Dlouhá reakce na spuštění programu

Zpráva

DaytonC · #1 Příspěvek od **DaytonC** » 02 črc 2017 16:21

Zdravím...
jsem tu přes nouzový režim který pracuje svižně na každý klik v celku rychle reaguje systém...jenže když spustím windows normálně tak sice do plochy najede ale z lišty nejde nic spustit protože se tam objevuje takový ten modrý kruh. na ploše kruh zmizí ale pokud na něco kliknu tak se naprosto nic neděje. A pokud už nějaký program po nějaké dlouhé době naběhne tak je stejně nepoužitelný.

co jsem zkoušel:
1.obnovit systém do data cca 2dny zpět kdy bylo vše OK --bez efektu
2.ccleanerem vyčistit registry windows-- taky nic
3.adware cleaner nic nenašel
4.antivir ...taky nic..
5. kontrola krystaldiskem nic neodhalila disk je dobrý(svítí modře) ... má jen zvýšenou teplotu disku (51stupnů- žlutá)
6. pokusím se udělat RSIT(jen z nouzového režimu) a dát jej sem.

prosím o pomoc.

#2 Příspěvek od **Márty84** » 02 črc 2017 17:47

Zdravim

Dejte logy (klidne z nouzoveho rezimu) podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

(Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)

DaytonC · #3 Příspěvek od **DaytonC** » 02 črc 2017 21:19

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2017
Ran by Roman (administrator) on ROMAN-PC (02-07-2017 22:03:49)
Running from C:\Users\Roman\Desktop
Loaded Profiles: Roman (Available Profiles: Roman)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(LENOVO) C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe
() C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(forum.viry.cz) C:\Users\Roman\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2847016 2011-11-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-11-10] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-08-08] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-08-08] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-08-08] (Lenovo(beijing) Limited)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-23] (NVIDIA Corporation)
HKLM\...\Run: [UpdatePRCShortCut1] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM\...\Run: [HotKeysCmds1] => C:\Windows\system32\hkcmd.exe [411056 2015-06-01] (Intel Corporation)
HKLM\...\Run: [Persistence1] => C:\Windows\system32\igfxpers.exe [453552 2015-06-01] (Intel Corporation)
HKLM\...\Run: [IgfxTray1] => C:\Windows\system32\igfxtray.exe [183216 2015-06-01] (Intel Corporation)
HKLM\...\Run: [RtHDVBg_Dolby1] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-02] (AVAST Software)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-04] (Lenovo)
HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-09] (LENOVO)
HKLM-x32\...\Run: [Lenovo EasyCamera_Monitor] => C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe [258936 2012-02-06] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2015-02-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2015-02-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2015-02-23] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-12-25]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{1F004AE9-736A-4A9E-A206-DE238301C1BF}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{DD39D036-017D-4A2E-B4A8-4BC12D6F774B}: [DhcpNameServer] 192.168.108.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-683440959-2606681586-737459993-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-683440959-2606681586-737459993-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... OH_csCZ565
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-02] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-02] (AVAST Software)

FireFox:
========
FF DefaultProfile: 778j7se6.default-1497116886439
FF ProfilePath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439 [2017-07-02]
FF Homepage: Mozilla\Firefox\Profiles\778j7se6.default-1497116886439 -> hxxps://user.centrum.cz/?logout=1&name=K%2FjGQk2V9jmYYMWL4lgHHArTrQyy27S3OCwPLotUBMo%3D&url=https%3A%2F%2Fmail.centrum.cz
hxxp://aukro.cz/myaccount/sell.php/p,1
hxxps://online.mbank.cz/cs/Login
hxxps://www.rb.cz/osobni
hxxps://www.rande.cz/logout.aspx?r=582786
FF Extension: (Avast SafePrice) - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\Extensions\sp@avast.com.xpi [2017-07-01]
FF Extension: (Avast Online Security) - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\Extensions\wrc@avast.com.xpi [2017-07-01]
FF Extension: (Adblock Plus) - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-06-21] ( )
FF Plugin HKU\S-1-5-21-683440959-2606681586-737459993-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Roman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)

Chrome:
=======
CHR dev: Chrome dev build detected! <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-02] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-02] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-02] (Broadcom Corporation.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-06-21] (Nitro PDF Software)
S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-24] (Lenovo)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-11-29] () [File not signed]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-11-29] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [319984 2017-07-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198944 2017-07-02] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343264 2017-07-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57704 2017-07-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146664 2017-07-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-02] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-02] (AVAST Software)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2016-07-31] (Highresolution Enterprises [www.highrez.co.uk])
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2015-04-17] (ITE )
R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-24] (Lenovo Corporation")
R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-22] (Lenovo Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
S3 portio; C:\Windows\System32\DRIVERS\WP800IO.sys [8664 2007-09-05] (WinPic800) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-03-27] () [File not signed]
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-02 22:03 - 2017-07-02 22:05 - 00017288 _____ C:\Users\Roman\Desktop\FRST.txt
2017-07-02 21:58 - 2017-07-02 22:00 - 00112640 _____ (forum.viry.cz) C:\Users\Roman\Desktop\FRSTLauncher.exe
2017-07-02 21:58 - 2017-07-02 21:58 - 02435584 _____ (Farbar) C:\Users\Roman\Desktop\FRST64.exe
2017-07-02 17:35 - 2017-07-02 17:35 - 00000456 _____ C:\Windows\Tasks\SafeZone scheduled Autoupdate 1458663269.job
2017-07-02 17:34 - 2017-07-02 17:34 - 00000342 ____H C:\Windows\Tasks\Avast Emergency Update.job
2017-07-02 17:34 - 2017-07-02 15:03 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-02 17:00 - 2017-07-02 17:02 - 00140668 _____ C:\Windows\ntbtlog.txt
2017-07-02 15:10 - 2017-07-02 16:49 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2017-07-02 15:01 - 2017-07-02 15:01 - 00001130 _____ C:\Users\Roman\Desktop\ZX spectrum 48K.lnk
2017-07-02 15:01 - 2017-07-02 15:01 - 00001056 _____ C:\Users\Roman\Desktop\Basic52.lnk
2017-07-02 15:01 - 2017-07-02 15:01 - 00001036 _____ C:\Users\Roman\Desktop\PMI80.lnk
2017-06-13 20:34 - 2017-05-03 17:34 - 00094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-06-13 20:34 - 2017-05-03 17:29 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-06-13 20:34 - 2017-05-03 15:05 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-06-13 20:34 - 2017-05-03 15:05 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-06-13 20:34 - 2017-05-03 15:05 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-06-13 20:34 - 2017-05-03 15:05 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-06-13 20:34 - 2017-05-03 15:05 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-06-13 20:34 - 2017-05-03 15:05 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-06-13 20:34 - 2017-05-03 15:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-06-13 20:34 - 2017-03-23 04:06 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-06-13 19:47 - 2017-06-02 10:28 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-13 19:47 - 2017-06-02 10:28 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-13 19:47 - 2017-06-02 10:28 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-13 19:47 - 2017-06-02 10:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-13 19:47 - 2017-06-02 10:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-13 19:47 - 2017-06-02 10:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-06-13 19:47 - 2017-06-02 10:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-13 19:47 - 2017-06-02 10:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-06-13 19:47 - 2017-06-02 10:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-06-13 19:47 - 2017-06-02 10:11 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-13 19:47 - 2017-06-02 10:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-13 19:47 - 2017-06-02 10:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-13 19:47 - 2017-06-02 10:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-06-13 19:47 - 2017-06-02 10:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-13 19:47 - 2017-06-02 10:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-13 19:47 - 2017-06-02 10:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-13 19:47 - 2017-06-02 10:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-13 19:47 - 2017-06-02 10:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-06-13 19:47 - 2017-06-02 10:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-06-13 19:47 - 2017-06-02 10:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-06-13 19:47 - 2017-06-02 10:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-06-13 19:47 - 2017-06-02 09:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-13 19:47 - 2017-06-02 09:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-13 19:47 - 2017-06-02 09:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-06-13 19:47 - 2017-06-02 09:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-06-13 19:47 - 2017-05-21 06:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-06-13 19:47 - 2017-05-21 06:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-06-13 19:47 - 2017-05-21 06:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-06-13 19:47 - 2017-05-21 05:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-06-13 19:47 - 2017-05-21 05:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-13 19:47 - 2017-05-21 05:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-13 19:47 - 2017-05-21 05:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-13 19:47 - 2017-05-21 05:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-06-13 19:47 - 2017-05-21 05:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-06-13 19:47 - 2017-05-21 05:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-06-13 19:47 - 2017-05-16 20:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-13 19:47 - 2017-05-16 19:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-06-13 19:47 - 2017-05-14 22:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-06-13 19:47 - 2017-05-14 22:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-06-13 19:47 - 2017-05-14 22:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-06-13 19:47 - 2017-05-14 22:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-06-13 19:47 - 2017-05-14 22:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-13 19:47 - 2017-05-14 22:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-06-13 19:47 - 2017-05-14 22:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-13 19:47 - 2017-05-14 22:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-13 19:47 - 2017-05-14 22:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-13 19:47 - 2017-05-14 22:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-06-13 19:47 - 2017-05-14 22:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-06-13 19:47 - 2017-05-14 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-06-13 19:47 - 2017-05-14 22:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-13 19:47 - 2017-05-14 22:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-06-13 19:47 - 2017-05-14 22:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-06-13 19:47 - 2017-05-14 22:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-13 19:47 - 2017-05-14 22:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-13 19:47 - 2017-05-14 21:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-06-13 19:47 - 2017-05-14 21:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-13 19:47 - 2017-05-14 21:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-13 19:47 - 2017-05-14 21:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-13 19:47 - 2017-05-14 21:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-06-13 19:47 - 2017-05-14 21:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-06-13 19:47 - 2017-05-14 21:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-13 19:47 - 2017-05-14 21:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-13 19:47 - 2017-05-14 21:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-06-13 19:47 - 2017-05-14 21:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-06-13 19:47 - 2017-05-14 21:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-13 19:47 - 2017-05-14 21:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-06-13 19:47 - 2017-05-14 21:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-13 19:47 - 2017-05-14 21:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-06-13 19:47 - 2017-05-14 21:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-06-13 19:47 - 2017-05-14 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-06-13 19:47 - 2017-05-14 21:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-13 19:47 - 2017-05-14 21:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-13 19:47 - 2017-05-14 21:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-06-13 19:47 - 2017-05-14 21:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-13 19:47 - 2017-05-14 21:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-06-13 19:47 - 2017-05-14 21:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-06-13 19:47 - 2017-05-14 21:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-06-13 19:47 - 2017-05-14 21:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-06-13 19:47 - 2017-05-14 21:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-13 19:47 - 2017-05-14 21:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-06-13 19:47 - 2017-05-14 21:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-13 19:47 - 2017-05-14 21:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-13 19:47 - 2017-05-14 21:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-06-13 19:47 - 2017-05-14 20:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-06-13 19:47 - 2017-05-14 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-13 19:47 - 2017-05-14 20:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-06-13 19:47 - 2017-05-14 20:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-13 19:47 - 2017-05-14 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-06-13 19:47 - 2017-05-14 20:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-13 19:47 - 2017-05-14 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-06-13 19:47 - 2017-05-14 20:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-06-13 19:47 - 2017-05-14 20:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-06-13 19:47 - 2017-05-14 20:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-13 19:47 - 2017-05-14 20:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-06-13 19:47 - 2017-05-14 20:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-13 19:47 - 2017-05-14 20:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-06-13 19:47 - 2017-05-14 20:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-06-13 19:47 - 2017-05-14 20:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-13 19:47 - 2017-05-14 20:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-13 19:47 - 2017-05-14 20:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-13 19:47 - 2017-05-14 20:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-13 19:47 - 2017-05-14 20:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-13 19:47 - 2017-05-14 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-13 19:47 - 2017-05-12 20:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-06-13 19:47 - 2017-05-12 20:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-13 19:47 - 2017-05-12 20:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-06-13 19:47 - 2017-05-12 20:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-13 19:47 - 2017-05-12 20:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-06-13 19:47 - 2017-05-12 20:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-06-13 19:47 - 2017-05-12 20:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-13 19:47 - 2017-05-12 20:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 19:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-06-13 19:47 - 2017-05-12 19:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-06-13 19:47 - 2017-05-12 19:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-06-13 19:47 - 2017-05-12 19:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-13 19:47 - 2017-05-12 19:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-06-13 19:47 - 2017-05-12 19:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-06-13 19:47 - 2017-05-12 19:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-13 19:47 - 2017-05-12 19:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-13 19:47 - 2017-05-12 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-06-13 19:47 - 2017-05-12 19:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-06-13 19:47 - 2017-05-12 19:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-06-13 19:47 - 2017-05-12 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-06-13 19:47 - 2017-05-12 19:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 19:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 19:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 19:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 18:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-13 19:47 - 2017-05-12 17:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-13 19:47 - 2017-05-12 17:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-13 19:47 - 2017-05-10 17:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-06-13 19:47 - 2017-05-10 17:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-13 19:47 - 2017-05-10 17:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-13 19:47 - 2017-05-10 17:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-06-13 19:47 - 2017-05-10 17:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-13 19:47 - 2017-05-10 17:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-13 19:47 - 2017-05-10 17:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-13 19:47 - 2017-05-10 17:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2017-06-13 19:47 - 2017-05-10 17:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-13 19:47 - 2017-05-10 17:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-13 19:47 - 2017-05-10 17:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-13 19:47 - 2017-05-10 17:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-13 19:47 - 2017-05-10 17:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-13 19:47 - 2017-05-10 17:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-13 19:47 - 2017-05-10 17:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-13 19:47 - 2017-05-10 17:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-13 19:47 - 2017-05-10 17:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-06-13 19:47 - 2017-05-10 17:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-13 19:47 - 2017-05-10 17:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-13 19:47 - 2017-05-10 17:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-13 19:47 - 2017-05-10 17:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-13 19:47 - 2017-05-10 17:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-06-13 19:47 - 2017-05-10 16:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-13 19:47 - 2017-05-09 17:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-13 19:47 - 2017-05-09 17:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-13 19:47 - 2017-05-09 17:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-06-13 19:47 - 2017-05-07 17:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-13 19:47 - 2017-05-07 17:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-06-13 19:47 - 2017-03-30 17:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-06-13 19:47 - 2017-03-30 16:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2017-06-11 11:13 - 2017-06-11 11:13 - 00000982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-06-11 11:13 - 2017-06-11 11:13 - 00000970 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-06-10 19:34 - 2017-06-10 19:35 - 46867584 _____ (Mozilla) C:\Users\Roman\Downloads\Firefox Setup 53.0.3.exe
2017-06-10 00:30 - 2017-06-10 00:30 - 04110280 _____ C:\Users\Roman\Downloads\adwcleaner_6.047.exe
2017-06-06 19:34 - 2017-06-06 19:34 - 00001129 _____ C:\Users\Roman\Desktop\EAGLE 5.11.0.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-02 22:03 - 2016-11-16 19:42 - 00000000 ____D C:\Users\Roman\AppData\LocalLow\Mozilla
2017-07-02 22:03 - 2014-11-14 21:54 - 00000000 ____D C:\FRST
2017-07-02 19:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-07-02 19:09 - 2015-01-25 00:13 - 00000000 ____D C:\ProgramData\Skype
2017-07-02 19:04 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-02 19:04 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-02 18:53 - 2012-08-08 09:52 - 00091397 _____ C:\Windows\system32\fastboot.set
2017-07-02 18:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-02 18:51 - 2016-11-15 20:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-07-02 18:51 - 2013-12-06 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-02 18:47 - 2016-07-31 19:43 - 00003132 _____ C:\Windows\System32\Tasks\{5A93097A-4CBE-4F29-B689-787EE6BD138F}
2017-07-02 18:47 - 2016-07-31 19:39 - 00002972 _____ C:\Windows\System32\Tasks\{0DC8346D-4B10-4D16-96D7-BBBFEED1E4FF}
2017-07-02 17:35 - 2017-03-21 20:18 - 00001893 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-07-02 16:33 - 2015-05-30 19:35 - 00000000 ____D C:\AdwCleaner
2017-07-02 16:26 - 2015-04-01 18:35 - 00000000 ____D C:\Users\Roman\Documents\Zaloha registrů
2017-07-02 15:09 - 2016-05-05 17:56 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458663269
2017-07-02 15:04 - 2017-03-01 19:39 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-02 15:04 - 2013-12-06 21:12 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-07-02 15:03 - 2017-03-01 19:38 - 00343264 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-02 15:03 - 2017-03-01 19:38 - 00319984 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-02 15:03 - 2017-03-01 19:38 - 00198944 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-02 15:03 - 2017-03-01 19:38 - 00057704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-02 15:03 - 2016-03-22 18:14 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-02 15:03 - 2014-04-19 20:13 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-02 15:03 - 2014-01-04 02:30 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-02 15:03 - 2013-12-06 21:12 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-02 15:03 - 2013-12-06 21:12 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-02 15:03 - 2013-12-06 21:12 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.149900066398106
2017-07-02 15:03 - 2013-12-06 21:12 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-07-02 15:03 - 2013-12-06 21:12 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-02 15:03 - 2013-12-06 21:12 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-02 14:46 - 2012-08-08 08:43 - 00669116 _____ C:\Windows\system32\perfh005.dat
2017-07-02 14:46 - 2012-08-08 08:43 - 00141744 _____ C:\Windows\system32\perfc005.dat
2017-07-02 14:46 - 2009-07-14 07:13 - 01584554 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-02 14:44 - 2014-01-04 02:30 - 00158368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.149899954882302
2017-07-02 14:39 - 2013-12-06 20:28 - 00000000 ____D C:\Users\Roman
2017-07-02 14:38 - 2017-03-21 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-07-02 14:38 - 2017-03-15 19:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-02 14:38 - 2015-12-03 22:39 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-07-02 14:38 - 2013-12-06 20:28 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-07-02 14:38 - 2012-08-08 09:24 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2017-07-02 14:37 - 2014-03-29 23:35 - 00000000 ____D C:\Users\Roman\AppData\Roaming\TeamViewer
2017-07-02 14:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-07-02 14:34 - 2013-12-06 21:23 - 00000000 ____D C:\MeProgramy
2017-06-25 12:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-06-25 09:01 - 2014-03-29 23:38 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-06-16 20:17 - 2013-12-06 22:36 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-16 20:17 - 2013-12-06 22:36 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-16 20:17 - 2013-12-06 22:36 - 00004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-06-16 20:17 - 2013-12-06 22:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-16 20:17 - 2012-08-08 09:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-14 20:19 - 2012-08-08 09:29 - 01560204 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-06-13 20:47 - 2016-01-13 18:33 - 00000000 ____D C:\Windows\system32\appraiser
2017-06-13 20:09 - 2009-07-14 06:45 - 00306272 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-13 20:08 - 2013-12-07 06:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-13 20:08 - 2013-12-07 06:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-13 20:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-06-13 20:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2017-06-13 20:04 - 2013-12-07 06:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 19:54 - 2013-12-10 19:00 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-13 19:54 - 2013-12-10 19:00 - 00000000 ____D C:\Windows\system32\MRT
2017-06-12 18:53 - 2013-12-06 20:31 - 00067944 _____ C:\Users\Roman\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-10 19:37 - 2013-12-06 22:31 - 00000907 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-06-10 19:37 - 2013-12-06 22:31 - 00000895 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-06-06 19:38 - 2017-04-14 20:54 - 00000000 ____D C:\Users\Roman\Documents\eagle
2017-06-03 11:54 - 2015-01-25 12:05 - 00000000 ____D C:\Users\Roman\Desktop\BT

==================== Files in the root of some directories =======

2014-06-19 06:20 - 2014-06-19 06:20 - 0000024 _____ () C:\Users\Roman\AppData\Roaming\temp.ini
2014-08-19 21:23 - 2014-08-19 21:23 - 0003584 _____ () C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-08 19:38 - 2014-05-05 00:47 - 0007597 _____ () C:\Users\Roman\AppData\Local\resmon.resmoncfg
2014-06-09 18:50 - 2014-09-15 17:03 - 0026327 _____ () C:\ProgramData\LmeUSB.log
2014-06-09 18:50 - 2014-09-15 17:03 - 0025806 _____ () C:\ProgramData\LmeZJSW.log
2014-06-09 18:50 - 2014-09-15 17:03 - 0026309 _____ () C:\ProgramData\LSDmbTH.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-02 20:49

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows7_OS) (Fixed) (Total:886.32 GB) (Free:643.83 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:20.87 GB) NTFS

Available physical RAM: 2365.29 MB
Total physical RAM: 3955.32 MB
Percentage of memory in use: 40%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C70BA6D4)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=886.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\Windows\Tasks\SafeZone scheduled Autoupdate 1458663269.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows:nlsPreferences [0]

==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Roman\Desktop" je 6 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intelligent Touchpad
C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lenovo Registration
C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirage
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray
"C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DefaultOutboundAction REG_DWORD 0x0
DefaultInboundAction REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DefaultOutboundAction REG_DWORD 0x0
DefaultInboundAction REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

========

DaytonC · #4 Příspěvek od **DaytonC** » 02 črc 2017 21:20

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2017
Ran by Roman (02-07-2017 22:05:32)
Running from C:\Users\Roman\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-12-06 18:28:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-683440959-2606681586-737459993-500 - Administrator - Disabled)
Guest (S-1-5-21-683440959-2606681586-737459993-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-683440959-2606681586-737459993-1003 - Limited - Enabled)
Roman (S-1-5-21-683440959-2606681586-737459993-1001 - Administrator - Enabled) => C:\Users\Roman

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Aktualizace NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
AOMEI Partition Assistant Standard Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
ASIX UP v.3-22 (HKLM-x32\...\ASIX UP_is1) (Version: - ASIX s.r.o.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
AVR Jungo USB (HKLM-x32\...\{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}) (Version: 10.4 - Atmel)
AVR QTouch Studio (HKLM-x32\...\{7BE9E558-BE53-4939-9565-A0BEA2F839D0}) (Version: 4.4.1 - Atmel)
AVR Studio 5.1 (HKLM-x32\...\{D574D18C-9D52-4B4B-9647-AE6B89FD3F70}) (Version: 5.1.208 - Atmel)
Borland C++Builder 6 (HKLM-x32\...\{2864C41B-EF2D-4640-95A2-526276524519}) (Version: 6.0 - Borland Software Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
EAGLE 5.11.0 (HKLM-x32\...\EAGLE 5.11.0) (Version: 5.11.0 - CadSoft Computer GmbH)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mikroC (remove only) (HKLM-x32\...\mikroC) (Version: - )
mikroPascal (remove only) (HKLM-x32\...\mikroPascal) (Version: - )
mikroPascal for AVR (remove only) (HKLM-x32\...\mikroPascal for AVR) (Version: - )
Mozilla Firefox 54.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 54.0.1 (x64 cs)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
NVIDIA Ovladače grafiky 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.20 - NVIDIA Corporation)
OpenOffice.org 2.0 (HKLM-x32\...\{5DB8BFC7-9595-49CC-BF0D-A17D3A83929A}) (Version: 2.0.9044 - OpenOffice.org)
Ovládací panel NVIDIA 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 345.20 - NVIDIA Corporation) Hidden
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.48.823.2011 - Realtek)
SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.607) (Version: 3.55.2393.607 - Avast Software) Hidden
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
State of War (HKLM-x32\...\State of War) (Version: - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78313 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Windows Driver Package - ASIX s.r.o. ASIX Development Tools Driver Package (07/10/2015 2.12.06) (HKLM\...\63179435CD5991EB4724264B890E0ED379471EE7) (Version: 07/10/2015 2.12.06 - ASIX s.r.o.)
Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-02] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-02] (AVAST Software)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll [2012-08-08] ()
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-02] (AVAST Software)
ContextMenuHandlers01: [NPShellExtension] -> {D7ECBD0E-B8E3-4a0c-9E84-514298EFA583} => C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll [2012-06-21] ()
ContextMenuHandlers01: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ContextMenuHandlers01: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-02] (AVAST Software)
ContextMenuHandlers03: [IkeyShlExt] -> {F1E551D1-822B-40e6-B4D8-A9B4A48AA07A} => C:\Windows\system32\SimpleExt.dll [2012-08-08] ()
ContextMenuHandlers04: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-04] (NVIDIA Corporation)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-02] (AVAST Software)
ContextMenuHandlers06: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ContextMenuHandlers06: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01EF22FF-B343-455E-8AA3-1760B9AD73B3} - System32\Tasks\SafeZone scheduled Autoupdate 1458663269 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {1F99D0E0-C355-436B-A007-0C7467273900} - System32\Tasks\{5A93097A-4CBE-4F29-B689-787EE6BD138F} => pcalua.exe -a C:\Users\Roman\AppData\Local\Temp\Temp1_PonyProg_V207c.zip\setup.exe <==== ATTENTION
Task: {39964426-A2DF-44CF-8184-89767D3BBC60} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {4F6AE02F-CCF3-4690-850B-9CA8B9EDD342} - System32\Tasks\{0DC8346D-4B10-4D16-96D7-BBBFEED1E4FF} => C:\Program Files (x86)\PonyProg2000\PONYPROG2000.EXE
Task: {79DAF2A6-E294-4095-B0F0-3AF2B1DDA57F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-02] (AVAST Software)
Task: {93D90012-EFC7-4797-A971-90D0E4893095} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {A261A537-27D9-409A-ADCF-4A4FB21DB9D5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {B75D31B9-CA73-40A5-A6ED-839C179DD280} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {EB058A3C-BC05-433E-B298-B48788895A33} - System32\Tasks\{7E97F875-7619-4918-AAB1-B8AE23BC214B} => pcalua.exe -a "C:\Program Files (x86)\Lenovo\Boot Optimizer\DeleteUninstall.exe" -d "C:\Program Files (x86)\Lenovo\Boot Optimizer"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\Windows\Tasks\SafeZone scheduled Autoupdate 1458663269.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-08-08 09:19 - 2015-02-04 22:29 - 00115912 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-08 09:50 - 2012-08-08 09:50 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2011-06-02 22:58 - 2011-06-02 22:58 - 00201568 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-06-02 22:59 - 2011-06-02 22:59 - 00156000 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2012-08-08 09:50 - 2012-08-08 09:50 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2012-06-21 13:23 - 2012-06-21 13:23 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2008-12-20 12:20 - 2012-08-08 09:52 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-20 01:22 - 2012-08-08 09:52 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-09 00:36 - 2012-08-08 09:52 - 00011096 _____ () C:\Program Files (x86)\Lenovo\Energy Management\cs-CZ\EMWpfUI.resources.dll
2008-12-20 12:20 - 2012-08-08 09:52 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-08-08 09:30 - 2012-02-08 04:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-08-08 09:47 - 2012-08-08 09:47 - 00099680 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2012-02-06 04:38 - 2012-02-06 04:38 - 00258936 _____ () C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe
2012-05-05 13:16 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-12-13 00:25 - 2014-12-13 00:25 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2017-07-02 15:03 - 2017-07-02 15:03 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-02 15:03 - 2017-07-02 15:03 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-02 15:03 - 2017-07-02 15:03 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-02 18:44 - 2017-07-02 18:44 - 05784984 _____ () C:\Program Files\AVAST Software\Avast\defs\17070200\algo.dll
2017-07-02 15:03 - 2017-07-02 15:03 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-02 15:03 - 2017-07-02 15:03 - 00231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2011-06-02 22:57 - 2011-06-02 22:57 - 00161120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-06-02 22:58 - 2011-06-02 22:58 - 00132448 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2013-12-07 20:39 - 2015-02-23 10:44 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2011-06-28 08:28 - 2011-06-28 08:28 - 00042496 _____ () C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\QTKB.dll
2017-07-02 15:03 - 2017-07-02 15:03 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-02 15:03 - 2017-07-02 15:03 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-02 15:03 - 2017-07-02 15:03 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-02 15:03 - 2017-07-02 15:04 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
2012-08-08 09:30 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.

IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4790 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-03-10 19:03 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-683440959-2606681586-737459993-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.108.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Intelligent Touchpad => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6D014DEC-A2C5-4995-8BE3-584F89BED619}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{511220C7-6FE3-469E-9342-7B31C15B43E1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4AB3BFA7-F5E8-49DA-BAB0-BF56820DA0C7}] => (Allow) LPort=2869
FirewallRules: [{672D39F5-5497-4838-9C24-0505855D2D82}] => (Allow) LPort=1900
FirewallRules: [{27BDB785-6C1D-459E-BA81-43EC041108D0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6B8705A8-1F40-435A-983F-0EB88EAD91FD}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A4237FF2-88A1-4282-A51B-64DE1253886F}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{435580A1-E9DF-4F55-910A-3CD8305F6DE4}] => (Allow) C:\Program Files (x86)\ICQ7.7\ICQ.exe
FirewallRules: [{A7120233-09C2-4DB3-8BC6-9EAD6211DC4D}] => (Allow) C:\Program Files (x86)\ICQ7.7\ICQ.exe
FirewallRules: [{8CD5A8B6-4568-4FBA-B23A-906340B6439C}] => (Allow) C:\Program Files (x86)\ICQ7.7\ICQ.exe
FirewallRules: [{0BC86A65-947E-4630-8691-C8F60948361D}] => (Allow) C:\Program Files (x86)\ICQ7.7\ICQ.exe
FirewallRules: [{2534CB2A-36C1-4C04-8C34-015E5FF6FC49}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{14440D45-10C1-4161-B9BE-B5534F1146E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6D690019-471C-448C-961F-4F6D386478D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F07C5053-29A5-4329-95FC-5A3027463983}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1BCB4B38-000C-4037-A2ED-E2F1BF551388}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0E30B0B5-CBAD-4357-92E5-D513C7C7576C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7C2695A0-8C9B-437F-8E27-29F969AE79F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{010BA73D-0163-4CA0-AEEE-9B1EDF7376A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E0D3B6BE-9517-45A4-8D91-9BC3510A9095}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AD5C6A9F-A570-410E-89A4-B144B6C2B9C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{642EF558-4E2E-4A81-A3E3-989C1242AB69}C:\program files (x86)\atmel\avr studio 5.1\avrstudio5.exe] => (Allow) C:\program files (x86)\atmel\avr studio 5.1\avrstudio5.exe
FirewallRules: [UDP Query User{4FBAE129-654C-469E-B31D-5F2B1808F654}C:\program files (x86)\atmel\avr studio 5.1\avrstudio5.exe] => (Allow) C:\program files (x86)\atmel\avr studio 5.1\avrstudio5.exe
FirewallRules: [{85519CF7-C5A9-488C-AD5A-271C983D340B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{0872E1DA-B38E-4E70-A3E7-5D1738A0CB69}C:\program files (x86)\icq7.7\icq.exe] => (Allow) C:\program files (x86)\icq7.7\icq.exe
FirewallRules: [UDP Query User{E0B07BF2-E711-4749-B20B-C3E521B8D32E}C:\program files (x86)\icq7.7\icq.exe] => (Allow) C:\program files (x86)\icq7.7\icq.exe
FirewallRules: [TCP Query User{418B447E-E4FB-4F5E-AB50-C8B64CB379EE}C:\program files (x86)\atmel\avr studio 5.1\avrstudio5.exe] => (Allow) C:\program files (x86)\atmel\avr studio 5.1\avrstudio5.exe
FirewallRules: [UDP Query User{6BB3BD3B-C72A-49EE-AFC0-30043AA8674D}C:\program files (x86)\atmel\avr studio 5.1\avrstudio5.exe] => (Allow) C:\program files (x86)\atmel\avr studio 5.1\avrstudio5.exe
FirewallRules: [{A393008D-2DA9-406A-A7D8-EB21188EEE0C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5D840A0B-404C-41C1-B4A2-000040A4CB3E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1A6DC258-F77B-46D4-BDCF-5486D44C1BDE}C:\games\dune-2000\dune 2000\dune2000.dat] => (Block) C:\games\dune-2000\dune 2000\dune2000.dat
FirewallRules: [UDP Query User{5BF82198-ECA5-4A59-820C-594BB8C6D30A}C:\games\dune-2000\dune 2000\dune2000.dat] => (Block) C:\games\dune-2000\dune 2000\dune2000.dat
FirewallRules: [{0B278D54-E6B0-49E0-A057-2FA5EC756DD9}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_1\SZBrowser.exe
FirewallRules: [{0E807160-68C6-4355-816E-7A8FAFD2545C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{0D494844-8D6E-4142-8282-592ACFB1C796}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A9A5BEF4-28D8-4D07-B35D-3F13FFA4F4E7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FA75B347-D548-44C1-8E16-DC6C9DFF2253}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{303EE573-6FC8-4B28-8B8D-A93A625C505E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F00CA0A3-D2F4-4D0C-BF56-E10BC770DE51}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe
FirewallRules: [{70D9E955-C832-4DED-8FE9-F98157B2C7BB}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe

==================== Restore Points =========================

12-10-2016 19:25:29 Windows Update
12-10-2016 19:51:37 Windows Update
12-10-2016 21:43:12 Windows Update
25-10-2016 20:04:08 Naplánovaný kontrolní bod
05-11-2016 10:58:37 Naplánovaný kontrolní bod
09-11-2016 19:27:35 Windows Update
21-11-2016 22:45:22 Naplánovaný kontrolní bod
26-11-2016 18:15:21 Instalace balíčku ovladače zařízení: WinPic800
04-12-2016 15:03:11 Naplánovaný kontrolní bod
14-12-2016 19:22:43 Windows Update
22-12-2016 20:02:28 Naplánovaný kontrolní bod
25-12-2016 03:26:22 Removed AVR Studio 5.1
25-12-2016 09:25:12 Installed AVR Jungo USB
25-12-2016 09:29:46 Installed AVR Studio 5.1
01-01-2017 16:42:30 Naplánovaný kontrolní bod
11-01-2017 20:02:44 Windows Update
21-01-2017 11:31:58 Naplánovaný kontrolní bod
29-01-2017 09:07:44 Naplánovaný kontrolní bod
05-02-2017 13:51:05 Naplánovaný kontrolní bod
16-02-2017 20:56:02 Naplánovaný kontrolní bod
23-02-2017 23:17:04 Windows Update
01-03-2017 19:39:39 Instalace balíčku ovladače zařízení: Avast Síťová služba
11-03-2017 08:43:32 Naplánovaný kontrolní bod
14-03-2017 20:11:41 Windows Update
15-03-2017 19:31:11 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
25-03-2017 08:34:13 Naplánovaný kontrolní bod
03-04-2017 08:09:05 Naplánovaný kontrolní bod
08-04-2017 13:28:59 Windows Update
12-04-2017 18:58:12 Windows Update
22-04-2017 08:42:33 Naplánovaný kontrolní bod
30-04-2017 15:28:09 Naplánovaný kontrolní bod
10-05-2017 22:30:00 Windows Update
23-05-2017 18:47:36 Windows Update
28-05-2017 20:33:28 ComboFix created restore point
29-05-2017 21:15:55 Operace obnovení
29-05-2017 22:36:25 Windows Update
09-06-2017 21:59:07 Naplánovaný kontrolní bod
13-06-2017 19:49:10 Windows Update
13-06-2017 20:34:33 Windows Update
14-06-2017 20:13:47 Windows Update
14-06-2017 20:24:44 Windows Update
14-06-2017 20:27:26 Windows Update
25-06-2017 12:46:48 Naplánovaný kontrolní bod
02-07-2017 14:29:52 Operace obnovení

==================== Faulty Device Manager Devices =============

Name: VBoxAsw Support Driver
Description: VBoxAsw Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VBoxAswDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2017 06:55:06 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).

Error: (07/02/2017 06:55:06 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).

Error: (07/02/2017 06:55:06 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).

Error: (07/02/2017 06:55:06 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).

Error: (07/02/2017 06:55:06 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).

Error: (07/02/2017 06:55:06 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).

Error: (07/02/2017 06:55:06 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).

Error: (07/02/2017 06:55:06 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).

Error: (07/02/2017 06:55:06 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---query POLICYVT key success failed with 0, The Code is:0x424.).

Error: (07/02/2017 06:55:06 PM) (Source: NSDSvc) (EventID: 256) (User: )
Description: An error has occurred (---Get Poicy Open key suc failed with 0, The Code is:0x422.).

System errors:
=============
Error: (07/02/2017 06:57:43 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Služba WMPNetworkSvc nebyla spuštěna správně, protože u funkce CoCreateInstance (CLSID_UPnPDeviceFinder) došlo k chybě 0x80004005. Zkontrolujte, zda je spuštěná služba UPnPHost a zda je správně nainstalována součást systému Windows UPnPHost.

Error: (07/02/2017 06:54:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Intel(R) PROSet/Wireless Zero Configuration Service byla ukončena s následující chybou:
%%-2147196306

Error: (07/02/2017 06:54:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba VBoxAsw Support Driver neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (07/02/2017 06:06:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Intel(R) PROSet/Wireless Zero Configuration Service byla ukončena s následující chybou:
%%-2147196306

Error: (07/02/2017 06:06:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba VBoxAsw Support Driver neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (07/02/2017 06:05:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Avast Antivirus neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (07/02/2017 06:05:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Avast Antivirus bylo dosaženo časového limitu (30000 ms).

Error: (07/02/2017 05:35:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (07/02/2017 05:35:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (07/02/2017 05:35:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

CodeIntegrity:
===================================
Date: 2016-11-29 17:32:10.765
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\WP800IO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-29 17:32:10.671
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\WP800IO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-28 18:36:42.123
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\WP800IO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-28 18:36:42.030
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\WP800IO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-27 07:42:54.231
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\WP800IO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-27 07:42:54.137
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\WP800IO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-26 17:26:20.853
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\WP800IO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-26 17:26:20.759
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\WP800IO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-26 17:17:41.420
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\WP800IO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-11-26 17:17:41.241
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\WP800IO.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 3955.32 MB
Available physical RAM: 2365.29 MB
Total Virtual: 7908.82 MB
Available Virtual: 6056.02 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:886.32 GB) (Free:643.83 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:20.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C70BA6D4)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=886.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)

==================== End of Addition.txt ====================

#5 Příspěvek od **Márty84** » 03 črc 2017 09:08

Postupujte podle navodu kolegy

vyosek píše: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Ulozte nejlepe na plochu

Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu

Probehne vytvoreni zalohy a nasledne prohledavani

Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Postupujte podle navodu kolegy

vyosek píše: Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Kód: Vybrat vše
autoclean;
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script

PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

DaytonC · #6 Příspěvek od **DaytonC** » 03 črc 2017 09:20

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by Roman (Administrator) on po 03.07.2017 at 10:15:30,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 32

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\{0162B46C-7D73-4CE3-ACFD-A20E9A3322AA} (Empty Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\{B4318F41-4DA7-459B-9835-B285B5F18199} (Empty Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\{C5E8B157-4039-455B-BF08-0C719852565F} (Empty Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\{D5384C8E-63DA-4F97-A3E8-2CA22DFD3BEB} (Empty Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\{DFA5F886-38BC-4D13-AA37-E555684E1574} (Empty Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\{FE936622-BBD0-4390-A9BF-BF44978D76F5} (Empty Folder)
Successfully deleted: C:\Users\Roman\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N5GIT8O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SBUTFV8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OGJX2TX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70RZP28Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7GR6JC8M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GN14F89W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GVU9K337 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KSPLGPLR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPF7RMNN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZB7XHFW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5PBW7FC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZW4AJXKD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N5GIT8O (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SBUTFV8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OGJX2TX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70RZP28Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7GR6JC8M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GN14F89W (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GVU9K337 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KSPLGPLR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPF7RMNN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZB7XHFW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5PBW7FC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZW4AJXKD (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 03.07.2017 at 10:19:24,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DaytonC · #7 Příspěvek od **DaytonC** » 03 črc 2017 10:23

Zoek se zasekl na Firefox extension 10.49 (je to asi více než 30minut a dál to nepokračuje...) co s tím?

DaytonC · #8 Příspěvek od **DaytonC** » 03 črc 2017 17:04

po 4 hodinách stále Zoek ukazoval řádek Firefox extension...takže jsem to restartoval...

nějaký jiný rychlejší nápad na opravu toho počítače by nebyl?

#9 Příspěvek od **Márty84** » 03 črc 2017 20:31

Pokud na to spechate, musite si najit nejakou placenou sluzbu (napriklad https://neslape.cz/?utm_campaign=neslap ... ium=banner ), kde se vam budou venovat hned, pripadne to provedou vsechno sami. My tu jsme jen ve svem volnem case a toho bohuzel neni moc, takze reakce nejsou okamzite a muze se to protahnout na nekolik dnu. Pokud se Zoek seknul, tak by to chtelo zkusit znovu, pripadne v nouzovem rezimu. A pak pokracovat s MBAM. Az po projeti temito skenery bych si vyzadal nove logy z FRST a odstranil bych pomoci skriptu nezadouci zbytky atd.

DaytonC · #10 Příspěvek od **DaytonC** » 03 črc 2017 23:25

FF se nesmí spustit-kod je nutné si uložit a pak spustit po restartu bez FF...jinak se to kousne u extensions

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Roman on po 03.07.2017 at 23:53:01,92.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Roman\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2017-07-03-084953.log 4376 bytes
C:\zoek-results2017-07-03-112224.log 3027 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\prefs.js:
user_pref("browser.startup.homepage", "https://user.centrum.cz/?logout=1&name= ... x?r=582786");

Added to C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\0twr3423.default-1406787227367\prefs.js:

Added to C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\0twr3423.default-1406787227367\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~3\OneKey Recovery deleted
C:\Users\Roman\AppData\Roaming\temp.ini deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Roman\AppData\Local\Unity deleted
C:\Users\Roman\AppData\LocalLow\Unity deleted
C:\Users\Roman\AppData\LocalLow\ADSRemoval deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\0twr3423.default-1406787227367
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439
- Undetermined - %ProfilePath%\extensions\sp@avast.com.xpi
- Undetermined - %ProfilePath%\extensions\wrc@avast.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439
81D6D6EE6226773449C5CBE9496EDAF6 - c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrlui.dll - Microsoft® Silverlight
FC18E6D133877BE07C753552705A5B8C - c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll - Silverlight Plug-In

==== Chromium Look ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="https://www.seznam.cz/?clid=22668"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?sourceid=i ... OH_csCZ565"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Roman\AppData\Local\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\cache2 emptied successfully
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\storage\default\https+++cs.nametests.com\cache emptied successfully
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\storage\default\https+++plus.google.com\cache emptied successfully
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\storage\default\https+++www.apost.com\cache emptied successfully
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\storage\default\https+++www.youtube.com\cache emptied successfully
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\r81zf54h.default-1431621669132\storage\default\https+++www.porndig.com\cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=109 folders=163 446270957 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Roman\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Roman\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Łt 04.07.2017 at 0:19:34,12 ======================

DaytonC · #11 Příspěvek od **DaytonC** » 04 črc 2017 01:18

táák a tady je ten MBAM
jinak vetšina jsou falešné detekce...
1. adwarecleaner občas používám
2. Ponyprog mám už ze systému dávno odinstalovaný stejně jako advancedsystemcare
3. KMP je přehrávač videa
ostatní jsou podezřelé...
----------------------------------------------
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 04.07.17
Čas skenování: 0:33
Logovací soubor: MBAM.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.1.2.1733
Verze komponentů: 1.0.160
Aktualizovat verzi balíku komponent: 1.0.2286
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Roman-PC\Roman

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 333551
Zjištěné hrozby: 6
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 1 hod, 25 min, 28 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 6
Adware.Elex, C:\FRST\QUARANTINE\C\ADWCLEANER\ADWCLEANER\QUARANTINE\C\PROGRAM FILES (X86)\XTAB\UNINSTALL.EXE.VIR, Žádná uživatelská akce, [2], [356383],1.0.2286
PUP.Optional.SkyTech, C:\FRST\QUARANTINE\C\ADWCLEANER\ADWCLEANER\QUARANTINE\C\PROGRAM FILES (X86)\XTAB\BROWSERACTION.DLL.VIR, Žádná uživatelská akce, [7496], [121663],1.0.2286
PUP.Optional.AdvancedSystemCare, C:\FRST\QUARANTINE\C\ADWCLEANER\QUARANTINE\C\USERS\ROMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\NFENGEGGDDOJHAKLDHLPJDLDDGKKJKDD\1.0.0_0\PLUGIN\ASCPLUGIN_PROTECT.DLL.VIR, Žádná uživatelská akce, [1238], [396386],1.0.2286
PUP.Optional.ASK, C:\MEPROGRAMY\KMP PLAYER\KMP.EXE, Žádná uživatelská akce, [541], [383618],1.0.2286
Ransom.CryptoWall, C:\MEPROGRAMY\PONYPROG\PONYPROG64BIT\SETUP-PONYPROGV208C.ZIP, Žádná uživatelská akce, [883], [15257],1.0.2286
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\REGISTRYDEFRAGBOOTTIME.EXE, Žádná uživatelská akce, [1238], [396386],1.0.2286

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

#12 Příspěvek od **Márty84** » 04 črc 2017 09:40

Vlastne to nejsou falesne poplachy, opravdu jde svinstvo, akorat uz zneskodnene, protoze jsou v karantenach jinych programu

Ten KMP v sobe obsahuje ASK, ale muzete ho nechat, zbytek nalezu nechte odstranit.

Pak dejte nove logy z FRST a budem mazat.

DaytonC · #13 Příspěvek od **DaytonC** » 04 črc 2017 17:22

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-07-2017 01
Ran by Roman (administrator) on ROMAN-PC (04-07-2017 18:15:41)
Running from C:\Users\Roman\Desktop
Loaded Profiles: Roman (Available Profiles: Roman)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(LENOVO) C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe
() C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(forum.viry.cz) C:\Users\Roman\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2847016 2011-11-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-11-10] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-08-08] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-08-08] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-08-08] (Lenovo(beijing) Limited)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-23] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [UpdatePRCShortCut1] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM\...\Run: [HotKeysCmds1] => C:\Windows\system32\hkcmd.exe [411056 2015-06-01] (Intel Corporation)
HKLM\...\Run: [Persistence1] => C:\Windows\system32\igfxpers.exe [453552 2015-06-01] (Intel Corporation)
HKLM\...\Run: [IgfxTray1] => C:\Windows\system32\igfxtray.exe [183216 2015-06-01] (Intel Corporation)
HKLM\...\Run: [RtHDVBg_Dolby1] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-09] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-04] (Lenovo)
HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-09] (LENOVO)
HKLM-x32\...\Run: [Lenovo EasyCamera_Monitor] => C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe [258936 2012-02-06] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2015-02-23] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2015-02-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2015-02-23] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-12-25]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.108.1
Tcpip\..\Interfaces\{1F004AE9-736A-4A9E-A206-DE238301C1BF}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{DD39D036-017D-4A2E-B4A8-4BC12D6F774B}: [DhcpNameServer] 192.168.108.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-683440959-2606681586-737459993-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-683440959-2606681586-737459993-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-683440959-2606681586-737459993-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... OH_csCZ565
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-30] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-30] (AVAST Software)

FireFox:
========
FF DefaultProfile: 778j7se6.default-1497116886439
FF ProfilePath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439 [2017-07-04]
FF NewTab: Mozilla\Firefox\Profiles\778j7se6.default-1497116886439 -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\778j7se6.default-1497116886439 -> hxxps://mail.centrum.cz/
FF Extension: (Avast SafePrice) - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\Extensions\sp@avast.com.xpi [2017-07-03]
FF Extension: (Avast Online Security) - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\Extensions\wrc@avast.com.xpi [2017-07-03]
FF Extension: (Adblock Plus) - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\778j7se6.default-1497116886439\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-06-21] ( )
FF Plugin HKU\S-1-5-21-683440959-2606681586-737459993-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Roman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

Chrome:
=======
CHR dev: Chrome dev build detected! <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-09] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-09] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-02] (Broadcom Corporation.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-06-21] (Nitro PDF Software)
S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-24] (Lenovo)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-11-29] () [File not signed]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-11-29] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-09] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-09] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158888 2017-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-09] (AVAST Software)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2016-07-31] (Highresolution Enterprises [www.highrez.co.uk])
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2015-04-17] (ITE )
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-07-04] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-07-04] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-07-04] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-07-04] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-07-04] (Malwarebytes)
R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-24] (Lenovo Corporation")
R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-22] (Lenovo Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
S3 portio; C:\Windows\System32\DRIVERS\WP800IO.sys [8664 2007-09-05] (WinPic800) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-03-27] () [File not signed]
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-04 18:15 - 2017-07-04 18:17 - 00018119 _____ C:\Users\Roman\Desktop\FRST.txt
2017-07-04 18:13 - 2017-07-04 18:13 - 00112640 _____ (forum.viry.cz) C:\Users\Roman\Desktop\FRSTLauncher.exe
2017-07-04 18:12 - 2017-07-04 18:12 - 02436096 _____ (Farbar) C:\Users\Roman\Desktop\FRST64.exe
2017-07-04 18:09 - 2017-07-04 18:09 - 00000918 _____ C:\Users\Roman\Desktop\HistComputery.lnk
2017-07-04 18:02 - 2017-07-04 18:02 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-04 02:08 - 2017-07-04 02:08 - 00002549 _____ C:\Users\Roman\Desktop\MBAM.txt
2017-07-04 00:31 - 2017-07-04 00:31 - 00188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-04 00:30 - 2017-07-04 17:26 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-04 00:30 - 2017-07-04 04:33 - 00253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-04 00:30 - 2017-07-04 04:33 - 00101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-07-04 00:30 - 2017-07-04 04:33 - 00045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-04 00:30 - 2017-07-04 00:30 - 00001838 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-04 00:30 - 2017-07-04 00:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-04 00:30 - 2017-06-27 12:06 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-04 00:28 - 2017-07-04 00:28 - 65033984 _____ (Malwarebytes ) C:\Users\Roman\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-04 00:17 - 2017-07-03 23:52 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-07-03 23:48 - 2017-07-03 23:48 - 01309184 _____ C:\Users\Roman\Desktop\zoek.exe
2017-07-03 23:47 - 2017-07-03 23:47 - 00001352 _____ C:\Users\Roman\Desktop\JRT.txt
2017-07-03 23:41 - 2017-07-03 23:41 - 01663672 _____ (Malwarebytes) C:\Users\Roman\Desktop\JRT.exe
2017-07-03 23:28 - 2017-05-09 18:55 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-03 21:59 - 2017-07-03 21:59 - 00000193 _____ C:\Users\Roman\Desktop\zoek.txt
2017-07-03 10:22 - 2017-07-04 00:11 - 00000000 ____D C:\zoek_backup
2017-06-13 20:34 - 2017-05-03 17:34 - 00094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-06-13 20:34 - 2017-05-03 17:29 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-06-13 20:34 - 2017-05-03 15:05 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-06-13 20:34 - 2017-05-03 15:05 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-06-13 20:34 - 2017-05-03 15:05 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-06-13 20:34 - 2017-05-03 15:05 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-06-13 20:34 - 2017-05-03 15:05 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-06-13 20:34 - 2017-05-03 15:05 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-06-13 20:34 - 2017-05-03 15:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-06-13 20:34 - 2017-03-23 04:06 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-06-13 19:47 - 2017-06-02 10:28 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-13 19:47 - 2017-06-02 10:28 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-13 19:47 - 2017-06-02 10:28 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-13 19:47 - 2017-06-02 10:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-13 19:47 - 2017-06-02 10:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-13 19:47 - 2017-06-02 10:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-06-13 19:47 - 2017-06-02 10:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-13 19:47 - 2017-06-02 10:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-06-13 19:47 - 2017-06-02 10:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-06-13 19:47 - 2017-06-02 10:11 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-13 19:47 - 2017-06-02 10:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-13 19:47 - 2017-06-02 10:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-13 19:47 - 2017-06-02 10:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-06-13 19:47 - 2017-06-02 10:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-13 19:47 - 2017-06-02 10:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-13 19:47 - 2017-06-02 10:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-13 19:47 - 2017-06-02 10:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-13 19:47 - 2017-06-02 10:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-06-13 19:47 - 2017-06-02 10:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-06-13 19:47 - 2017-06-02 10:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-06-13 19:47 - 2017-06-02 10:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-06-13 19:47 - 2017-06-02 09:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-13 19:47 - 2017-06-02 09:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-13 19:47 - 2017-06-02 09:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-06-13 19:47 - 2017-06-02 09:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-06-13 19:47 - 2017-05-21 06:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-06-13 19:47 - 2017-05-21 06:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-06-13 19:47 - 2017-05-21 06:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-06-13 19:47 - 2017-05-21 06:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-06-13 19:47 - 2017-05-21 06:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-06-13 19:47 - 2017-05-21 05:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-06-13 19:47 - 2017-05-21 05:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-13 19:47 - 2017-05-21 05:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-13 19:47 - 2017-05-21 05:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-13 19:47 - 2017-05-21 05:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-06-13 19:47 - 2017-05-21 05:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-06-13 19:47 - 2017-05-21 05:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-06-13 19:47 - 2017-05-16 20:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-13 19:47 - 2017-05-16 19:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-06-13 19:47 - 2017-05-14 22:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-06-13 19:47 - 2017-05-14 22:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-06-13 19:47 - 2017-05-14 22:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-06-13 19:47 - 2017-05-14 22:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-06-13 19:47 - 2017-05-14 22:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-13 19:47 - 2017-05-14 22:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-06-13 19:47 - 2017-05-14 22:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-13 19:47 - 2017-05-14 22:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-13 19:47 - 2017-05-14 22:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-13 19:47 - 2017-05-14 22:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-06-13 19:47 - 2017-05-14 22:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-06-13 19:47 - 2017-05-14 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-06-13 19:47 - 2017-05-14 22:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-13 19:47 - 2017-05-14 22:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-06-13 19:47 - 2017-05-14 22:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-06-13 19:47 - 2017-05-14 22:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-13 19:47 - 2017-05-14 22:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-13 19:47 - 2017-05-14 21:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-06-13 19:47 - 2017-05-14 21:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-13 19:47 - 2017-05-14 21:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-13 19:47 - 2017-05-14 21:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-13 19:47 - 2017-05-14 21:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-06-13 19:47 - 2017-05-14 21:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-06-13 19:47 - 2017-05-14 21:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-13 19:47 - 2017-05-14 21:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-13 19:47 - 2017-05-14 21:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-06-13 19:47 - 2017-05-14 21:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-06-13 19:47 - 2017-05-14 21:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-13 19:47 - 2017-05-14 21:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-06-13 19:47 - 2017-05-14 21:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-13 19:47 - 2017-05-14 21:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-06-13 19:47 - 2017-05-14 21:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-06-13 19:47 - 2017-05-14 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-06-13 19:47 - 2017-05-14 21:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-13 19:47 - 2017-05-14 21:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-13 19:47 - 2017-05-14 21:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-06-13 19:47 - 2017-05-14 21:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-13 19:47 - 2017-05-14 21:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-06-13 19:47 - 2017-05-14 21:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-06-13 19:47 - 2017-05-14 21:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-06-13 19:47 - 2017-05-14 21:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-06-13 19:47 - 2017-05-14 21:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-13 19:47 - 2017-05-14 21:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-06-13 19:47 - 2017-05-14 21:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-13 19:47 - 2017-05-14 21:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-13 19:47 - 2017-05-14 21:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-06-13 19:47 - 2017-05-14 20:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-06-13 19:47 - 2017-05-14 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-13 19:47 - 2017-05-14 20:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-06-13 19:47 - 2017-05-14 20:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-13 19:47 - 2017-05-14 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-06-13 19:47 - 2017-05-14 20:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-13 19:47 - 2017-05-14 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-06-13 19:47 - 2017-05-14 20:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-06-13 19:47 - 2017-05-14 20:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-06-13 19:47 - 2017-05-14 20:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-13 19:47 - 2017-05-14 20:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-06-13 19:47 - 2017-05-14 20:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-13 19:47 - 2017-05-14 20:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-06-13 19:47 - 2017-05-14 20:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-06-13 19:47 - 2017-05-14 20:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-13 19:47 - 2017-05-14 20:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-13 19:47 - 2017-05-14 20:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-13 19:47 - 2017-05-14 20:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-13 19:47 - 2017-05-14 20:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-13 19:47 - 2017-05-14 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-13 19:47 - 2017-05-12 20:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-06-13 19:47 - 2017-05-12 20:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-13 19:47 - 2017-05-12 20:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-06-13 19:47 - 2017-05-12 20:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-13 19:47 - 2017-05-12 20:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-06-13 19:47 - 2017-05-12 20:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-06-13 19:47 - 2017-05-12 20:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-13 19:47 - 2017-05-12 20:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 19:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-06-13 19:47 - 2017-05-12 19:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-06-13 19:47 - 2017-05-12 19:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-06-13 19:47 - 2017-05-12 19:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-13 19:47 - 2017-05-12 19:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-06-13 19:47 - 2017-05-12 19:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-06-13 19:47 - 2017-05-12 19:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-13 19:47 - 2017-05-12 19:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-13 19:47 - 2017-05-12 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-06-13 19:47 - 2017-05-12 19:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-06-13 19:47 - 2017-05-12 19:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-06-13 19:47 - 2017-05-12 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-06-13 19:47 - 2017-05-12 19:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 19:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 19:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 19:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-13 19:47 - 2017-05-12 18:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-13 19:47 - 2017-05-12 17:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-13 19:47 - 2017-05-12 17:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-13 19:47 - 2017-05-10 17:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-06-13 19:47 - 2017-05-10 17:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-13 19:47 - 2017-05-10 17:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-13 19:47 - 2017-05-10 17:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-06-13 19:47 - 2017-05-10 17:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-13 19:47 - 2017-05-10 17:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-13 19:47 - 2017-05-10 17:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-13 19:47 - 2017-05-10 17:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2017-06-13 19:47 - 2017-05-10 17:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-13 19:47 - 2017-05-10 17:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-13 19:47 - 2017-05-10 17:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-13 19:47 - 2017-05-10 17:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-13 19:47 - 2017-05-10 17:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-13 19:47 - 2017-05-10 17:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-13 19:47 - 2017-05-10 17:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-13 19:47 - 2017-05-10 17:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-13 19:47 - 2017-05-10 17:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-06-13 19:47 - 2017-05-10 17:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-13 19:47 - 2017-05-10 17:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-13 19:47 - 2017-05-10 17:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-13 19:47 - 2017-05-10 17:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-13 19:47 - 2017-05-10 17:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-06-13 19:47 - 2017-05-10 16:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-13 19:47 - 2017-05-09 17:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-13 19:47 - 2017-05-09 17:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-13 19:47 - 2017-05-09 17:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-06-13 19:47 - 2017-05-07 17:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-13 19:47 - 2017-05-07 17:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-06-13 19:47 - 2017-03-30 17:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-06-13 19:47 - 2017-03-30 16:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2017-06-11 11:13 - 2017-06-11 11:13 - 00000982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-06-11 11:13 - 2017-06-11 11:13 - 00000970 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-06-10 19:34 - 2017-06-10 19:35 - 46867584 _____ (Mozilla) C:\Users\Roman\Downloads\Firefox Setup 53.0.3.exe
2017-06-10 00:30 - 2017-06-10 00:30 - 04110280 _____ C:\Users\Roman\Downloads\adwcleaner_6.047.exe
2017-06-06 19:34 - 2017-06-06 19:34 - 00001129 _____ C:\Users\Roman\Desktop\EAGLE 5.11.0.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-04 18:15 - 2016-11-16 19:42 - 00000000 ____D C:\Users\Roman\AppData\LocalLow\Mozilla
2017-07-04 18:15 - 2014-11-14 21:54 - 00000000 ____D C:\FRST
2017-07-04 15:06 - 2012-08-08 08:43 - 00669116 _____ C:\Windows\system32\perfh005.dat
2017-07-04 15:06 - 2012-08-08 08:43 - 00141744 _____ C:\Windows\system32\perfc005.dat
2017-07-04 15:06 - 2009-07-14 07:13 - 01584554 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-04 15:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-07-04 11:28 - 2014-01-04 02:30 - 00158888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-07-04 09:19 - 2017-04-14 20:49 - 00000000 ____D C:\Users\Roman\AppData\Roaming\CadSoft
2017-07-04 09:19 - 2017-03-21 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-07-04 09:19 - 2017-03-15 19:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-04 09:19 - 2015-12-03 22:39 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-07-04 09:19 - 2015-05-30 19:35 - 00000000 ____D C:\AdwCleaner
2017-07-04 09:19 - 2013-12-06 20:28 - 00000000 ____D C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-07-04 09:19 - 2012-08-08 09:24 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2017-07-04 09:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-07-04 09:17 - 2014-03-29 23:35 - 00000000 ____D C:\Users\Roman\AppData\Roaming\TeamViewer
2017-07-04 09:14 - 2013-12-06 21:23 - 00000000 ____D C:\MeProgramy
2017-07-04 04:49 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-04 04:49 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-04 04:31 - 2012-08-08 09:52 - 00123961 _____ C:\Windows\system32\fastboot.set
2017-07-04 04:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-04 04:29 - 2016-11-15 20:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-07-04 04:29 - 2013-12-06 22:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-04 00:30 - 2015-02-07 09:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-04 00:06 - 2016-05-05 17:56 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458663269
2017-07-03 23:33 - 2015-01-25 00:13 - 00000000 ____D C:\ProgramData\Skype
2017-07-03 23:29 - 2017-03-21 20:18 - 00001893 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-07-03 23:28 - 2017-03-01 19:39 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-03 23:28 - 2014-01-04 02:30 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.149916052066601
2017-07-03 23:27 - 2014-01-04 02:30 - 00158368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.149911731922502
2017-07-03 23:21 - 2013-12-06 20:28 - 00000000 ____D C:\Users\Roman
2017-06-25 12:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-06-25 09:01 - 2014-03-29 23:38 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-06-16 20:17 - 2013-12-06 22:36 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-16 20:17 - 2013-12-06 22:36 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-16 20:17 - 2013-12-06 22:36 - 00004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-06-16 20:17 - 2013-12-06 22:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-16 20:17 - 2012-08-08 09:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-14 20:19 - 2012-08-08 09:29 - 01560204 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-06-13 20:47 - 2016-01-13 18:33 - 00000000 ____D C:\Windows\system32\appraiser
2017-06-13 20:09 - 2009-07-14 06:45 - 00306272 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-13 20:08 - 2013-12-07 06:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-13 20:08 - 2013-12-07 06:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-13 20:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-06-13 20:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2017-06-13 20:04 - 2013-12-07 06:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 19:54 - 2013-12-10 19:00 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-13 19:54 - 2013-12-10 19:00 - 00000000 ____D C:\Windows\system32\MRT
2017-06-12 18:53 - 2013-12-06 20:31 - 00067944 _____ C:\Users\Roman\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-10 19:37 - 2013-12-06 22:31 - 00000907 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-06-10 19:37 - 2013-12-06 22:31 - 00000895 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-06-06 19:38 - 2017-04-14 20:54 - 00000000 ____D C:\Users\Roman\Documents\eagle

==================== Files in the root of some directories =======

2014-08-19 21:23 - 2014-08-19 21:23 - 0003584 _____ () C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-08 19:38 - 2014-05-05 00:47 - 0007597 _____ () C:\Users\Roman\AppData\Local\resmon.resmoncfg
2014-06-09 18:50 - 2014-09-15 17:03 - 0026327 _____ () C:\ProgramData\LmeUSB.log
2014-06-09 18:50 - 2014-09-15 17:03 - 0025806 _____ () C:\ProgramData\LmeZJSW.log
2014-06-09 18:50 - 2014-09-15 17:03 - 0026309 _____ () C:\ProgramData\LSDmbTH.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows:nlsPreferences [0]

==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Roman\Desktop" je 9 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intelligent Touchpad
C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lenovo Registration
C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirage
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray
"C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DefaultOutboundAction REG_DWORD 0x0
DefaultInboundAction REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DefaultOutboundAction REG_DWORD 0x0
DefaultInboundAction REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

DaytonC · #14 Příspěvek od **DaytonC** » 04 črc 2017 17:27

SMAZALO se všechno to svinstvo?
...............ještě mi avast hlasí problém s výkonem
------------------------------------------------------

tady je ten additional
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017 01
Ran by Roman (04-07-2017 18:17:36)
Running from C:\Users\Roman\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-12-06 18:28:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-683440959-2606681586-737459993-500 - Administrator - Disabled)
Guest (S-1-5-21-683440959-2606681586-737459993-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-683440959-2606681586-737459993-1003 - Limited - Enabled)
Roman (S-1-5-21-683440959-2606681586-737459993-1001 - Administrator - Enabled) => C:\Users\Roman

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Aktualizace NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
AOMEI Partition Assistant Standard Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
ASIX UP v.3-22 (HKLM-x32\...\ASIX UP_is1) (Version: - ASIX s.r.o.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
AVR Jungo USB (HKLM-x32\...\{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}) (Version: 10.4 - Atmel)
AVR QTouch Studio (HKLM-x32\...\{7BE9E558-BE53-4939-9565-A0BEA2F839D0}) (Version: 4.4.1 - Atmel)
AVR Studio 5.1 (HKLM-x32\...\{D574D18C-9D52-4B4B-9647-AE6B89FD3F70}) (Version: 5.1.208 - Atmel)
Borland C++Builder 6 (HKLM-x32\...\{2864C41B-EF2D-4640-95A2-526276524519}) (Version: 6.0 - Borland Software Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
EAGLE 5.11.0 (HKLM-x32\...\EAGLE 5.11.0) (Version: 5.11.0 - CadSoft Computer GmbH)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Malwarebytes verze 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mikroC (remove only) (HKLM-x32\...\mikroC) (Version: - )
mikroPascal (remove only) (HKLM-x32\...\mikroPascal) (Version: - )
mikroPascal for AVR (remove only) (HKLM-x32\...\mikroPascal for AVR) (Version: - )
Mozilla Firefox 54.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 54.0.1 (x64 cs)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
NVIDIA Ovladače grafiky 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.20 - NVIDIA Corporation)
OpenOffice.org 2.0 (HKLM-x32\...\{5DB8BFC7-9595-49CC-BF0D-A17D3A83929A}) (Version: 2.0.9044 - OpenOffice.org)
Ovládací panel NVIDIA 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 345.20 - NVIDIA Corporation) Hidden
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.48.823.2011 - Realtek)
SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.607) (Version: 3.55.2393.607 - Avast Software) Hidden
SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.6071) (Version: 3.55.2393.607 - Avast Software) Hidden
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
State of War (HKLM-x32\...\State of War) (Version: - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78313 - TeamViewer)
Windows Driver Package - ASIX s.r.o. ASIX Development Tools Driver Package (07/10/2015 2.12.06) (HKLM\...\63179435CD5991EB4724264B890E0ED379471EE7) (Version: 07/10/2015 2.12.06 - ASIX s.r.o.)
Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll [2012-08-08] ()
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
ContextMenuHandlers01: [NPShellExtension] -> {D7ECBD0E-B8E3-4a0c-9E84-514298EFA583} => C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll [2012-06-21] ()
ContextMenuHandlers01: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ContextMenuHandlers01: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
ContextMenuHandlers03: [IkeyShlExt] -> {F1E551D1-822B-40e6-B4D8-A9B4A48AA07A} => C:\Windows\system32\SimpleExt.dll [2012-08-08] ()
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-04] (NVIDIA Corporation)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-02-15] (SugarSync, Inc.)
ContextMenuHandlers06: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {39964426-A2DF-44CF-8184-89767D3BBC60} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {5D8909C5-784E-48DA-B24E-B5B329CBEF69} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-09] (AVAST Software)
Task: {92A21680-4C8C-4651-833E-1F67691DE0A1} - System32\Tasks\SafeZone scheduled Autoupdate 1458663269 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {93D90012-EFC7-4797-A971-90D0E4893095} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {A261A537-27D9-409A-ADCF-4A4FB21DB9D5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {B75D31B9-CA73-40A5-A6ED-839C179DD280} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {EB058A3C-BC05-433E-B298-B48788895A33} - System32\Tasks\{7E97F875-7619-4918-AAB1-B8AE23BC214B} => pcalua.exe -a "C:\Program Files (x86)\Lenovo\Boot Optimizer\DeleteUninstall.exe" -d "C:\Program Files (x86)\Lenovo\Boot Optimizer"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-08-08 09:19 - 2015-02-04 22:29 - 00115912 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-06-02 22:58 - 2011-06-02 22:58 - 00201568 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-06-02 22:59 - 2011-06-02 22:59 - 00156000 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2012-08-08 09:50 - 2012-08-08 09:50 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-08-08 09:50 - 2012-08-08 09:50 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2012-06-21 13:23 - 2012-06-21 13:23 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2008-12-20 12:20 - 2012-08-08 09:52 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-20 01:22 - 2012-08-08 09:52 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-09 00:36 - 2012-08-08 09:52 - 00011096 _____ () C:\Program Files (x86)\Lenovo\Energy Management\cs-CZ\EMWpfUI.resources.dll
2012-08-08 09:30 - 2012-02-08 04:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2008-12-20 12:20 - 2012-08-08 09:52 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-08-08 09:47 - 2012-08-08 09:47 - 00099680 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2017-07-04 00:30 - 2017-06-27 12:06 - 02260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-02-06 04:38 - 2012-02-06 04:38 - 00258936 _____ () C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe
2012-05-05 13:16 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-12-13 00:25 - 2014-12-13 00:25 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2017-05-09 18:54 - 2017-05-09 18:54 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-09 18:54 - 2017-05-09 18:54 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-09 18:54 - 2017-05-09 18:54 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-03 23:29 - 2017-07-03 23:29 - 05784984 _____ () C:\Program Files\AVAST Software\Avast\defs\17070302\algo.dll
2017-05-09 18:54 - 2017-05-09 18:54 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-09 18:54 - 2017-05-09 18:54 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-07-04 13:26 - 2017-07-04 13:26 - 05784984 _____ () C:\Program Files\AVAST Software\Avast\defs\17070400\algo.dll
2011-06-02 22:57 - 2011-06-02 22:57 - 00161120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-06-02 22:58 - 2011-06-02 22:58 - 00132448 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2013-12-07 20:39 - 2015-02-23 10:44 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2011-06-28 08:28 - 2011-06-28 08:28 - 00042496 _____ () C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\QTKB.dll
2017-07-02 15:03 - 2017-05-09 18:55 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-09 18:55 - 2017-05-09 18:55 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-09 18:54 - 2017-05-09 18:54 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2012-08-08 09:30 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.

IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-683440959-2606681586-737459993-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4790 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-07-03 23:55 - 00000841 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-683440959-2606681586-737459993-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.108.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Intelligent Touchpad => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

#15 Příspěvek od **Márty84** » 04 črc 2017 21:37

Odinstalujte (pripadne smazte) veskere zbytky Google Chrome.

Odinstalujte MBAM.

Hlaseni Avastu o vykonu neberte vazne. Chtel by, abyste si ho zakoupil

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

AlternateDataStreams: C:\Windows:nlsPreferences [0]

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

VIRY.CZ

Dlouhá reakce na spuštění programu

Dlouhá reakce na spuštění programu

Re: Dlouhá reakce na spuštění programu

Re: Dlouhá reakce na spuštění programu

Re: Dlouhá reakce na spuštění programu

Re: Dlouhá reakce na spuštění programu

Re: Dlouhá reakce na spuštění programu

Re: Dlouhá reakce na spuštění programu

Re: Dlouhá reakce na spuštění programu

Re: Dlouhá reakce na spuštění programu

Re: Dlouhá reakce na spuštění programu

Re: Dlouhá reakce na spuštění programu

Re: Dlouhá reakce na spuštění programu

Re: Dlouhá reakce na spuštění programu

Re: Dlouhá reakce na spuštění programu

Re: Dlouhá reakce na spuštění programu