Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

nadmerne vyuzitie ram

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
kudliik
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 19 črc 2007 13:16

nadmerne vyuzitie ram

#1 Příspěvek od kudliik »

Zdravím, problem som uz mal raz vyrieseny.. https://forum.viry.cz/viewtopic.php?f=13&t=151502
ale.. asi 2 dni dozadu som rozbaloval archiv, v ktorom sa nachadzal malver.. ihned bol detekovany a vymazany.. pc som precistil s mbam..
vyuzitie ram v uplnej necinnosti je minimalne 45%, ak je spusteny chrome, tak az 65%..


Logfile of random's system information tool 1.15 (written by random/random)
Run by T420 at 2017-03-10 11:22:25
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 363 GB (76%) free of 477 GB
Total RAM: 3979 MB (34% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:31, on 10. 3. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\TPFanControl\TPFanControl.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files\trend micro\T420_RSITx64.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Volanie kliknutím - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Volanie kliknutím - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Lenovo Platform Service (LPlatSvc) - Unknown owner - C:\Windows\system32\LPlatSvc.exe (file missing)
O23 - Service: Lenovo Solution Center System Service (LSC.Services.SystemService) - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10272 bytes

====== Enumerating Processes ======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\winlogon.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service
"C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
C:\Windows\system32\rundll32.exe "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.FullScreenMagnifier
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe"
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.ShortcutKey
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\TPFanControl\TPFanControl.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
"C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log
C:\Program Files\CCleaner\CCleaner64.exe
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\T420\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\T420\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=56.0.2924.87 --initial-client-data=0x1c8,0x1cc,0x1d0,0x1c4,0x1d4,0x7fee1f31160,0x7fee1f31140,0x7fee1f31118
"C:\Program Files (x86)\Lenovo\System Update\SUService.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2744 --on-initialized-event-handle=632 --parent-handle=636 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/Control/AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Enabled2/InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_52/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_16/*UMA-Uniformity-Trial-50-Percent/group_01/WebFontsInterventionV2/Default/ --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,18,19,20,23,40,59,71 --gpu-vendor-id=0x8086 --gpu-device-id=0x0126 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.4229 --gpu-driver-date=5-26-2015 --service-request-channel-token=E9F90DEF1B23C199C1FC9E0034EAB4DA --mojo-platform-channel-handle=1264 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/Control/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Enabled2/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/*MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_52/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_16/*UMA-Uniformity-Trial-50-Percent/group_01/WebFontsInterventionV2/Default/ --primordial-pipe-token=A2FE4B0DF53AB33A33D69E98A7EE94E1 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=A2FE4B0DF53AB33A33D69E98A7EE94E1 --renderer-client-id=5 --mojo-platform-channel-handle=2664 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/Control/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Enabled2/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/*MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_52/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_16/*UMA-Uniformity-Trial-50-Percent/group_01/WebFontsInterventionV2/Default/ --primordial-pipe-token=BFD0F586CA0D827A51F74C9DB62214EA --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=BFD0F586CA0D827A51F74C9DB62214EA --renderer-client-id=6 --mojo-platform-channel-handle=2580 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/Control/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Enabled2/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/*MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_52/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_16/*UMA-Uniformity-Trial-50-Percent/group_01/WebFontsInterventionV2/Default/ --primordial-pipe-token=5D47DD9164AB4B8F8811CCABDFC007D4 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=5D47DD9164AB4B8F8811CCABDFC007D4 --renderer-client-id=7 --mojo-platform-channel-handle=2696 /prefetch:1
"C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe" /showasync
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/Control/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled2/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/*MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_52/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_16/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --primordial-pipe-token=7CAF815C435026C6BE9611C9B2CE549C --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=7CAF815C435026C6BE9611C9B2CE549C --renderer-client-id=13 --mojo-platform-channel-handle=5860 /prefetch:1
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
"C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/Control/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled2/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/*MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_52/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_16/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --primordial-pipe-token=C409CB5B7DA1AE494408B59F96B6ED0A --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=C409CB5B7DA1AE494408B59F96B6ED0A --renderer-client-id=19 --mojo-platform-channel-handle=3912 /prefetch:1
C:\Windows\system32\taskeng.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,*PrioritySupportedRequestsDelayable<NetDelayableH2AndQuicRequests,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/Control/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled2/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/*MetricsAndCrashSampling/OutOfReportingSample/*NetDelayableH2AndQuicRequests/Default/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_52/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_16/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsInterventionV2/Default/ --primordial-pipe-token=0E673FB8391DBC947D0723B08CB07526 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=0E673FB8391DBC947D0723B08CB07526 --renderer-client-id=33 --mojo-platform-channel-handle=3512 /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Users\T420\Desktop\RSITx64.exe"

====== Scheduled tasks folder ======

C:\Windows\system32\tasks\AutoKMS - C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\klcp_update - "%ProgramFiles(x86)%\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=30
C:\Windows\system32\tasks\McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe /prepare
C:\Windows\system32\tasks\PMTask - C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1485882644 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-70882128-2234172874-3813598217-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\TVT\TVSUUpdateTask - "C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe" /CM -search C -action INSTALL -includerebootpackages 1,3,4 -noicon -noreboot -nolicense -defaultupdate -schtask
C:\Windows\system32\tasks\TVT\TVSUUpdateTask_UserLogOn - "C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe" PendingTask
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\NCH Software\SwitchSevenDays - C:\Program Files (x86)\NCH Software\Switch\Switch.exe -sevendays
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload
C:\Windows\system32\tasks\Lenovo\Lenovo Customer Feedback Program 64 - "%ProgramFiles(x86)%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"
C:\Windows\system32\tasks\Lenovo\Lenovo Solution Center Launcher - %programfiles%\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe UpdateStatus
C:\Windows\system32\tasks\Lenovo\LSC\Lenovo Solution Center Notifications - %programfiles%\Lenovo\Lenovo Solution Center\LSCNotify.exe /show
C:\Windows\system32\tasks\Lenovo\LSC\LSCHardwareScan - "C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan
C:\Windows\system32\tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-70882128-2234172874-3813598217-1000 - "C:\Windows\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\T420\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs

=========Google Chrome=========


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=


======Registry dump ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13 229064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-27 893936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2014-01-22 881880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2016-11-15 2351920]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13 163528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-27 771816]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL [2014-01-23 707800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [2016-11-15 1743664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPFanControl"=C:\Program Files\TPFanControl\TPFanControl.exe [2013-02-02 156672]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2016-03-02 183216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2016-03-02 411056]
"Persistence"=C:\Windows\system32\igfxpers.exe [2016-03-02 453544]
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2017-01-20 2780112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2017-02-08 9363672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_470F14B13D0583F23DB957BE00EFF47E]
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2017-02-01 1116504]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-30 55808]
"PWMTRV"=rundll32 C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2013-07-02 113656]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-02-27 205512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7FF42358-ECD1-11E6-946D-64006A5CFC23}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1

====== List of files/folders created in the last 1 month ======

2017-03-10 11:06:45 ----D---- C:\ProgramData\SWCUTemp
2017-03-07 23:09:55 ----D---- C:\Users\T420\AppData\Roaming\PowerISO
2017-03-07 23:09:08 ----D---- C:\Program Files\McAfee
2017-03-07 23:07:44 ----D---- C:\Program Files (x86)\McAfee
2017-03-07 01:01:48 ----A---- C:\Windows\system32\drivers\mwac.sys
2017-03-07 01:01:48 ----A---- C:\Windows\system32\drivers\farflt.sys
2017-03-07 01:01:23 ----A---- C:\Windows\system32\drivers\MBAMChameleon.sys
2017-03-07 01:01:23 ----A---- C:\Windows\system32\drivers\mbam.sys
2017-03-07 01:01:16 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2017-03-07 01:00:51 ----A---- C:\Windows\system32\drivers\mbae64.sys
2017-03-07 01:00:35 ----D---- C:\ProgramData\Malwarebytes
2017-03-07 01:00:35 ----D---- C:\Program Files\Malwarebytes
2017-03-02 01:12:41 ----A---- C:\ComboFix.txt
2017-03-02 01:06:25 ----SHD---- C:\$RECYCLE.BIN
2017-03-01 06:34:35 ----A---- C:\Windows\zip.exe
2017-03-01 06:34:35 ----A---- C:\Windows\SWSC.exe
2017-03-01 06:34:35 ----A---- C:\Windows\SWREG.exe
2017-03-01 06:34:35 ----A---- C:\Windows\sed.exe
2017-03-01 06:34:35 ----A---- C:\Windows\PEV.exe
2017-03-01 06:34:35 ----A---- C:\Windows\NIRCMD.exe
2017-03-01 06:34:35 ----A---- C:\Windows\MBR.exe
2017-03-01 06:34:35 ----A---- C:\Windows\grep.exe
2017-03-01 06:34:10 ----D---- C:\Qoobox
2017-03-01 06:33:44 ----D---- C:\Windows\erdnt
2017-02-28 20:41:16 ----A---- C:\Windows\zoek-delete.exe
2017-02-28 20:41:14 ----D---- C:\Windows\Temp
2017-02-28 10:49:03 ----D---- C:\$AV_ASW
2017-02-28 04:24:30 ----D---- C:\zoek_backup
2017-02-27 20:24:38 ----A---- C:\Windows\system32\wksprt.exe
2017-02-27 20:24:37 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2017-02-27 20:24:37 ----A---- C:\Windows\system32\mstscax.dll
2017-02-27 20:24:36 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2017-02-27 20:24:36 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2017-02-27 20:24:36 ----A---- C:\Windows\system32\tsgqec.dll
2017-02-27 20:24:36 ----A---- C:\Windows\system32\rdvidcrl.dll
2017-02-27 20:24:30 ----A---- C:\Windows\system32\TSWbPrxy.exe
2017-02-27 20:10:11 ----A---- C:\Windows\system32\drivers\aswNetSec.sys
2017-02-27 20:09:34 ----A---- C:\Windows\system32\aswBoot.exe
2017-02-27 20:08:18 ----A---- C:\Windows\system32\drivers\aswNetNd6.sys
2017-02-26 18:40:15 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2017-02-26 18:39:59 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-02-26 18:39:59 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2017-02-26 18:39:58 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2017-02-26 18:39:52 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll
2017-02-26 18:39:52 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2017-02-26 18:39:52 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2017-02-26 18:39:52 ----A---- C:\Windows\system32\wksprtPS.dll
2017-02-26 18:39:52 ----A---- C:\Windows\system32\mstsc.exe
2017-02-26 18:39:52 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2017-02-26 18:33:10 ----D---- C:\Program Files\CONEXANT
2017-02-26 18:31:08 ----D---- C:\Program Files\Microsoft Silverlight
2017-02-26 18:31:08 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2017-02-26 18:29:22 ----A---- C:\Windows\system32\icaapi.dll
2017-02-26 18:29:21 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2017-02-26 18:27:43 ----A---- C:\Windows\system32\aepic.dll
2017-02-26 18:27:43 ----A---- C:\Windows\system32\aeinv.dll
2017-02-26 18:27:42 ----A---- C:\Windows\system32\generaltel.dll
2017-02-26 18:27:42 ----A---- C:\Windows\system32\devinv.dll
2017-02-26 18:27:42 ----A---- C:\Windows\system32\appraiser.dll
2017-02-26 18:27:41 ----A---- C:\Windows\system32\invagent.dll
2017-02-26 18:27:41 ----A---- C:\Windows\system32\CompatTelRunner.exe
2017-02-26 18:27:41 ----A---- C:\Windows\system32\centel.dll
2017-02-26 18:27:41 ----A---- C:\Windows\system32\acmigration.dll
2017-02-26 18:25:05 ----A---- C:\Windows\SYSWOW64\KBDAZE.DLL
2017-02-26 18:25:05 ----A---- C:\Windows\system32\KBDAZEL.DLL
2017-02-26 18:25:05 ----A---- C:\Windows\system32\KBDAZE.DLL
2017-02-26 18:25:04 ----A---- C:\Windows\SYSWOW64\kbdgeoqw.dll
2017-02-26 18:25:04 ----A---- C:\Windows\SYSWOW64\KBDAZEL.DLL
2017-02-26 18:25:04 ----A---- C:\Windows\system32\kbdgeoqw.dll
2017-02-26 16:50:55 ----D---- C:\Program Files\CCleaner
2017-02-26 15:30:12 ----A---- C:\Windows\system32\drivers\aswbuniva.sys
2017-02-26 15:30:11 ----A---- C:\Windows\system32\drivers\aswbloga.sys
2017-02-26 15:30:11 ----A---- C:\Windows\system32\drivers\aswbidsha.sys
2017-02-26 15:30:10 ----A---- C:\Windows\system32\drivers\aswbidsdrivera.sys
2017-02-16 10:15:04 ----D---- C:\ProgramData\NCH Software
2017-02-16 10:15:00 ----D---- C:\Program Files (x86)\NCH Software
2017-02-16 10:14:57 ----D---- C:\Users\T420\AppData\Roaming\NCH Software
2017-02-11 16:33:08 ----A---- C:\Users\T420\AppData\Roaming\CamShapes.ini
2017-02-11 16:33:08 ----A---- C:\Users\T420\AppData\Roaming\CamLayout.ini
2017-02-11 16:33:08 ----A---- C:\Users\T420\AppData\Roaming\Camdata.ini

====== List of files/folders modified in the last 1 month ======

2017-03-10 11:22:29 ----D---- C:\Program Files\trend micro
2017-03-10 11:16:22 ----D---- C:\Windows\system32\drivers
2017-03-10 11:10:22 ----D---- C:\Windows\system32\config
2017-03-10 11:08:22 ----A---- C:\Windows\SYSWOW64\log.txt
2017-03-10 11:06:45 ----D---- C:\ProgramData
2017-03-07 23:30:03 ----D---- C:\Windows\System32
2017-03-07 23:30:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-03-07 23:30:02 ----D---- C:\Windows\inf
2017-03-07 23:22:37 ----D---- C:\ProgramData\McAfee
2017-03-07 23:22:00 ----RD---- C:\Program Files
2017-03-07 23:07:44 ----RD---- C:\Program Files (x86)
2017-03-07 22:29:36 ----D---- C:\Windows\Prefetch
2017-03-07 01:08:25 ----D---- C:\Users\T420\AppData\Roaming\uTorrent
2017-03-07 01:01:25 ----D---- C:\Users\T420\AppData\Roaming\vlc
2017-03-05 20:29:28 ----D---- C:\Users\T420\AppData\Roaming\MediaMonkey
2017-03-02 15:17:16 ----D---- C:\ProgramData\AVAST Software
2017-03-02 14:05:50 ----D---- C:\Program Files (x86)\TeamViewer
2017-03-02 01:06:20 ----D---- C:\Windows
2017-03-02 01:06:20 ----A---- C:\Windows\system.ini
2017-03-02 01:06:13 ----D---- C:\Windows\system32\drivers\etc
2017-03-02 00:58:39 ----D---- C:\Windows\SYSWOW64\drivers
2017-03-02 00:58:39 ----D---- C:\Windows\SysWOW64
2017-03-02 00:58:39 ----D---- C:\Windows\AppPatch
2017-03-02 00:58:35 ----D---- C:\Program Files (x86)\Common Files
2017-03-02 00:48:19 ----SHD---- C:\System Volume Information
2017-02-27 20:25:54 ----D---- C:\Windows\winsxs
2017-02-27 20:25:37 ----D---- C:\Windows\SYSWOW64\sk-SK
2017-02-27 20:25:37 ----D---- C:\Windows\SYSWOW64\en-US
2017-02-27 20:25:37 ----D---- C:\Windows\system32\sk-SK
2017-02-27 20:25:37 ----D---- C:\Windows\system32\en-US
2017-02-27 20:24:24 ----D---- C:\Windows\system32\catroot2
2017-02-27 20:14:45 ----D---- C:\Windows\system32\Tasks
2017-02-27 20:11:08 ----D---- C:\Windows\system32\DriverStore
2017-02-26 18:54:39 ----SHD---- C:\Windows\Installer
2017-02-26 18:54:39 ----D---- C:\Config.Msi
2017-02-26 18:54:26 ----RSD---- C:\Windows\assembly
2017-02-26 18:53:11 ----D---- C:\ProgramData\Microsoft Help
2017-02-26 18:42:09 ----D---- C:\Windows\SYSWOW64\wbem
2017-02-26 18:42:09 ----D---- C:\Windows\system32\drivers\en-US
2017-02-26 18:42:08 ----D---- C:\Windows\system32\wbem
2017-02-26 18:42:06 ----SD---- C:\Windows\system32\CompatTel
2017-02-26 18:42:05 ----D---- C:\Windows\system32\appraiser
2017-02-26 18:42:02 ----RSD---- C:\Windows\Fonts
2017-02-26 18:32:31 ----SD---- C:\ProgramData\Microsoft
2017-02-26 17:02:54 ----D---- C:\Windows\SoftwareDistribution
2017-02-26 16:53:00 ----D---- C:\Windows\Panther
2017-02-26 16:53:00 ----D---- C:\Windows\Logs
2017-02-26 16:53:00 ----D---- C:\Windows\debug
2017-02-26 16:49:48 ----D---- C:\AdwCleaner
2017-02-25 03:03:42 ----D---- C:\Windows\system32\MRT
2017-02-25 03:01:12 ----AC---- C:\Windows\system32\MRT.exe
2017-02-24 22:28:34 ----D---- C:\Windows\AutoKMS
2017-02-11 15:44:35 ----D---- C:\Program Files (x86)\Native Instruments

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-02-27 189768]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-02-27 334600]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-02-27 48528]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-02-27 75704]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-02-27 337592]
R0 DzHDD64;DzHDD64; C:\Windows\System32\DRIVERS\DzHDD64.sys [2016-04-14 29512]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-02-27 309272]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-02-27 32088]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2017-02-27 461640]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-02-27 100640]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-02-27 993608]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-03-10 548928]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2013-03-04 40344]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit; \??\C:\Windows\system32\drivers\mbae64.sys [2017-02-24 77408]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2013-05-22 15472]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2016-04-14 29008]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-02-27 126600]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-02-27 162528]
R2 MBAMChameleon;MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [2017-03-10 186304]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888]
R2 TVicPort64;TVicPort64; C:\Windows\system32\drivers\TVicPort64.sys [2006-10-13 16080]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-04 166016]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2017-02-27 29432]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2012-06-04 1580704]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2015-10-29 506880]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2016-11-01 82824]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2016-03-02 5384728]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-11-07 342528]
R3 LenovoRd;LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [2009-05-11 118016]
R3 MBAMFarflt;MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [2017-03-10 111544]
R3 MBAMProtection;MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [2017-03-10 43968]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2017-03-10 251840]
R3 MBAMWebProtection;MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [2017-03-10 82208]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-11-09 57376]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-12-01 11417088]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-07-28 45296]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2014-07-28 461552]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2013-07-24 34816]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\drivers\asmthub3.sys [2012-11-08 139592]
S3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\drivers\asmtxhci.sys [2012-11-08 418632]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-02-27 38296]
S3 b06diag;Broadcom NetXtreme II Diag Driver; C:\Windows\system32\drivers\bxdiaga.sys [2012-03-08 88104]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service; C:\Windows\system32\drivers\Xeno7x64.sys [2012-02-22 157288]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2013-07-24 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2013-07-24 80384]
S3 bxfcoe;bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [2012-02-22 178216]
S3 bxois;bxois; C:\Windows\system32\drivers\bxois.sys [2012-02-22 539176]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2012-07-24 65152]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver; C:\Windows\System32\Drivers\EtronSTOR.sys [2012-07-24 32512]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2012-07-24 88832]
S3 ioatdma1;ioatdma1; C:\Windows\System32\Drivers\qd162x64.sys [2009-11-16 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2; C:\Windows\System32\Drivers\qd262x64.sys [2009-11-16 42192]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\drivers\iusb3hub.sys [2012-12-21 366216]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\drivers\iusb3xhc.sys [2012-12-21 786056]
S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2011-10-25 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2011-10-25 213504]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2013-07-24 19456]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2013-07-24 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2013-07-24 30208]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-02-27 262736]
R2 avast! Firewall;Avast Firewall Service; C:\Program Files\AVAST Software\Avast\afwServ.exe [2017-02-27 278784]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\cscsvc.dll
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
R2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [2016-11-25 192200]
R2 IBMPMSVC;Lenovo PM Service; C:\Windows\system32\ibmpmsvc.exe [2016-11-01 184408]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2014-07-09 214464]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2014-05-27 110128]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-07-02 327672]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-01-20 4355024]
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-12-15 10351856]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2014-06-10 125424]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2014-05-27 125488]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-07-02 2595832]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-02-27 7147320]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 Power Manager DBC Service;Power Manager Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2016-04-14 1668776]
R3 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2017-01-18 23416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-12 153752]
S2 LPlatSvc;Lenovo Platform Service; C:\Windows\system32\LPlatSvc.exe [2016-11-01 711256]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\appmgmts.dll
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2016-03-02 290224]
S3 DozeSvc;Lenovo Doze Mode Service; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2016-04-14 326160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-12 153752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-11-12 114688]
S3 LSC.Services.SystemService;Lenovo Solution Center System Service; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [2016-06-02 273232]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-01-25 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll" = %SystemRoot%\system32\peerdistsvc.dll
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\storsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-07-24 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-11-29 51384]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-11-29 135848]

-----------------EOF-----------------
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7320
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: nadmerne vyuzitie ram

#2 Příspěvek od altrok »

Krasny den Vam preju :bye:


:arrow: Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
kudliik
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 19 črc 2007 13:16

Re: nadmerne vyuzitie ram

#3 Příspěvek od kudliik »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by T420 (administrator) on T420-PC (10-03-2017 22:31:02)
Running from C:\Users\T420\Desktop
Loaded Profiles: T420 (Available Profiles: T420)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPFanControl] => C:\Program Files\TPFanControl\TPFanControl.exe [156672 2013-02-02] (troubadix)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-07-02] (Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-27] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-70882128-2234172874-3813598217-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
ShellExecuteHooks: No Name - {7FF42358-ECD1-11E6-946D-64006A5CFC23} - -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-27] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-27] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CABF0FD1-EA40-433B-9417-BC7C958C63F9}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-70882128-2234172874-3813598217-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-70882128-2234172874-3813598217-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-70882128-2234172874-3813598217-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-70882128-2234172874-3813598217-1000 -> {59DF3CAC-CF79-4BB9-A114-70E55AC45F25} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-27] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-27] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: vbnrj7om.default
FF ProfilePath: C:\Users\T420\AppData\Roaming\Mozilla\Firefox\Profiles\vbnrj7om.default [2017-03-10]
FF NewTab: Mozilla\Firefox\Profiles\vbnrj7om.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\vbnrj7om.default -> about:home
FF Extension: (Adblock Plus) - C:\Users\T420\AppData\Roaming\Mozilla\Firefox\Profiles\vbnrj7om.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-26]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-31]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-31]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2014-07-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2014-07-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-13] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-09-13] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\T420\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-10] <==== ATTENTION
CHR Extension: (Prezentácie Google) - C:\Users\T420\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-10]
CHR Extension: (Dokumenty Google) - C:\Users\T420\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-10]
CHR Extension: (Disk Google) - C:\Users\T420\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-10]
CHR Extension: (MEGA) - C:\Users\T420\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-03-10]
CHR Extension: (YouTube) - C:\Users\T420\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-10]
CHR Extension: (Adblock Plus) - C:\Users\T420\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-02-10]
CHR Extension: (Avast SafePrice) - C:\Users\T420\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-02-10]
CHR Extension: (Tabuľky Google) - C:\Users\T420\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-10]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\T420\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-10]
CHR Extension: (Avast Online Security) - C:\Users\T420\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\T420\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Speedtest by Ookla) - C:\Users\T420\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2017-02-10]
CHR Extension: (Gmail) - C:\Users\T420\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-10]
CHR Extension: (Chrome Media Router) - C:\Users\T420\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-02-27] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [278784 2017-02-27] (AVAST Software)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (Lenovo.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-11-25] () [File not signed]
S2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [711256 2016-11-01] (Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-01-18] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-24] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-02-27] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-27] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-27] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-27] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-27] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-02-27] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [29432 2017-02-27] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [461640 2017-02-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-27] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-02-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-02-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [548928 2017-03-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-02-27] (AVAST Software)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-11-25] (Huawei Technologies Co., Ltd.)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-10] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-10] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-10] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-10] (Malwarebytes)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
U1 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-10 22:31 - 2017-03-10 22:31 - 00019468 _____ C:\Users\T420\Desktop\FRST.txt
2017-03-10 22:29 - 2017-03-10 22:29 - 02423808 _____ (Farbar) C:\Users\T420\Desktop\FRST64.exe
2017-03-10 11:21 - 2017-03-10 11:21 - 01324032 _____ C:\Users\T420\Desktop\RSITx64.exe
2017-03-10 11:06 - 2017-03-10 11:06 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-07 23:09 - 2017-03-07 23:09 - 00000000 ____D C:\Users\T420\AppData\Roaming\PowerISO
2017-03-07 23:09 - 2017-03-07 23:09 - 00000000 ____D C:\Program Files\McAfee
2017-03-07 23:07 - 2017-03-10 11:05 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-07 23:05 - 2017-03-07 23:05 - 03898576 _____ (Power Software Ltd) C:\Users\T420\Downloads\PowerISO6-x64.exe
2017-03-07 01:01 - 2017-03-10 11:17 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-07 01:01 - 2017-03-10 11:06 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-07 01:01 - 2017-03-10 11:06 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-07 01:01 - 2017-03-10 11:06 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-07 01:01 - 2017-03-10 11:06 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-07 01:00 - 2017-03-07 01:00 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-07 01:00 - 2017-03-07 01:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-07 01:00 - 2017-03-07 01:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-07 01:00 - 2017-03-07 01:00 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-07 01:00 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-07 00:58 - 2017-03-07 01:00 - 57131432 _____ (Malwarebytes ) C:\Users\T420\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-02 01:12 - 2017-03-02 01:12 - 00031184 _____ C:\ComboFix.txt
2017-03-01 06:34 - 2017-03-02 01:12 - 00000000 ____D C:\Qoobox
2017-03-01 06:34 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2017-03-01 06:34 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2017-03-01 06:34 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-03-01 06:34 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-03-01 06:34 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-03-01 06:34 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2017-03-01 06:34 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2017-03-01 06:34 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2017-03-01 06:33 - 2017-03-02 01:04 - 00000000 ____D C:\Windows\erdnt
2017-02-28 20:43 - 2017-02-28 20:43 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2017-02-28 20:41 - 2017-02-28 19:13 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-02-28 10:49 - 2017-02-28 10:49 - 00000000 ____D C:\$AV_ASW
2017-02-28 04:24 - 2017-02-28 08:31 - 00000000 ____D C:\zoek_backup
2017-02-27 21:11 - 2017-02-27 21:11 - 00083992 _____ C:\Users\T420\Downloads\Passengers(0000281190).srt
2017-02-27 21:10 - 2017-02-27 21:10 - 00077382 _____ C:\Users\T420\Downloads\Sully(0000279967).srt
2017-02-27 20:42 - 2017-02-27 20:42 - 00000000 ____D C:\Users\T420\AppData\Local\ElevatedDiagnostics
2017-02-27 20:24 - 2015-07-16 20:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-02-27 20:24 - 2015-07-16 20:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2017-02-27 20:24 - 2015-07-16 20:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2017-02-27 20:24 - 2015-07-16 20:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-02-27 20:24 - 2015-07-16 20:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2017-02-27 20:24 - 2015-07-16 20:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2017-02-27 20:24 - 2015-07-11 14:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2017-02-27 20:24 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2017-02-27 20:11 - 2017-02-27 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-02-27 20:10 - 2017-02-27 20:08 - 00461640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-02-27 20:09 - 2017-02-27 20:09 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-27 20:08 - 2017-02-27 20:08 - 00029432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2017-02-26 18:40 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2017-02-26 18:39 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2017-02-26 18:39 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2017-02-26 18:39 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-02-26 18:39 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2017-02-26 18:39 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2017-02-26 18:39 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2017-02-26 18:39 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2017-02-26 18:39 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2017-02-26 18:39 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-02-26 18:33 - 2017-02-26 18:33 - 00000000 ____D C:\Program Files\CONEXANT
2017-02-26 18:32 - 2017-02-26 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-02-26 18:31 - 2017-02-26 18:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-02-26 18:31 - 2017-02-26 18:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-02-26 18:29 - 2015-08-05 18:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-02-26 18:29 - 2015-08-05 18:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-02-26 18:27 - 2017-02-02 17:36 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-02-26 18:27 - 2017-02-02 17:32 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-02-26 18:27 - 2017-02-02 15:06 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-02-26 18:27 - 2016-12-31 16:36 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-02-26 18:27 - 2016-12-31 16:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-02-26 18:27 - 2016-12-31 16:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-02-26 18:27 - 2016-12-31 16:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-02-26 18:27 - 2016-12-31 16:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-02-26 18:27 - 2016-12-31 16:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-02-26 18:25 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2017-02-26 18:25 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2017-02-26 18:25 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2017-02-26 18:25 - 2015-12-16 19:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2017-02-26 18:25 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2017-02-26 18:25 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2017-02-26 16:51 - 2017-02-26 16:51 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-02-26 16:50 - 2017-02-26 16:51 - 00000000 ____D C:\Program Files\CCleaner
2017-02-26 16:50 - 2017-02-26 16:50 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-26 16:50 - 2017-02-26 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-26 15:30 - 2017-03-10 22:25 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-26 15:30 - 2017-02-27 20:08 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-26 15:30 - 2017-02-27 20:08 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-26 15:30 - 2017-02-27 20:08 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-26 15:30 - 2017-02-27 20:08 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-16 10:15 - 2017-02-16 10:24 - 00000000 ____D C:\Program Files (x86)\NCH Software
2017-02-16 10:15 - 2017-02-16 10:15 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2017-02-16 10:15 - 2017-02-16 10:15 - 00000000 ____D C:\ProgramData\NCH Software
2017-02-16 10:14 - 2017-02-16 10:24 - 00000000 ____D C:\Users\T420\AppData\Roaming\NCH Software
2017-02-16 10:14 - 2017-02-16 10:23 - 00000000 ____D C:\Users\T420\Downloads\VA - the last trip 30
2017-02-11 16:33 - 2017-02-11 16:33 - 00004536 _____ C:\Users\T420\AppData\Roaming\CamStudio.cfg
2017-02-11 16:33 - 2017-02-11 16:33 - 00000408 _____ C:\Users\T420\AppData\Roaming\CamShapes.ini
2017-02-11 16:33 - 2017-02-11 16:33 - 00000408 _____ C:\Users\T420\AppData\Roaming\CamLayout.ini
2017-02-11 16:33 - 2017-02-11 16:33 - 00000052 _____ C:\Users\T420\AppData\Roaming\Camdata.ini
2017-02-11 16:32 - 2017-02-11 16:32 - 00000000 ____D C:\Users\T420\Documents\My CamStudio Videos
2017-02-11 16:32 - 2017-02-11 16:32 - 00000000 ____D C:\Users\T420\Documents\My CamStudio Temp Files
2017-02-11 16:31 - 2017-02-11 16:31 - 00000096 _____ C:\Users\T420\AppData\Roaming\version2.xml
2017-02-11 15:44 - 2017-02-11 15:44 - 00001201 _____ C:\Users\T420\Desktop\Traktor DJ Studio 3.lnk
2017-02-11 15:37 - 2017-02-11 15:37 - 00000000 ____D C:\Users\T420\AppData\Local\Native Instruments
2017-02-10 20:40 - 2017-03-10 22:31 - 00000000 ____D C:\FRST
2017-02-10 18:14 - 2017-02-10 18:46 - 00000000 ____D C:\Users\T420\AppData\Local\Ghervertherfirer
2017-02-10 18:13 - 2017-02-10 18:14 - 00000000 ____D C:\Users\T420\AppData\Local\Cohispkituly
2017-02-10 16:14 - 2017-03-05 12:55 - 00000000 ____D C:\Users\T420\Documents\Traktor3
2017-02-10 16:14 - 2017-02-11 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2017-02-10 16:14 - 2017-02-10 16:14 - 00000000 ____D C:\Users\T420\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments
2017-02-10 16:13 - 2017-02-11 15:44 - 00000000 ____D C:\Program Files (x86)\Native Instruments
2017-02-09 17:21 - 2017-02-09 17:21 - 00001024 _____ C:\.rnd
2017-02-09 13:58 - 2017-02-09 13:58 - 00000000 ____D C:\Users\T420\AppData\Local\MediaMonkey
2017-02-09 13:57 - 2017-03-05 20:29 - 00000000 ____D C:\Users\T420\AppData\Roaming\MediaMonkey
2017-02-09 13:57 - 2017-02-09 13:57 - 00001043 _____ C:\Users\Public\Desktop\MediaMonkey.lnk
2017-02-09 13:57 - 2017-02-09 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2017-02-09 13:57 - 2017-02-09 13:57 - 00000000 ____D C:\ProgramData\MediaMonkey
2017-02-09 13:57 - 2017-02-09 13:57 - 00000000 ____D C:\Program Files (x86)\MediaMonkey
2017-02-09 13:49 - 2017-02-27 20:43 - 00000000 ____D C:\Users\T420\Downloads\Filmy
2017-02-09 12:44 - 2017-03-06 22:34 - 00000000 ____D C:\Users\T420\Documents\Native Instruments
2017-02-09 12:13 - 2017-02-10 16:12 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2017-02-09 12:13 - 2017-02-09 12:15 - 00000000 ____D C:\ProgramData\Native Instruments

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-10 11:53 - 2016-12-22 17:06 - 00000000 ____D C:\Users\T420\AppData\Roaming\vlc
2017-03-10 11:22 - 2017-01-14 19:45 - 00000000 ____D C:\Program Files\trend micro
2017-03-10 11:15 - 2009-07-14 05:45 - 00023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-10 11:15 - 2009-07-14 05:45 - 00023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-10 11:13 - 2017-01-31 18:09 - 00548928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-03-10 11:08 - 2016-09-08 15:14 - 00000000 ____D C:\Users\T420\AppData\Local\Deployment
2017-03-10 11:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-07 23:30 - 2009-07-14 06:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-07 23:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-07 23:22 - 2017-01-17 10:52 - 00000000 ____D C:\ProgramData\McAfee
2017-03-07 01:08 - 2016-09-24 20:05 - 00000000 ____D C:\Users\T420\AppData\Roaming\uTorrent
2017-03-06 22:38 - 2016-12-24 13:02 - 00000000 ____D C:\Users\T420\AppData\LocalLow\uTorrent
2017-03-02 15:17 - 2017-01-31 18:07 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-02 14:05 - 2017-01-16 12:15 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-03-02 01:18 - 2016-09-08 15:14 - 00000000 ____D C:\Users\T420\AppData\Local\Apps\2.0
2017-03-02 01:06 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2017-02-28 08:31 - 2016-12-22 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-02-28 08:31 - 2016-08-26 13:13 - 00000000 ____D C:\Users\T420
2017-02-27 20:14 - 2017-01-31 18:10 - 00003924 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1485882644
2017-02-27 20:09 - 2017-01-31 18:09 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148914083520902
2017-02-27 20:09 - 2017-01-31 18:09 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-02-27 20:09 - 2017-01-31 18:09 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-02-27 20:09 - 2017-01-31 18:09 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-27 20:09 - 2017-01-31 18:08 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-27 20:09 - 2017-01-31 18:08 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-02-27 20:09 - 2017-01-31 18:08 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-27 20:08 - 2017-01-31 18:10 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-02-27 20:08 - 2017-01-31 18:08 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-26 18:56 - 2009-07-14 05:45 - 00433992 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-26 18:42 - 2016-09-19 10:32 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-02-26 18:42 - 2016-09-19 10:32 - 00000000 ____D C:\Windows\system32\appraiser
2017-02-26 16:53 - 2016-08-26 23:08 - 00000000 ____D C:\Windows\Panther
2017-02-26 16:49 - 2017-01-16 10:54 - 00000000 ____D C:\AdwCleaner
2017-02-26 15:28 - 2017-01-31 18:09 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148811943973704
2017-02-26 15:25 - 2016-08-26 13:18 - 00001945 _____ C:\Windows\epplauncher.mif
2017-02-25 03:03 - 2016-10-15 10:43 - 00000000 ____D C:\Windows\system32\MRT
2017-02-25 03:01 - 2016-10-15 10:43 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-24 22:28 - 2016-09-13 21:06 - 00000000 ____D C:\Windows\AutoKMS
2017-02-24 20:49 - 2016-09-13 21:07 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2017-02-10 20:16 - 2016-11-16 11:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-10 20:13 - 2016-11-16 13:46 - 00000000 ____D C:\Users\T420\AppData\LocalLow\Mozilla
2017-02-10 03:06 - 2016-09-13 21:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-02-10 03:05 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2017-02-09 17:29 - 2017-01-12 17:38 - 00000000 ____D C:\Windows\system32\appmgmt

==================== Files in the root of some directories =======

2017-02-11 16:33 - 2017-02-11 16:33 - 0000052 _____ () C:\Users\T420\AppData\Roaming\Camdata.ini
2017-02-11 16:33 - 2017-02-11 16:33 - 0000408 _____ () C:\Users\T420\AppData\Roaming\CamLayout.ini
2017-02-11 16:33 - 2017-02-11 16:33 - 0000408 _____ () C:\Users\T420\AppData\Roaming\CamShapes.ini
2017-02-11 16:33 - 2017-02-11 16:33 - 0004536 _____ () C:\Users\T420\AppData\Roaming\CamStudio.cfg
2014-07-09 12:01 - 2014-07-09 12:01 - 0022976 _____ (Intel Corporation) C:\Users\T420\AppData\Roaming\JomCap.dll
2017-02-11 16:31 - 2017-02-11 16:31 - 0000096 _____ () C:\Users\T420\AppData\Roaming\version2.xml
2016-12-27 04:52 - 2016-11-23 14:37 - 0000570 _____ () C:\Users\T420\AppData\Local\TroubleshooterConfig.json

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-05 10:39

==================== End of FRST.txt ============================
Nahoru
kudliik
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 19 črc 2007 13:16

Re: nadmerne vyuzitie ram

#4 Příspěvek od kudliik »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by T420 (10-03-2017 22:31:47)
Running from C:\Users\T420\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-08-26 12:13:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-70882128-2234172874-3813598217-500 - Administrator - Disabled)
Guest (S-1-5-21-70882128-2234172874-3813598217-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-70882128-2234172874-3813598217-1002 - Limited - Enabled)
T420 (S-1-5-21-70882128-2234172874-3813598217-1000 - Administrator - Enabled) => C:\Users\T420

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-70882128-2234172874-3813598217-1000\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
FastStone Image Viewer 6.1 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.1 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Spoločnosť Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HuaweiUpdateExtractor (HKLM-x32\...\{DA8738CA-93A6-4910-A264-53DF7686F397}) (Version: 0.9.9.3 - worstenbrood)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.32.0 (HKLM-x32\...\{2D793E41-F598-1014-9984-F3B169A93F79}) (Version: 1.2.32.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1211 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
KeyNote 1.6.5 (HKLM-x32\...\KeyNote_is1) (Version: - )
K-Lite Codec Pack 12.7.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.7.5 - KLCP)
Lenovo Power Management Driver (Version: 1.67.12.19 - Lenovo) Hidden
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0045 - Lenovo)
Malwarebytes verzia 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version: - Nadeo)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2013 Professional Plus (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.1 (HKLM-x32\...\{0CC33B44-9162-4853-88AD-073635C9102E}_is1) (Version: 1.4.1 - Samuel Rodberg)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Native Instruments Traktor DJ Studio 3 (HKLM-x32\...\Native Instruments Traktor DJ Studio 3) (Version: - )
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
TPFanControl v0.63 (HKLM\...\{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1) (Version: - troubadix)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-041B-0000-0000000FF1CE}_Office15.PROPLUS_{5BE22EEB-8857-43A3-9E57-85666727CA3B}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3161988) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{245EB15F-A90C-422B-9D3F-3AEEDF028CCC}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3161988) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{245EB15F-A90C-422B-9D3F-3AEEDF028CCC}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3161988) 32-Bit Edition (HKLM-x32\...\{90150000-012B-041B-0000-0000000FF1CE}_Office15.PROPLUS_{245EB15F-A90C-422B-9D3F-3AEEDF028CCC}) (Version: - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FD9681A-1E71-4EDC-AEDB-DCA3EA1C38B5} - System32\Tasks\NCH Software\SwitchSevenDays => C:\Program Files (x86)\NCH Software\Switch\Switch.exe
Task: {1D783512-CBB6-45B7-B81D-3910B6DC22CB} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {21E3CF35-A64B-4B0F-AB85-792FBEB8E139} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-27] (AVAST Software)
Task: {24A13EB4-D893-4D28-BA0C-FD0377EED56A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-31] (AVAST Software)
Task: {27B875E9-8C65-4D9C-A8D3-668F8A4A07C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {32EED79D-CBE1-4277-A556-8DE9BB5F36A0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {387B8D00-3563-4C78-A42E-787E01DFFFB0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {41C54ACF-E1D0-46C1-A403-28FC1205318B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {46248570-E076-4E78-A604-E1EEB91D3EB5} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-70882128-2234172874-3813598217-1000 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\T420\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {47D85CBA-9642-4977-95AB-8033234F408C} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-01-18] ()
Task: {598AB614-C070-4B8E-BC42-743B1394984E} - System32\Tasks\SafeZone scheduled Autoupdate 1485882644 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {61B91B94-06AC-46B0-A79C-0171ABA16538} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {686EA036-DBEC-4852-9B98-42AA06301991} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-12] (Google Inc.)
Task: {6A7EA4DE-5A9B-4770-8882-A0FA034B5C93} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {8FD615B9-29B4-46A2-A7E4-8A923EC84D6B} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-01-18] ()
Task: {96E0984A-A573-458E-9265-561E923A9165} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-12-20] ()
Task: {9916E9DB-E3F2-4754-A798-FB7DF631ED9E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {99497137-F3E4-4C77-B9A8-BEBAA3BBCD2D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-12] (Google Inc.)
Task: {9E0545CD-A980-4A7A-9DB3-97739ADB6E87} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {A08CD40D-1513-4B1D-84E2-44325A916E4D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
Task: {B697BAB6-584E-476A-BD75-645186E7B7FA} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {C805F2A7-3F98-43FB-913C-7261F72504B4} - System32\Tasks\Games\UpdateCheck_S-1-5-21-70882128-2234172874-3813598217-1000
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {F1ADFA63-62F3-4B4C-B2CC-EC4C19BA1D1B} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\T420\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData

==================== Loaded Modules (Whitelisted) ==============

2016-11-25 07:16 - 2016-11-25 07:16 - 00192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2017-03-07 01:00 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-07 01:00 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-27 20:08 - 2017-02-27 20:08 - 00162600 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-02-27 20:09 - 2017-02-27 20:09 - 00792656 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2016-08-26 14:44 - 2016-04-14 05:08 - 00107008 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-08-26 14:44 - 2016-03-02 00:52 - 00102904 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-12-16 21:03 - 2016-12-16 21:03 - 00054488 _____ () C:\Program Files\CCleaner\branding.dll
2017-01-31 23:29 - 2017-01-18 16:36 - 00023416 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2017-02-07 17:18 - 2017-02-01 10:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 17:18 - 2017-02-01 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-27 20:09 - 2017-02-27 20:09 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-10 11:07 - 2017-03-10 11:07 - 05885440 _____ () C:\Program Files\AVAST Software\Avast\defs\17030901\algo.dll
2017-02-27 20:09 - 2017-02-27 20:09 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-10 22:26 - 2017-03-10 22:26 - 05883392 _____ () C:\Program Files\AVAST Software\Avast\defs\17031001\algo.dll
2017-01-31 18:08 - 2017-01-31 18:08 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-27 20:08 - 2017-02-27 20:08 - 00290352 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-70882128-2234172874-3813598217-1000\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-03-02 01:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-70882128-2234172874-3813598217-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\T420\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: GoogleChromeAutoLaunch_470F14B13D0583F23DB957BE00EFF47E => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{77878796-3307-4B6E-8734-5F4440D1B9FA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{5F55AFBA-69BE-47C1-B9EA-E37BC69D6E4D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{850BF3A5-4897-4F72-9B52-6A6B4B6B651D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CA5AC0C6-FEAD-4D91-ABBA-0918A470D835}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FA63D730-73EE-426E-901A-E91BA7FDE1FF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{C9174EE0-09E2-40CB-A952-01361ACAD89B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{70940270-F6BD-46EC-A5C4-1AFB7FDB81FA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C820DAB2-01A7-4784-B75E-4D05EA5EEAAB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1CC2751C-3367-4D6A-9A36-0B1876393AC8}] => (Allow) C:\Users\T420\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{15BBA8A9-1D27-487C-9D79-86212C155260}] => (Allow) C:\Users\T420\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D63CEF11-3FE0-4CA5-9033-93241FCAEE1B}] => (Allow) C:\Users\T420\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{53EA8EA2-B949-46C6-84AA-1095CC8874D8}] => (Allow) C:\Users\T420\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{37AD8512-95C3-406B-8DB5-D85CC6033B96}] => (Allow) C:\Users\T420\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BE915A10-B1F5-4F62-BB0A-015848E864F6}] => (Allow) C:\Users\T420\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{F31E7AB7-FBC1-4C02-BEBC-F6B8D2FBC490}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [UDP Query User{1D3D6BF4-6417-47F3-9540-5DA6B5B75290}C:\program files (x86)\maniaplanet\maniaplanet.exe] => (Allow) C:\program files (x86)\maniaplanet\maniaplanet.exe
FirewallRules: [{D89A9A88-79B7-4C9F-B1C1-3A58AD4A8291}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{769C4B36-E178-411E-A9D0-AC7756D83B68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F9814EFB-BBEF-4894-B2BC-D390EE6A577C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9F70C3DB-A2E8-450E-88B1-D42501E11DFA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{531A7822-196D-4E4A-8B2B-1EF3231CFBFF}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{00ACD094-57C2-49A1-9393-432715FC2FA6}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{8F3BEB0A-C8BD-4A63-8FBF-B6ACE4B14F82}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{175791F3-96AA-4A66-ABEB-70C248223001}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{692CC0E8-A77E-4621-BFB2-47A65F9B2C9A}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{57FBAD04-5844-4A70-B336-173D18CB07F5}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{05360CAF-46B2-47FF-84D1-B67EF5D2B924}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
FirewallRules: [{69F03D56-B1E1-43A1-A552-3F3B232789D1}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{CE4ACD3C-2004-4388-BBD8-D0659BE7A6DF}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{BC63666C-CD63-4B12-8D5F-237584CEFE14}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{667D4DA3-7F64-4D27-8C8C-CDF479B69626}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{89BED5FE-6BFB-4D66-B6EA-3FBD586C989E}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{C578C9D7-FEFF-44E1-9F94-AF35CC860458}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{55A72F94-6A5A-4680-B40D-40D0F1250ACB}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561_0\SZBrowser.exe

==================== Restore Points =========================

28-02-2017 11:00:53 JRT Pre-Junkware Removal
28-02-2017 20:48:39 JRT Pre-Junkware Removal
02-03-2017 00:47:53 ComboFix created restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2017 11:11:28 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/10/2017 11:06:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/07/2017 11:30:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (03/07/2017 11:30:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (03/07/2017 11:22:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/07/2017 10:44:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/07/2017 10:30:32 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/06/2017 03:56:22 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/05/2017 04:10:17 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/04/2017 12:49:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/10/2017 11:05:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Lenovo Platform Service bol dosiahnutý časový limit (30000 ms).

Error: (03/09/2017 04:41:44 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba aswbIDSAgent sa po prijatí ovládacieho príkazu pred vypnutím nevypla správne.

Error: (03/07/2017 11:22:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Lenovo Platform Service bol dosiahnutý časový limit (30000 ms).

Error: (03/07/2017 11:11:57 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (03/07/2017 11:11:57 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (03/07/2017 11:11:57 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (03/07/2017 11:11:57 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (03/07/2017 11:11:57 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (03/07/2017 11:11:57 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (03/07/2017 11:11:57 PM) (Source: cdrom) (EventID: 15) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.


CodeIntegrity:
===================================
Date: 2017-03-02 00:51:16.414
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-02 00:51:16.195
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 60%
Total physical RAM: 3979.23 MB
Available physical RAM: 1584.36 MB
Total Virtual: 7956.65 MB
Available Virtual: 5191.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:354.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 57D6ADBC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7320
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: nadmerne vyuzitie ram

#5 Příspěvek od altrok »

:arrow: Malwarebytes verzia 3.0.6.1469 odinstalujte.


:arrow: Po restartu dejte vedet, jak se PC chova.



  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
ShellExecuteHooks: No Name - {7FF42358-ECD1-11E6-946D-64006A5CFC23} - -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-70882128-2234172874-3813598217-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U1 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
2017-03-10 11:22 - 2017-01-14 19:45 - 00000000 ____D C:\Program Files\trend micro
2017-02-24 22:28 - 2016-09-13 21:06 - 00000000 ____D C:\Windows\AutoKMS
2017-02-24 20:49 - 2016-09-13 21:07 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
Task: {32EED79D-CBE1-4277-A556-8DE9BB5F36A0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe 
Task: {C805F2A7-3F98-43FB-913C-7261F72504B4} - System32\Tasks\Games\UpdateCheck_S-1-5-21-70882128-2234172874-3813598217-1000
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
FirewallRules: [{69F03D56-B1E1-43A1-A552-3F3B232789D1}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{CE4ACD3C-2004-4388-BBD8-D0659BE7A6DF}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{BC63666C-CD63-4B12-8D5F-237584CEFE14}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{667D4DA3-7F64-4D27-8C8C-CDF479B69626}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{89BED5FE-6BFB-4D66-B6EA-3FBD586C989E}] => (Allow) C:\Windows\System32\rundll32.exe
CMD: dir "C:\Windows\Inf" /AD
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
kudliik
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 19 črc 2007 13:16

Re: nadmerne vyuzitie ram

#6 Příspěvek od kudliik »

10 minut necinnosti po starte - vyuzitie ram 35%

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by T420 (12-03-2017 10:13:23) Run:1
Running from C:\Users\T420\Desktop
Loaded Profiles: T420 (Available Profiles: T420)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
ShellExecuteHooks: No Name - {7FF42358-ECD1-11E6-946D-64006A5CFC23} - -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-70882128-2234172874-3813598217-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U1 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
2017-03-10 11:22 - 2017-01-14 19:45 - 00000000 ____D C:\Program Files\trend micro
2017-02-24 22:28 - 2016-09-13 21:06 - 00000000 ____D C:\Windows\AutoKMS
2017-02-24 20:49 - 2016-09-13 21:07 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
Task: {32EED79D-CBE1-4277-A556-8DE9BB5F36A0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {C805F2A7-3F98-43FB-913C-7261F72504B4} - System32\Tasks\Games\UpdateCheck_S-1-5-21-70882128-2234172874-3813598217-1000
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
FirewallRules: [{69F03D56-B1E1-43A1-A552-3F3B232789D1}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{CE4ACD3C-2004-4388-BBD8-D0659BE7A6DF}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{BC63666C-CD63-4B12-8D5F-237584CEFE14}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{667D4DA3-7F64-4D27-8C8C-CDF479B69626}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{89BED5FE-6BFB-4D66-B6EA-3FBD586C989E}] => (Allow) C:\Windows\System32\rundll32.exe
CMD: dir "C:\Windows\Inf" /AD
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{7FF42358-ECD1-11E6-946D-64006A5CFC23} => value removed successfully
HKCR\CLSID\{7FF42358-ECD1-11E6-946D-64006A5CFC23} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-70882128-2234172874-3813598217-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\lmimirr => key removed successfully
lmimirr => service removed successfully
C:\Program Files\trend micro => moved successfully
C:\Windows\AutoKMS => moved successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{32EED79D-CBE1-4277-A556-8DE9BB5F36A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32EED79D-CBE1-4277-A556-8DE9BB5F36A0} => key removed successfully
C:\Windows\System32\Tasks\AutoKMS => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C805F2A7-3F98-43FB-913C-7261F72504B4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C805F2A7-3F98-43FB-913C-7261F72504B4} => key removed successfully
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-70882128-2234172874-3813598217-1000 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-70882128-2234172874-3813598217-1000 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{69F03D56-B1E1-43A1-A552-3F3B232789D1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE4ACD3C-2004-4388-BBD8-D0659BE7A6DF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC63666C-CD63-4B12-8D5F-237584CEFE14} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{667D4DA3-7F64-4D27-8C8C-CDF479B69626} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{89BED5FE-6BFB-4D66-B6EA-3FBD586C989E} => value removed successfully

========= dir "C:\Windows\Inf" /AD =========

Volume in drive C has no label.
Volume Serial Number is AA5F-3810

Directory of C:\Windows\Inf

07. 03. 2017 23:30 <DIR> .
07. 03. 2017 23:30 <DIR> ..
12. 04. 2011 09:17 <DIR> .NET CLR Data
12. 04. 2011 09:17 <DIR> .NET CLR Networking
26. 09. 2016 20:47 <DIR> .NET CLR Networking 4.0.0.0
12. 04. 2011 09:17 <DIR> .NET Data Provider for Oracle
12. 04. 2011 09:17 <DIR> .NET Data Provider for SqlServer
26. 09. 2016 20:47 <DIR> .NET Memory Cache 4.0
12. 04. 2011 09:17 <DIR> .NETFramework
15. 12. 2016 03:06 <DIR> ASP.NET
26. 09. 2016 20:47 <DIR> ASP.NET_4.0.30319
15. 12. 2016 03:05 <DIR> aspnet_state
12. 04. 2011 09:17 <DIR> BITS
12. 04. 2011 09:17 <DIR> en-US
12. 04. 2011 09:17 <DIR> ESENT
12. 04. 2011 09:17 <DIR> MSDTC
12. 04. 2011 09:17 <DIR> MSDTC Bridge 3.0.0.0
26. 09. 2016 20:47 <DIR> MSDTC Bridge 4.0.0.0
12. 04. 2011 09:17 <DIR> PERFLIB
14. 07. 2009 06:37 <DIR> PNRPSvc
08. 09. 2016 08:57 <DIR> rdyboost
14. 07. 2009 06:37 <DIR> RemoteAccess
12. 04. 2011 09:17 <DIR> ServiceModelEndpoint 3.0.0.0
12. 04. 2011 09:17 <DIR> ServiceModelOperation 3.0.0.0
12. 04. 2011 09:17 <DIR> ServiceModelService 3.0.0.0
12. 04. 2011 09:17 <DIR> SMSvcHost 3.0.0.0
26. 09. 2016 20:47 <DIR> SMSvcHost 4.0.0.0
08. 09. 2016 08:57 <DIR> TAPISRV
12. 04. 2011 09:17 <DIR> TermService
08. 09. 2016 08:57 <DIR> UGatherer
08. 09. 2016 08:57 <DIR> UGTHRSVC
14. 07. 2009 06:37 <DIR> usbhub
12. 04. 2011 09:17 <DIR> Windows Workflow Foundation 3.0.0.0
26. 09. 2016 20:47 <DIR> Windows Workflow Foundation 4.0.0.0
07. 03. 2017 23:30 <DIR> WmiApRpl
08. 09. 2016 08:57 <DIR> wsearchidxpi
0 File(s) 0 bytes
36 Dir(s) 379˙916˙849˙152 bytes free

========= End of CMD: =========


========= dir "C:\PROGRA~1" =========

Volume in drive C has no label.
Volume Serial Number is AA5F-3810

Directory of C:\PROGRA~1

12. 03. 2017 10:13 <DIR> .
12. 03. 2017 10:13 <DIR> ..
31. 01. 2017 18:10 <DIR> AVAST Software
26. 02. 2017 16:51 <DIR> CCleaner
09. 02. 2017 12:13 <DIR> Common Files
26. 02. 2017 18:33 <DIR> CONEXANT
08. 09. 2016 08:57 <DIR> DVD Maker
15. 12. 2016 03:27 <DIR> Internet Explorer
07. 09. 2016 10:53 <DIR> Lenovo
07. 03. 2017 23:09 <DIR> McAfee
13. 09. 2016 21:29 <DIR> Microsoft Office
26. 02. 2017 18:31 <DIR> Microsoft Silverlight
14. 07. 2009 06:32 <DIR> MSBuild
14. 07. 2009 06:32 <DIR> Reference Assemblies
26. 08. 2016 14:43 <DIR> Synaptics
26. 08. 2016 14:44 <DIR> ThinkPad
26. 08. 2016 13:18 <DIR> TPFanControl
21. 12. 2016 16:59 <DIR> Unlocker
08. 09. 2016 08:57 <DIR> Windows Defender
08. 09. 2016 08:57 <DIR> Windows Mail
14. 10. 2016 02:23 <DIR> Windows Media Player
14. 07. 2009 06:32 <DIR> Windows NT
08. 09. 2016 08:57 <DIR> Windows Photo Viewer
21. 11. 2010 04:31 <DIR> Windows Portable Devices
08. 09. 2016 08:57 <DIR> Windows Sidebar
21. 12. 2016 21:39 <DIR> WinRAR
0 File(s) 0 bytes
26 Dir(s) 379˙916˙845˙056 bytes free

========= End of CMD: =========


========= dir "C:\PROGRA~2" =========

Volume in drive C has no label.
Volume Serial Number is AA5F-3810

Directory of C:\PROGRA~2

07. 03. 2017 23:07 <DIR> .
07. 03. 2017 23:07 <DIR> ..
26. 08. 2016 14:43 <DIR> Chicony Electronics Co.,Ltd
02. 03. 2017 00:58 <DIR> Common Files
12. 09. 2016 10:29 <DIR> EaseUS
13. 09. 2016 21:08 <DIR> Elaborate Bytes
01. 02. 2017 15:29 <DIR> FastStone Image Viewer
12. 01. 2017 17:05 <DIR> Google
05. 01. 2017 12:05 <DIR> HiSuite
21. 12. 2016 22:19 <DIR> HuaweiUpdateExtractor
26. 08. 2016 14:43 <DIR> Integrated Camera Driver
07. 09. 2016 10:53 <DIR> Intel
15. 12. 2016 03:27 <DIR> Internet Explorer
22. 12. 2016 17:12 <DIR> K-Lite Codec Pack
10. 10. 2016 15:44 <DIR> KeyNote
06. 02. 2017 00:48 <DIR> Lenovo
27. 12. 2016 07:29 <DIR> ManiaPlanet
10. 03. 2017 11:05 <DIR> McAfee
09. 02. 2017 13:57 <DIR> MediaMonkey
13. 09. 2016 21:30 <DIR> Microsoft Analysis Services
13. 09. 2016 21:31 <DIR> Microsoft Office
26. 02. 2017 18:31 <DIR> Microsoft Silverlight
13. 09. 2016 21:32 <DIR> Microsoft SQL Server
19. 09. 2016 04:40 <DIR> Microsoft.NET
03. 02. 2017 10:49 <DIR> Minimal ADB and Fastboot
10. 02. 2017 20:16 <DIR> Mozilla Firefox
14. 07. 2009 06:32 <DIR> MSBuild
11. 02. 2017 15:44 <DIR> Native Instruments
16. 02. 2017 10:24 <DIR> NCH Software
14. 07. 2009 06:32 <DIR> Reference Assemblies
08. 09. 2016 15:12 <DIR> Ricoh
02. 03. 2017 14:05 <DIR> TeamViewer
26. 08. 2016 14:44 <DIR> ThinkPad
22. 12. 2016 17:04 <DIR> VideoLAN
08. 09. 2016 08:57 <DIR> Windows Defender
26. 09. 2016 20:49 <DIR> Windows Mail
14. 10. 2016 02:23 <DIR> Windows Media Player
14. 07. 2009 06:32 <DIR> Windows NT
08. 09. 2016 08:57 <DIR> Windows Photo Viewer
21. 11. 2010 04:31 <DIR> Windows Portable Devices
26. 09. 2016 20:49 <DIR> Windows Sidebar
0 File(s) 0 bytes
41 Dir(s) 379˙916˙840˙960 bytes free

========= End of CMD: =========


========= dir "C:\PROGRA~3" =========

Volume in drive C has no label.
Volume Serial Number is AA5F-3810

Directory of C:\PROGRA~3

12. 03. 2017 10:12 <DIR> .
12. 03. 2017 10:12 <DIR> ..
12. 01. 2017 17:16 <DIR> AirDroid
12. 10. 2016 17:05 <DIR> Apple
12. 10. 2016 17:11 <DIR> Apple Computer
02. 03. 2017 15:17 <DIR> AVAST Software
26. 09. 2016 19:59 <DIR> Avg
24. 09. 2016 18:15 <DIR> GeoComply
07. 09. 2016 14:45 <DIR> Intel
06. 02. 2017 00:48 <DIR> Lenovo
31. 01. 2017 19:35 <DIR> ManiaPlanet
07. 03. 2017 23:22 <DIR> McAfee
26. 09. 2016 20:47 <DIR> McAfee Security Scan
09. 02. 2017 13:57 <DIR> MediaMonkey
11. 03. 2017 00:04 <DIR> Microsoft Help
13. 09. 2016 21:05 <DIR> Microsoft Toolkit
09. 02. 2017 12:15 <DIR> Native Instruments
16. 02. 2017 10:15 <DIR> NCH Software
13. 09. 2016 21:32 <DIR> regid.1991-06.com.microsoft
12. 03. 2017 10:12 <DIR> SWCUTemp
0 File(s) 0 bytes
20 Dir(s) 379˙916˙840˙960 bytes free

========= End of CMD: =========


========= dir "%localappdata%" =========

Volume in drive C has no label.
Volume Serial Number is AA5F-3810

Directory of C:\Users\T420\AppData\Local

12. 03. 2017 04:49 <DIR> .
12. 03. 2017 04:49 <DIR> ..
12. 10. 2016 17:05 <DIR> Apple
12. 10. 2016 17:12 <DIR> Apple Computer
08. 09. 2016 15:14 <DIR> Apps
27. 12. 2016 06:00 <DIR> Bluestacks
14. 09. 2016 13:40 <DIR> CEF
10. 02. 2017 18:14 <DIR> Cohispkituly
11. 03. 2017 01:15 <DIR> Deployment
27. 02. 2017 20:41 <DIR> Diagnostics
21. 12. 2016 22:19 <DIR> Downloaded Installations
27. 02. 2017 20:42 <DIR> ElevatedDiagnostics
16. 01. 2017 13:03 111˙536 GDIPFONTCACHEV1.DAT
10. 02. 2017 18:46 <DIR> Ghervertherfirer
12. 01. 2017 17:14 <DIR> Google
05. 01. 2017 12:05 <DIR> Hisuite
13. 09. 2016 22:17 <DIR> KairosPlanet
07. 10. 2016 11:54 <DIR> Lenovo
14. 09. 2016 16:05 <DIR> Macromedia
09. 02. 2017 13:58 <DIR> MediaMonkey
31. 01. 2017 19:36 <DIR> Microsoft
13. 09. 2016 21:30 <DIR> Microsoft Help
08. 09. 2016 15:18 <DIR> Mozilla
11. 02. 2017 15:37 <DIR> Native Instruments
30. 11. 2016 11:26 <DIR> PokerStars
21. 12. 2016 16:33 <DIR> PokerStars.EU
26. 08. 2016 14:39 <DIR> Programs
12. 03. 2017 10:13 <DIR> Temp
27. 12. 2016 05:42 <DIR> Troubleshooter
23. 11. 2016 14:37 570 TroubleshooterConfig.json
06. 02. 2017 17:59 <DIR> Tvsukernel
26. 09. 2016 20:04 <DIR> UCBrowser
02. 02. 2017 15:53 <DIR> VirtualStore
21. 12. 2016 22:21 <DIR> worstenbrood
2 File(s) 112˙106 bytes
32 Dir(s) 379˙916˙836˙864 bytes free

========= End of CMD: =========


========= dir "%appdata%" =========

Volume in drive C has no label.
Volume Serial Number is AA5F-3810

Directory of C:\Users\T420\AppData\Roaming

07. 03. 2017 23:09 <DIR> .
07. 03. 2017 23:09 <DIR> ..
26. 08. 2016 13:13 <DIR> Adobe
23. 01. 2017 23:04 <DIR> AirDroid
12. 10. 2016 19:45 <DIR> Apple Computer
31. 01. 2017 18:09 <DIR> AVAST Software
11. 02. 2017 16:33 52 Camdata.ini
11. 02. 2017 16:33 408 CamLayout.ini
11. 02. 2017 16:33 408 CamShapes.ini
11. 02. 2017 16:33 4˙536 CamStudio.cfg
01. 02. 2017 15:30 <DIR> FastStone
26. 08. 2016 13:13 <DIR> Identities
09. 07. 2014 12:01 22˙976 JomCap.dll
07. 10. 2016 11:54 <DIR> Lenovo
14. 09. 2016 16:05 <DIR> Macromedia
12. 04. 2011 09:28 <DIR> Media Center Programs
05. 03. 2017 20:29 <DIR> MediaMonkey
18. 09. 2016 21:56 <DIR> Microsoft Games
26. 08. 2016 13:17 <DIR> Mozilla
16. 02. 2017 10:24 <DIR> NCH Software
12. 01. 2017 17:20 <DIR> PlutoTV
07. 03. 2017 23:09 <DIR> PowerISO
10. 02. 2017 18:46 <DIR> Profiles
07. 09. 2016 14:45 <DIR> PwrMgr
12. 01. 2017 17:40 <DIR> Seznam.cz
16. 01. 2017 12:15 <DIR> TeamViewer
07. 03. 2017 01:08 <DIR> uTorrent
11. 02. 2017 16:31 96 version2.xml
10. 03. 2017 11:53 <DIR> vlc
21. 12. 2016 21:39 <DIR> WinRAR
6 File(s) 28˙476 bytes
24 Dir(s) 379˙916˙836˙864 bytes free

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21365250 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1216 B
Edge => 0 B
Chrome => 9846828 B
Firefox => 17004326 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 33125 B
LocalService => 0 B
NetworkService => 0 B
T420 => 44762725 B

RecycleBin => 0 B
EmptyTemp: => 88.7 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-03-2017 10:16:39)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected

==== End of Fixlog 10:16:39 ====
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7320
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: nadmerne vyuzitie ram

#7 Příspěvek od altrok »

V PC zadny malware nevidim a v predchozim vlaknu byl procisten velice dukladne.
A pokud nejsou dotazy ci jine problemy, je to ode mne vse.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
kudliik
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 19 črc 2007 13:16

Re: nadmerne vyuzitie ram

#8 Příspěvek od kudliik »

Dakujem :)
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7320
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: nadmerne vyuzitie ram

#9 Příspěvek od altrok »

Nemate zac, rad jsem pomohl :worship:


Mejte se krasne a treba zase nekdy :bye:
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“