:18 - 2015-10-04 16:35 - 00000000 ____D C:\ProgramData\Skype
2015-11-10 15:00 - 2015-10-04 12:09 - 00594944 ___SH C:\Users\User\Downloads\Thumbs.db
2015-11-10 09:48 - 2014-08-12 06:13 - 00805266 _____ C:\windows\system32\perfh005.dat
2015-11-10 09:48 - 2014-08-12 06:13 - 00176282 _____ C:\windows\system32\perfc005.dat
2015-11-10 09:48 - 2014-03-18 10:53 - 01929746 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-09 23:13 - 2013-08-22 16:36 - 00000000 ___HD C:\windows\ELAMBKUP
2015-11-09 22:36 - 2015-10-02 08:22 - 00000000 ____D C:\Users\User\Documents\Programy
2015-11-09 22:25 - 2015-10-02 08:19 - 00000000 ____D C:\INVOZ
2015-11-09 21:56 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-11-09 20:59 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-11-06 20:13 - 2015-10-01 16:21 - 00000000 ____D C:\Users\User\Desktop\LIŠKA
2015-11-06 19:14 - 2015-10-02 09:57 - 00000000 ____D C:\Users\User\Documents\CSOBPSmlouvy
2015-11-06 11:18 - 2015-10-05 14:21 - 00000806 _____ C:\windows\SysWOW64\scan.log
2015-11-05 09:26 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2015-11-03 01:23 - 2013-08-22 16:38 - 00810488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-03 01:23 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-01 21:56 - 2015-10-01 16:14 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-30 10:42 - 2015-10-01 16:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Apple Computer
2015-10-30 10:41 - 2015-10-01 16:52 - 00000000 ____D C:\Users\User\AppData\Local\Apple
2015-10-30 10:33 - 2015-10-01 16:54 - 00000000 ____D C:\Users\User\AppData\Local\Apple Computer
2015-10-30 10:32 - 2015-10-01 16:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-29 20:55 - 2015-10-01 16:13 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-23 13:31 - 2015-10-01 14:50 - 00000000 ____D C:\Users\User\AppData\Local\Microsoft Help
2015-10-22 16:13 - 2015-09-21 19:02 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2015-10-22 16:07 - 2013-08-22 16:36 - 00000000 __RSD C:\windows\Media
2015-10-22 14:59 - 2015-10-02 08:11 - 00000423 _____ C:\windows\BRWMARK.INI
2015-10-20 16:50 - 2015-10-02 07:38 - 00000000 ___SD C:\windows\system32\CompatTel
2015-10-20 16:50 - 2015-10-02 07:38 - 00000000 ____D C:\windows\system32\appraiser
2015-10-16 08:57 - 2015-10-01 14:48 - 00000000 ____D C:\Users\User\AppData\Local\Google
2015-10-15 18:52 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2015-10-14 12:48 - 2014-08-12 07:00 - 00000000 ____D C:\ProgramData\Lenovo
2015-10-14 12:47 - 2014-08-12 06:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-10-14 12:47 - 2014-08-12 06:58 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-10-14 12:47 - 2014-08-12 06:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-14 12:33 - 2013-08-22 14:25 - 00000167 _____ C:\windows\win.ini
2015-10-13 08:07 - 2015-10-06 19:49 - 00000000 ___HD C:\Users\User\Desktop\.picasaoriginals

==================== Files in the root of some directories =======

2015-09-21 11:40 - 2015-09-21 11:40 - 0000041 _____ () C:\Program Files\smaple.txt
2014-08-12 06:14 - 2014-08-12 06:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\0068181443705764mcinst.exe
C:\Users\User\AppData\Local\Temp\oct1CAC.tmp.exe
C:\Users\User\AppData\Local\Temp\oct7752.tmp.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\User\Desktop" je 2345 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Virus - trojský kůň

Napsal: 12 lis 2015 11:27
od JaRon
pokial Ti kolega napise zaverecy upratovaci script - poupratuj plochu :)
Velikost slozky "C:\Users\User\Desktop" je 2345 MB.
tato zlozka by nemala presiahnut 300MB
Všechny časy jsou v UTC+01:00
Stránka 1 z 6

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz