Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2017 01
Ran by T420 (administrator) on xxx-T420 (19-04-2017 19:04:23)
Running from C:\Users\T420\Desktop
Loaded Profiles: T420 (Available Profiles: T420 & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(KeepSolid Inc.) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Flux Software LLC) C:\Users\T420\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\T420\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\T420\AppData\Roaming\Spotify\Spotify.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\T420\AppData\Roaming\Spotify\Spotify.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
(KeepSolid Inc.) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
(Spotify Ltd) C:\Users\T420\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\T420\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(BitTorrent Inc.) C:\Users\T420\AppData\Roaming\uTorrent\updates\3.5.0_43580.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(BitTorrent Inc.) C:\Users\T420\AppData\Roaming\uTorrent\updates\updates\3.5.0_43580\utorrentie.exe
(BitTorrent Inc.) C:\Users\T420\AppData\Roaming\uTorrent\updates\updates\3.5.0_43580\utorrentie.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Vivaldi Technologies AS) C:\Users\T420\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\T420\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\T420\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\T420\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\T420\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\T420\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\T420\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\T420\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\T420\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\T420\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\T420\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\T420\AppData\Local\Vivaldi\Application\vivaldi.exe
(Apple Inc.) C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
(Blizzard Entertainment) C:\Hry\StarCraft\StarCraft.exe
() C:\Hry\StarCraft\cef\SceneCefBrowser.exe
(forum.viry.cz) C:\Users\T420\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TPFanControl] => C:\Program Files\TPFanControl\TPFanControl.exe [154624 2015-01-04] (troubadix)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4730616 2015-05-26] (BlackBerry Limited)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-07-02] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\Run: [f.lux] => C:\Users\T420\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\Run: [Spotify Web Helper] => C:\Users\T420\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-23] (Spotify Ltd)
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\Run: [VPN Unlimited] => C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-launcher.exe [399704 2016-12-21] (KeepSolid Inc.)
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\Run: [Spotify] => C:\Users\T420\AppData\Roaming\Spotify\Spotify.exe [7089776 2017-03-23] (Spotify Ltd)
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\MountPoints2: E - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\MountPoints2: {27390945-2759-11e6-9247-0270ea210a01} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\MountPoints2: {82b438ea-0c73-11e6-b7d4-0270ee2a0a01} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\MountPoints2: {82b438ed-0c73-11e6-b7d4-0270ee2a0a01} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\MountPoints2: {882ee44a-48cb-11e5-927d-7ce9d3e03be0} - F:\SETUP.EXE
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\MountPoints2: {882ee468-48cb-11e5-927d-7ce9d3e03be0} - G:\autorun.exe
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\MountPoints2: {8c780d45-7b2b-11e5-a6ef-0021ccc4d7ed} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\MountPoints2: {a73cd90f-e7fa-11e6-bb68-7ce9d3e03be0} - D:\SETUP.EXE
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\MountPoints2: {ad078809-89ac-11e5-87b7-a6e4b83a3a12} - D:\Lenovo_Suite.exe
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\MountPoints2: {ad078955-89ac-11e5-87b7-a6e4b83a3a12} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe
HKU\S-1-5-21-1107789336-688124548-375353748-1000\...\MountPoints2: {e36aff01-24da-11e7-aeba-7ce9d3e03be0} - D:\SETUP.EXE
HKU\S-1-5-18\...\Run: [] => [X]
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-11-22]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\T420\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-12-14]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 127.0.0.1 keystone.mwbsys.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{035C39AC-1D9F-4972-921C-F7FBC77FD654}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{75C7C913-12F8-48E9-9E56-2B64E157D2B3}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{B17CB127-0AF2-4EAB-9962-D7A6A42E38F9}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{B602DF14-04B9-4E44-BA9D-456AC54E5BDD}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1107789336-688124548-375353748-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131242460989063762&GUID=9221ABF4-1753-430F-9EEB-072D8802C837
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKU\S-1-5-21-1107789336-688124548-375353748-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FireFox:
========
FF ProfilePath: C:\Users\T420\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\72txuzuj.default [2017-04-19]
FF Extension: (Nimbus Screen Capture - editable screenshots.) - C:\Users\T420\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\72txuzuj.default\Extensions\
nimbusscreencaptureff@everhelper.me.xpi [2016-01-15]
FF Extension: (Adblock Latitude) - C:\Users\T420\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\72txuzuj.default\Extensions\{016acf6d-e5c0-4768-9376-3763d1ad1978}.xpi [2015-10-19] [not signed]
FF Extension: (FireShot) - C:\Users\T420\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\72txuzuj.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-04-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-20] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2014-07-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2014-07-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] ()
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 Bonjour Service; C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2017-04-19] (Apple Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-12-22] (Disc Soft Ltd)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (Lenovo.)
S2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [710144 2016-07-13] (Lenovo.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-05-26] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Limited)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-01-18] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [61784 2016-12-21] (KeepSolid Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [25600 2015-01-23] (BlackBerry Limited)
S3 cpuz141; C:\Users\T420\AppData\Local\Temp\cpuz141\cpuz141_x64.sys [46400 2017-03-21] (CPUID) <==== ATTENTION
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-02-01] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-02-01] (Disc Soft Ltd)
R1 epp; C:\Users\T420\Desktop\emi\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-07-18] (REALiX(tm))
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [80384 2015-01-14] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (BlackBerry Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [121824 2016-07-21] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [195424 2016-07-21] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135824 2016-07-21] (Oracle Corporation)
S3 WinRing0_1_2_0; C:\Users\T420\Desktop\ThrottleStop_840\WinRing0x64.sys [14544 2015-10-12] (OpenLibSys.org)
S3 ALSysIO; \??\C:\Users\T420\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 cpuz139; \??\C:\Users\T420\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [X] <==== ATTENTION
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
S1 MpKslDrv; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{41D230E6-38F9-42DB-A2B8-5651C2A74B7E}\MpKslDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-19 18:53 - 2017-04-19 18:53 - 00000000 ____D C:\Users\T420\AppData\Local\Blizzard Entertainment
2017-04-19 18:52 - 2017-04-19 18:52 - 00000000 ____D C:\Users\T420\Documents\Starcraft
2017-04-19 18:52 - 2017-04-19 18:52 - 00000000 ____D C:\Program Files (x86)\Blizzard
2017-04-19 18:45 - 2017-04-19 18:45 - 00000565 _____ C:\Users\Public\Desktop\StarCraft.lnk
2017-04-19 18:45 - 2017-04-19 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft
2017-04-19 18:10 - 2017-04-19 18:10 - 00000000 ____D C:\Users\T420\AppData\Roaming\Battle.net
2017-04-19 18:10 - 2017-04-19 18:10 - 00000000 ____D C:\ProgramData\Battle.net
2017-04-19 18:09 - 2017-04-19 18:09 - 03205616 _____ (Blizzard Entertainment) C:\Users\T420\Downloads\StarCraft-Setup.exe
2017-04-19 16:49 - 2017-04-19 16:49 - 00003736 ____N C:\bootsqm.dat
2017-04-19 16:47 - 2017-04-19 16:47 - 00000000 __SHD C:\found.000
2017-04-19 16:40 - 2017-04-19 17:06 - 692897792 ____R C:\Users\T420\Downloads\ubcd537.iso
2017-04-19 16:40 - 2017-04-19 16:50 - 00000000 ____D C:\Users\T420\AppData\LocalLow\uTorrent
2017-04-19 16:38 - 2017-04-19 16:38 - 04089296 _____ C:\Users\T420\Downloads\adwcleaner_6.045.exe
2017-04-18 15:53 - 2017-04-18 15:53 - 00045469 _____ C:\Users\T420\Downloads\repository.kodi-czsk-1.0.2.zip
2017-04-18 15:16 - 2017-03-27 20:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-18 15:16 - 2017-03-27 19:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-18 15:16 - 2017-03-25 21:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-18 15:16 - 2017-03-25 21:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-18 15:16 - 2017-03-25 21:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-18 15:16 - 2017-03-25 20:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-18 15:16 - 2017-03-25 20:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-18 15:16 - 2017-03-25 20:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-18 15:16 - 2017-03-25 20:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-18 15:16 - 2017-03-25 20:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-18 15:16 - 2017-03-25 20:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-18 15:16 - 2017-03-25 20:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-18 15:16 - 2017-03-25 20:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-18 15:16 - 2017-03-25 20:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-18 15:16 - 2017-03-25 20:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-18 15:16 - 2017-03-25 20:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-18 15:16 - 2017-03-25 20:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-18 15:16 - 2017-03-25 20:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-18 15:16 - 2017-03-25 20:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-18 15:16 - 2017-03-25 20:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-18 15:16 - 2017-03-25 20:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-18 15:16 - 2017-03-25 20:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-18 15:16 - 2017-03-25 20:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-18 15:16 - 2017-03-25 20:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-18 15:16 - 2017-03-25 20:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-18 15:16 - 2017-03-25 20:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-18 15:16 - 2017-03-25 20:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-18 15:16 - 2017-03-25 20:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-18 15:16 - 2017-03-25 20:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-18 15:16 - 2017-03-25 20:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-18 15:16 - 2017-03-25 20:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-18 15:16 - 2017-03-25 20:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-18 15:16 - 2017-03-25 20:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-18 15:16 - 2017-03-25 20:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-18 15:16 - 2017-03-25 20:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-18 15:16 - 2017-03-25 20:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-18 15:16 - 2017-03-25 20:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-18 15:16 - 2017-03-25 20:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-18 15:16 - 2017-03-25 20:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-18 15:16 - 2017-03-25 19:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-18 15:16 - 2017-03-25 19:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-18 15:16 - 2017-03-25 19:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-18 15:16 - 2017-03-25 19:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-18 15:16 - 2017-03-25 19:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-18 15:16 - 2017-03-25 19:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-18 15:16 - 2017-03-25 19:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-18 15:16 - 2017-03-25 19:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-18 15:16 - 2017-03-25 19:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-18 15:16 - 2017-03-25 19:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-18 15:16 - 2017-03-25 19:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-18 15:16 - 2017-03-25 19:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-18 15:16 - 2017-03-25 19:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-18 15:16 - 2017-03-25 19:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-18 15:16 - 2017-03-25 19:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-18 15:16 - 2017-03-25 19:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-18 15:16 - 2017-03-25 19:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-18 15:16 - 2017-03-25 19:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-18 15:16 - 2017-03-25 19:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-18 15:16 - 2017-03-25 18:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-18 15:16 - 2017-03-25 18:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-18 15:16 - 2017-03-25 18:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-18 15:16 - 2017-03-25 18:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-18 15:16 - 2017-03-25 18:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-18 15:16 - 2017-03-25 18:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-18 15:16 - 2017-03-25 18:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-18 15:16 - 2017-03-25 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-18 15:16 - 2017-03-25 00:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-18 15:16 - 2017-03-25 00:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-18 15:16 - 2017-03-22 17:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-18 15:16 - 2017-03-22 17:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-18 15:16 - 2017-03-22 17:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-18 15:16 - 2017-03-22 17:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-18 15:16 - 2017-03-22 17:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-18 15:16 - 2017-03-22 17:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-18 15:16 - 2017-03-22 17:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-18 15:16 - 2017-03-22 17:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-18 15:16 - 2017-03-22 17:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-18 15:16 - 2017-03-22 17:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-18 15:16 - 2017-03-22 17:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-18 15:16 - 2017-03-22 17:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-18 15:16 - 2017-03-22 17:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-18 15:16 - 2017-03-22 17:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-18 15:16 - 2017-03-22 17:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-18 15:16 - 2017-03-22 17:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-18 15:16 - 2017-03-14 17:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-18 15:16 - 2017-03-14 17:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-18 15:16 - 2017-03-14 17:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-18 15:16 - 2017-03-10 18:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-18 15:16 - 2017-03-10 18:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-18 15:16 - 2017-03-10 18:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-18 15:16 - 2017-03-10 18:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-18 15:16 - 2017-03-10 18:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-18 15:16 - 2017-03-10 18:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-18 15:16 - 2017-03-10 18:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-18 15:16 - 2017-03-10 18:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-18 15:16 - 2017-03-10 18:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-18 15:16 - 2017-03-10 18:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-18 15:16 - 2017-03-10 17:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-18 15:16 - 2017-03-08 22:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-18 15:16 - 2017-03-08 22:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-18 15:16 - 2017-03-08 06:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-18 15:16 - 2017-03-08 06:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-18 15:16 - 2017-03-08 06:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-18 15:16 - 2017-03-08 06:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-18 15:16 - 2017-03-08 06:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-18 15:16 - 2017-03-08 06:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-18 15:16 - 2017-03-08 06:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-18 15:16 - 2017-03-08 06:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-18 15:16 - 2017-03-08 06:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 06:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-18 15:16 - 2017-03-08 06:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-18 15:16 - 2017-03-08 06:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-18 15:16 - 2017-03-08 06:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-18 15:16 - 2017-03-08 06:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-18 15:16 - 2017-03-08 05:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-18 15:16 - 2017-03-08 05:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-18 15:16 - 2017-03-08 05:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-18 15:16 - 2017-03-08 05:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-18 15:16 - 2017-03-08 05:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-18 15:16 - 2017-03-08 05:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-18 15:16 - 2017-03-08 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-18 15:16 - 2017-03-08 05:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-18 15:16 - 2017-03-08 05:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-18 15:16 - 2017-03-08 05:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-18 15:16 - 2017-03-08 05:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-18 15:16 - 2017-03-08 05:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-18 15:16 - 2017-03-08 05:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 05:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 05:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-18 15:16 - 2017-03-08 05:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-18 15:16 - 2017-03-07 18:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-18 15:16 - 2017-03-07 18:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-18 15:16 - 2017-03-04 03:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-18 15:16 - 2017-03-04 03:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-18 15:16 - 2017-03-04 03:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-18 15:16 - 2017-03-04 03:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-18 15:16 - 2017-02-14 18:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-18 15:16 - 2017-02-14 18:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-18 15:16 - 2017-02-11 18:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-18 15:16 - 2017-02-11 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-18 15:16 - 2017-02-09 18:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-18 15:16 - 2017-02-09 18:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-18 15:16 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-18 15:16 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-18 14:52 - 2017-04-18 14:52 - 00010276 _____ C:\Users\T420\Desktop\Addition.rar
2017-04-18 14:37 - 2017-04-19 19:04 - 00022562 _____ C:\Users\T420\Desktop\FRST.txt
2017-04-18 14:37 - 2017-04-18 14:37 - 00000000 ____D C:\FRST
2017-04-18 14:36 - 2017-04-18 14:36 - 00112640 _____ (forum.viry.cz) C:\Users\T420\Downloads\FRSTLauncher.exe
2017-04-18 14:36 - 2017-04-18 14:36 - 00112640 _____ (forum.viry.cz) C:\Users\T420\Desktop\FRSTLauncher.exe
2017-04-18 14:36 - 2017-04-18 14:35 - 02424832 _____ (Farbar) C:\Users\T420\Desktop\FRST64.exe
2017-04-18 14:35 - 2017-04-18 14:35 - 02424832 _____ (Farbar) C:\Users\T420\Downloads\FRST64.exe
2017-04-18 14:28 - 2017-04-18 14:28 - 00000000 ____D C:\ProgramData\Emsisoft
2017-04-18 14:25 - 2017-04-18 14:25 - 00000000 ____D C:\AvgArlBackup
2017-04-18 12:39 - 2017-04-18 14:33 - 00000000 ____D C:\Users\T420\Desktop\emi
2017-04-18 12:38 - 2017-04-18 12:50 - 00000000 _____ C:\Windows\ntbtlog.txt
2017-04-10 19:41 - 2017-04-10 19:41 - 00002059 _____ C:\Users\Public\Desktop\SSDlife Pro.lnk
2017-04-10 19:41 - 2017-04-10 19:41 - 00000000 ____D C:\ProgramData\TEMP
2017-04-10 19:41 - 2017-04-10 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSDlife
2017-04-10 19:41 - 2017-04-10 19:41 - 00000000 ____D C:\ProgramData\Binarysense
2017-04-10 19:41 - 2017-04-10 19:41 - 00000000 ____D C:\Program Files (x86)\BinarySense
2017-04-10 19:39 - 2017-04-10 19:40 - 04816896 _____ C:\Users\T420\Downloads\SSDlife Pro 2.5.82.msi
2017-04-10 19:38 - 2017-04-10 19:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-04-10 19:38 - 2017-04-10 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-23 17:05 - 2017-03-23 17:05 - 00008704 ___SH C:\Users\T420\Documents\Thumbs.db
2017-03-21 17:58 - 2017-04-19 16:43 - 00000000 ____D C:\AdwCleaner
2017-03-21 17:57 - 2017-03-21 17:57 - 04031440 _____ C:\Users\T420\Downloads\adwcleaner_6.044.exe
2017-03-21 14:27 - 2017-03-21 14:27 - 00116735 _____ C:\Users\T420\Documents\Kvapil i6Shop.pdf
2017-03-20 00:48 - 2017-03-20 00:48 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-19 19:03 - 2015-09-06 15:50 - 00000000 ____D C:\Users\T420\AppData\Roaming\uTorrent
2017-04-19 19:03 - 2015-08-22 13:49 - 00000000 ____D C:\Users\T420\AppData\Roaming\Skype
2017-04-19 18:11 - 2015-09-06 16:26 - 00000000 ____D C:\Hry
2017-04-19 17:10 - 2015-11-13 20:42 - 00001904 __RSH C:\ProgramData\ntuser.pol
2017-04-19 17:09 - 2011-04-12 10:34 - 00668792 _____ C:\Windows\system32\perfh005.dat
2017-04-19 17:09 - 2011-04-12 10:34 - 00141420 _____ C:\Windows\system32\perfc005.dat
2017-04-19 17:09 - 2009-07-14 07:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-19 17:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-19 17:08 - 2015-11-23 21:23 - 00001042 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-04-19 17:08 - 2015-08-22 11:44 - 00001042 ____H C:\Users\T420\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-04-19 16:57 - 2009-07-14 06:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-19 16:57 - 2009-07-14 06:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-19 16:55 - 2016-07-29 09:33 - 00000000 ____D C:\Users\T420\AppData\Roaming\Spotify
2017-04-19 16:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-19 16:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-04-19 10:33 - 2016-11-22 23:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-19 10:33 - 2016-11-22 23:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-19 10:33 - 2009-07-14 06:45 - 00437480 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-19 03:05 - 2016-11-22 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-19 03:04 - 2015-08-22 15:09 - 00000000 ____D C:\Windows\system32\MRT
2017-04-19 03:02 - 2015-08-22 15:09 - 00000000 _____ C:\Windows\system32\MRT.exe
2017-04-19 03:01 - 2015-08-22 13:06 - 01558876 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-18 12:43 - 2017-02-20 19:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-18 08:17 - 2016-07-29 09:35 - 00000000 ____D C:\Users\T420\AppData\Local\Spotify
2017-04-10 19:38 - 2015-08-22 13:49 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2017-04-10 19:38 - 2015-08-22 13:49 - 00000000 ____D C:\ProgramData\Skype
2017-04-10 13:02 - 2015-08-25 22:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-04-08 00:06 - 2010-11-21 05:27 - 00532136 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-03-29 13:52 - 2016-07-25 01:05 - 00000000 ____D C:\Users\T420\.VirtualBox
2017-03-21 17:21 - 2015-08-22 14:10 - 00000000 ____D C:\Users\T420\AppData\Roaming\.purple
2017-03-20 19:36 - 2015-12-19 16:36 - 00007616 _____ C:\Users\T420\AppData\Local\Resmon.ResmonCfg
==================== Files in the root of some directories =======
2014-07-09 13:01 - 2014-07-09 13:01 - 0022976 _____ (Intel Corporation) C:\Users\T420\AppData\Roaming\JomCap.dll
2002-08-29 19:33 - 2002-08-29 19:33 - 0319488 ____R () C:\Users\T420\AppData\Roaming\MafiaSetup.exe
2016-11-22 01:54 - 2016-11-22 01:54 - 0200704 _____ (tamirgal.com) C:\Users\T420\AppData\Roaming\Tamir.SharpSsh.dll
2016-05-09 14:41 - 2017-03-02 18:19 - 0000600 _____ () C:\Users\T420\AppData\Local\PUTTY.RND
2016-01-21 20:25 - 2016-01-21 20:25 - 0000001 _____ () C:\Users\T420\AppData\Local\RawCopy.1.10.agreement
2016-01-21 20:35 - 2016-01-21 20:35 - 0000021 _____ () C:\Users\T420\AppData\Local\RawCopy.savedialog.dir
2016-01-21 20:35 - 2016-01-21 20:35 - 0000001 _____ () C:\Users\T420\AppData\Local\RawCopy.savedialog.filterindex
2016-01-21 20:35 - 2016-01-21 20:35 - 0000001 _____ () C:\Users\T420\AppData\Local\RawCopy.sourcedisk.index
2015-12-19 16:36 - 2017-03-20 19:36 - 0007616 _____ () C:\Users\T420\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2017-02-22 20:18 - 2017-02-22 20:18 - 36403960 _____ (AppWork GmbH) C:\Users\T420\AppData\Local\Temp\JDSetup131322610884156941.exe
2006-10-27 23:14 - 2006-10-27 23:14 - 0145184 ____R (Microsoft Corporation) C:\Users\T420\AppData\Local\Temp\ose00000.exe
2017-02-24 22:11 - 2017-02-24 22:11 - 0040448 ____N () C:\Users\T420\AppData\Local\Temp\proxy_vole4516678308511928591.dll
2017-02-24 22:11 - 2017-02-24 22:11 - 0040448 ____N () C:\Users\T420\AppData\Local\Temp\proxy_vole6714555078819763481.dll
2017-02-24 22:11 - 2017-02-24 22:11 - 0040448 ____N () C:\Users\T420\AppData\Local\Temp\proxy_vole8310792548872102989.dll
2017-04-10 19:36 - 2017-04-10 19:36 - 14456872 _____ (Microsoft Corporation) C:\Users\T420\AppData\Local\Temp\vc_redist.x86.exe
Some zero byte size files/folders:
==========================
C:\Windows\System32\MRT.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\T420\Desktop" je 25685 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmoltoRecorder
"C:\Program Files (x86)\Amolto Call Recorder for Skype\AmoltoRecorder.exe" /minimized [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync
"C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR12
"C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Přispějete na provoz fóra?