VIRY.CZ

Dobrý den, prosím o kontrolu logu.
NTB je už několik dni hodně pomalý.
NTB nabíha střašně dlouho po restartu a má i problémy, vůbec načíst webové stránky.
Děkuji.

Logfile of random's system information tool 1.14 (written by random/random)
Run by Terezka at 2017-02-13 14:53:05
Microsoft Windows 10 Pro
System drive C: has 350 GB (74%) free of 476 GB
Total RAM: 3933 MB (52% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:53:19, on 13.2.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Terezka_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Viber] "C:\Users\Terezka\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [KakaoTalk] "C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe" -bystartup
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Terezka\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Terezka\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Terezka\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @oem30.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Lenovo Solution Center System Service (LSC.Services.SystemService) - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10605 bytes

======Enumerating Processes======

C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
"C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
"C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
"C:\Program Files\Lenovo\Zoom\TpScrex.exe"
"C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe"
C:\WINDOWS\Explorer.EXE
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\System32\mobsync.exe -Embedding
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe"
"C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe"
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" /FORCE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe" /showasync
C:\WINDOWS\system32\fontdrvhost.exe
"C:\WINDOWS\System32\Taskmgr.exe" /3
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="6052.5.680599904\116757837" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 6052 "\\.\pipe\gecko-crash-server-pipe.6052" tab
"C:\Users\Terezka\AppData\Local\Apps\2.0\0YX32AAD.M05\MO4NW8D6.WKB\lsb...tion_2d7b41b05b24775e_0001.0006_6c5982beb50abfca\LSB.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\WINDOWS\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}
C:\WINDOWS\system32\AUDIODG.EXE 0x378
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 640 644 652 8192 648
"C:\Users\Terezka\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\SafeZone scheduled Autoupdate 1458646701 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\WINDOWS\system32\tasks\SlimCleaner Run - "C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe" $(Arg0)
C:\WINDOWS\system32\tasks\Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\tasks\{965740E6-203A-47FD-9025-C4B8EFCDA75E} - "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.0.0.102/cs/g ... Error=1618
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition - %SystemRoot%\system32\UpgradeSubscription.exe -e
C:\WINDOWS\system32\tasks\Microsoft\Windows\Subscription\LicenseAcquisition - %SystemRoot%\system32\UpgradeSubscription.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Lenovo\Lenovo Customer Feedback Program 64 - "%ProgramFiles(x86)%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"
C:\WINDOWS\system32\tasks\Lenovo\Lenovo Solution Center Launcher - %programfiles%\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe UpdateStatus
C:\WINDOWS\system32\tasks\Lenovo\LSC\Lenovo Solution Center Notifications - %programfiles%\Lenovo\Lenovo Solution Center\LSCNotify.exe /show
C:\WINDOWS\system32\tasks\Lenovo\LSC\LSCHardwareScan - "C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan
C:\WINDOWS\system32\tasks\Lenovo\LSC\LSCHardwareScanPostpone - "C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan
C:\WINDOWS\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
C:\WINDOWS\system32\tasks\Apple\AppleSoftwareUpdate - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task

=========Mozilla firefox=========

ProfilePath - C:\Users\Terezka\AppData\Roaming\Mozilla\Firefox\Profiles\ruzecgh9.default

prefs.js - "browser.startup.homepage" - "www.google.com"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF48
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF48


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.194 Plugin
"Path"=C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon My Image Garden
"Path"=C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.121.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.194 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll


C:\Users\Terezka\AppData\Roaming\Mozilla\Firefox\Profiles\ruzecgh9.default\extensions\
adbhelper@mozilla.org
fxdevtools-adapters@mozilla.org

C:\Users\Terezka\AppData\Roaming\Mozilla\Firefox\Profiles\ruzecgh9.default\addons.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

C:\Users\Terezka\AppData\Roaming\Mozilla\Firefox\Profiles\ruzecgh9.default\extensions.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\Terezka\AppData\Roaming\Mozilla\Firefox\Profiles\ruzecgh9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ADB Helper - extension - adbhelper@mozilla.org - C:\Users\Terezka\AppData\Roaming\Mozilla\Firefox\Profiles\ruzecgh9.default\extensions\adbhelper@mozilla.org
Valence - extension - fxdevtools-adapters@mozilla.org - C:\Users\Terezka\AppData\Roaming\Mozilla\Firefox\Profiles\ruzecgh9.default\extensions\fxdevtools-adapters@mozilla.org
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Diagnostics - extension - diagnostics@mozilla.org - C:\Users\Terezka\AppData\Roaming\Mozilla\Firefox\Profiles\ruzecgh9.default\features\{d40d7c17-b91b-4256-9168-6b7663ee0150}\diagnostics@mozilla.org.xpi
Send HSTS Priming Requests - extension - hsts-priming@mozilla.org - C:\Users\Terezka\AppData\Roaming\Mozilla\Firefox\Profiles\ruzecgh9.default\features\{d40d7c17-b91b-4256-9168-6b7663ee0150}\hsts-priming@mozilla.org.xpi
Avast Online Security - webextension - wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF48
Avast SafePrice - webextension - sp@avast.com - C:\Program Files\AVAST Software\Avast\SafePrice\FF48

C:\Users\Terezka\AppData\Roaming\Mozilla\Firefox\Profiles\ruzecgh9.default\pluginreg.dat
Plugin - Adobe Acrobat - 15.23.20053.15062 - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
Plugin - Google Update - 1.3.32.7 - C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
Plugin - Java(TM) Platform SE 8 U121 - 11.121.2.13 - C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll
Plugin - Java Deployment Toolkit 8.0.1210.13 - 11.121.2.13 - C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npdeployJava1.dll
Plugin - Picasa - 3.0.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
Plugin - CANON iMAGE GATEWAY Album Plugin Utility for IJ - 5.0.0.0 - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
Plugin - Shockwave Flash - 24.0.0.194 - C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll

=========Google Chrome=========


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23 209504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23 176736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-24 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-24 186944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23 6141528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23 4445272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-02-25 10081312]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2013-05-29 60920]
"SynLenovoHelper"=C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [2015-07-28 146600]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-28 3936936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2017-01-19 176440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Viber"=C:\Users\Terezka\AppData\Local\Viber\Viber.exe [2017-01-16 43999824]
"KakaoTalk"=C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [2017-01-16 7941952]
"OneDrive"=C:\Users\Terezka\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-01-27 1517280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Terezka\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"=C:\WINDOWS\system32\cmd.exe [2016-07-16 232960]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-02-08 205512]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2014-01-17 1284680]
"IJNetworkScannerSelectorEX"=C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2014-01-15 438888]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath"=%SystemRoot%\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-02-13 14:53:06 ----D---- C:\Program Files\trend micro
2017-02-13 14:53:05 ----D---- C:\rsit
2017-02-13 14:46:31 ----D---- C:\ProgramData\SWCUTemp
2017-02-08 20:00:26 ----A---- C:\WINDOWS\system32\drivers\aswbuniva.sys
2017-02-08 20:00:26 ----A---- C:\WINDOWS\system32\drivers\aswbloga.sys
2017-02-08 20:00:26 ----A---- C:\WINDOWS\system32\drivers\aswbidsha.sys
2017-02-08 20:00:26 ----A---- C:\WINDOWS\system32\drivers\aswbidsdrivera.sys
2017-02-08 19:59:20 ----A---- C:\WINDOWS\system32\aswBoot.exe
2017-01-28 19:25:09 ----D---- C:\Program Files\iPod
2017-01-28 19:25:00 ----AD---- C:\Program Files\iTunes
2017-01-25 16:00:31 ----A---- C:\WINDOWS\SYSWOW64\poqexec.exe
2017-01-25 16:00:31 ----A---- C:\WINDOWS\system32\poqexec.exe

======List of files/folders modified in the last 1 month======

2017-02-13 14:53:06 ----RD---- C:\Program Files
2017-02-13 14:52:01 ----D---- C:\WINDOWS\Temp
2017-02-13 14:46:31 ----HD---- C:\ProgramData
2017-02-13 14:46:31 ----D---- C:\temp
2017-02-13 14:42:47 ----D---- C:\WINDOWS\Prefetch
2017-02-13 14:42:20 ----D---- C:\Users\Terezka\AppData\Roaming\ViberPC
2017-02-13 14:39:31 ----D---- C:\WINDOWS\system32\Tasks
2017-02-13 14:38:17 ----D---- C:\WINDOWS\system32\drivers
2017-02-13 14:37:29 ----D---- C:\WINDOWS\system32\sru
2017-02-13 13:57:13 ----D---- C:\WINDOWS\system32\SleepStudy
2017-02-13 13:33:55 ----SHD---- C:\WINDOWS\Installer
2017-02-13 13:33:39 ----D---- C:\Program Files (x86)\Google
2017-02-12 14:41:57 ----RD---- C:\WINDOWS\Microsoft.NET
2017-02-11 13:47:00 ----D---- C:\WINDOWS\AppReadiness
2017-02-10 15:22:30 ----SHD---- C:\System Volume Information
2017-02-10 14:00:36 ----D---- C:\WINDOWS\Logs
2017-02-10 13:02:09 ----HD---- C:\Program Files\WindowsApps
2017-02-10 12:48:02 ----D---- C:\WINDOWS\system32\LogFiles
2017-02-09 12:05:25 ----AD---- C:\Program Files (x86)\SlimCleaner
2017-02-09 11:19:37 ----DC---- C:\WINDOWS\Panther
2017-02-09 11:19:37 ----D---- C:\WINDOWS\debug
2017-02-09 11:19:37 ----D---- C:\Windows
2017-02-08 19:59:20 ----D---- C:\WINDOWS\System32
2017-02-05 19:27:19 ----D---- C:\WINDOWS\system32\config
2017-02-03 05:55:03 ----D---- C:\ProgramData\Skype
2017-02-03 05:54:41 ----RD---- C:\Program Files (x86)\Skype
2017-02-03 05:54:41 ----D---- C:\Program Files (x86)\Common Files
2017-01-28 19:49:58 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-28 19:49:58 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2017-01-28 19:25:02 ----D---- C:\Program Files\Common Files\Apple
2017-01-28 19:04:14 ----RD---- C:\Program Files (x86)
2017-01-25 16:06:49 ----D---- C:\WINDOWS\CbsTemp
2017-01-25 16:06:43 ----AD---- C:\WINDOWS\SysWOW64
2017-01-25 16:06:29 ----D---- C:\WINDOWS\WinSxS
2017-01-25 16:06:01 ----D---- C:\WINDOWS\system32\catroot2
2017-01-24 09:31:33 ----D---- C:\ProgramData\Oracle
2017-01-24 08:17:54 ----D---- C:\Program Files (x86)\Java
2017-01-24 08:16:11 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-32.dll
2017-01-16 16:14:49 ----D---- C:\WINDOWS\Tasks

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [2017-02-08 189768]
R0 aswblog;aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [2017-02-08 334600]
R0 aswbuniv;aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [2017-02-08 48528]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2017-02-08 74680]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2017-02-12 337080]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-02 48992]
R1 aswbidsdriver;aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [2017-02-08 309784]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2017-02-08 32088]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2017-02-08 100640]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2017-02-08 991496]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2017-02-08 547904]
R1 lenovo.smi;Lenovo System Interface Driver; C:\WINDOWS\system32\DRIVERS\smiifx64.sys [2013-05-22 15472]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2017-02-08 126088]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2017-02-08 162528]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R3 5U877;@oem5.inf,%USBVideo.SvcDesc%;USB Video Device; C:\WINDOWS\system32\DRIVERS\5U877.sys [2009-06-18 161024]
R3 AMPPAL;@oem17.inf,%AMPPAL.SVCDESC%;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter; C:\WINDOWS\System32\drivers\AMPPAL.sys [2011-10-19 195072]
R3 BthA2DP;@wdma_bt.inf,%BthA2DP.SvcDesc%;Bluetooth Stereo; C:\WINDOWS\system32\drivers\BthA2DP.sys [2016-09-15 168448]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys [2016-09-21 114176]
R3 BthHFAud;@wdma_bt.inf,%DISPLAY_NAME%;Bluetooth Hands-Free; C:\WINDOWS\System32\drivers\BthHfAud.sys [2016-07-16 37376]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2016-10-05 128512]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\drivers\BTHUSB.sys [2016-09-21 84992]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2016-01-25 72808]
R3 IntcHdmiAddService;@oem23.inf,%IntelHDMIDriverForHDAudio.SvcDesc%;Intel(R) High Definition Audio HDMI; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
R3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2010-12-13 174168]
R3 MQAC;@mqutil.dll,-6101; C:\WINDOWS\system32\drivers\mqac.sys [2016-09-21 175616]
R3 NETwNs64;@oem0.inf,%NIC_Service_DispName_WIN7_64%;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\WINDOWS\system32\DRIVERS\Netwsw00.sys [2015-03-12 11530144]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2016-07-16 183808]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-07-16 589824]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-07-28 33960]
R3 SynTP;@oem8.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2015-07-28 609960]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 AMPPALP;@oem2.inf,%AMPPALP_Desc%;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol; C:\WINDOWS\system32\DRIVERS\amppal.sys [2011-10-19 195072]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2016-09-15 127328]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2016-07-16 157024]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2016-07-16 141152]
S3 aswHwid;aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [2017-02-08 38296]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\drivers\BTHport.sys [2016-11-11 967168]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-08-06 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2009-08-07 408600]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2016-07-16 179040]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; %windir%\system32\svchost.exe -k apphost;"ServiceDll"=%windir%\system32\inetsrv\apphostsvc.dll
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-09-22 83768]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-02-08 262736]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CDPUserSvc_405fd;CDPUserSvc_405fd; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 IBMPMSVC;@oem30.inf,%ibm.svcDesc0%;Lenovo PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2016-01-25 170696]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-05-29 62456]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
R2 MSMQ;@mqutil.dll,-6102; C:\WINDOWS\system32\mqsvc.exe [2016-09-21 26112]
R2 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8195; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
R2 OneSyncSvc_405fd;Sync Host_405fd; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 SynTPEnhService;SynTPEnh Caller Service; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-07-28 237736]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-02-08 7142136]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2017-01-19 651576]
R3 PimIndexMaintenanceSvc_405fd;Contact Data_405fd; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\RMapi.dll
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=%SystemRoot%\System32\CDPUserSvc.dll
S2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-01-16 317400]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-07-16 52920]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll"=%SystemRoot%\system32\FrameServer.dll
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-08-12 136120]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\hvhostsvc.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\irmon.dll
S3 LSC.Services.SystemService;Lenovo Solution Center System Service; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [2016-06-02 273232]
S3 MessagingService_405fd;MessagingService_405fd; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-01-28 172488]
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-09-15 2889896]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2016-12-14 822624]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll"=%systemroot%\system32\Windows.SharedPC.AccountManager.dll

-----------------EOF-----------------

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Dobrý večer,
log dole

# AdwCleaner v6.043 - Logfile created 13/02/2017 at 20:12:17
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : Terezka - TEREZKA-PC
# Running from : C:\Users\Terezka\Desktop\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Terezka\AppData\Local\slimware utilities inc
[#] Folder deleted on reboot: C:\Users\Terezka\AppData\Local\SlimWare Utilities Inc
[-] Folder deleted: C:\ProgramData\ytd video downloader
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ytd video downloader
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Program Files (x86)\GreenTree Applications
[-] Folder deleted: C:\Program Files (x86)\SlimCleaner


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: SlimCleaner Run


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Key deleted: HKU\S-1-5-21-2137070963-678457880-824638316-1000\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-2137070963-678457880-824638316-1000\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[#] Key deleted on reboot: [x64] HKCU\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3124 Bytes] - [13/02/2017 20:12:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [3216 Bytes] - [13/02/2017 20:11:10]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3270 Bytes] ##########

Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Jo tak to je problém, nejde mi stáhnout FRSTLauncher.

Nenačte se odkaz

http://viry.xf.cz/pro_usery/FRSTLauncher.exe


The connection was reset

The connection to the server was reset while the page was loading.

The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

Dejte tedy samotný FRST: https://www.bleepingcomputer.com/downlo ... scan-tool/ .

Log FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
Ran by Terezka (administrator) on TEREZKA-PC (13-02-2017 22:42:37)
Running from C:\Users\Terezka\Desktop
Loaded Profiles: Terezka (Available Profiles: Terezka & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Viber Media S.à r.l.) C:\Users\Terezka\AppData\Local\Viber\Viber.exe
(Kakao Corp. ) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Users\Terezka\AppData\Local\Apps\2.0\0YX32AAD.M05\MO4NW8D6.WKB\lsb...tion_2d7b41b05b24775e_0001.0006_6c5982beb50abfca\LSB.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-25] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [146600 2015-07-28] (Synaptics)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-28] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-08] (AVAST Software)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-2137070963-678457880-824638316-1000\...\Run: [Viber] => C:\Users\Terezka\AppData\Local\Viber\Viber.exe [43999824 2017-01-16] (Viber Media S.à r.l.)
HKU\S-1-5-21-2137070963-678457880-824638316-1000\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [7941952 2017-01-16] (Kakao Corp. )
HKU\S-1-5-21-2137070963-678457880-824638316-1000\...\RunOnce: [Uninstall C:\Users\Terezka\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Terezka\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1556686f-3339-42d4-9ddf-9d01dc740dda}: [DhcpNameServer] 88.81.64.1 88.81.92.1
Tcpip\..\Interfaces\{35e8f5f8-36d1-483b-939f-3aecba2972b7}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{fcc748ac-ce00-4605-b494-fde1e00f7d01}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-24] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)

FireFox:
========
FF DefaultProfile: ruzecgh9.default
FF ProfilePath: C:\Users\Terezka\AppData\Roaming\Mozilla\Firefox\Profiles\ruzecgh9.default [2017-02-13]
FF Homepage: Mozilla\Firefox\Profiles\ruzecgh9.default -> www.google.com
FF Extension: (ADB Helper) - C:\Users\Terezka\AppData\Roaming\Mozilla\Firefox\Profiles\ruzecgh9.default\Extensions\adbhelper@mozilla.org [2017-01-27]
FF Extension: (Valence) - C:\Users\Terezka\AppData\Roaming\Mozilla\Firefox\Profiles\ruzecgh9.default\Extensions\fxdevtools-adapters@mozilla.org [2017-01-27]
FF Extension: (Adblock Plus) - C:\Users\Terezka\AppData\Roaming\Mozilla\Firefox\Profiles\ruzecgh9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-27]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-02-08]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-24] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-08] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-08] (AVAST Software)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-28] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-08] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-08] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-08] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-08] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-12] (AVAST Software)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-28] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-13 22:42 - 2017-02-13 22:44 - 00013853 _____ C:\Users\Terezka\Desktop\FRST.txt
2017-02-13 22:42 - 2017-02-13 22:42 - 00000000 ____D C:\FRST
2017-02-13 20:15 - 2017-02-13 20:15 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-13 20:05 - 2017-02-13 20:12 - 00000000 ____D C:\AdwCleaner
2017-02-13 20:05 - 2017-02-13 20:05 - 04015056 _____ C:\Users\Terezka\Desktop\adwcleaner_6.043.exe
2017-02-13 14:53 - 2017-02-13 14:53 - 00000000 ____D C:\rsit
2017-02-13 14:53 - 2017-02-13 14:53 - 00000000 ____D C:\Program Files\trend micro
2017-02-13 14:51 - 2017-02-13 14:51 - 02421248 _____ (Farbar) C:\Users\Terezka\Desktop\FRST64.exe
2017-02-13 14:49 - 2017-02-13 14:49 - 01323520 _____ C:\Users\Terezka\Downloads\RSITx64.exe
2017-02-13 13:33 - 2017-02-13 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-13 08:44 - 2017-02-13 08:44 - 27058393 _____ C:\Users\Terezka\Downloads\Destination B2 Grammar and Vocabulary with Answer key.pdf
2017-02-13 08:44 - 2017-02-13 08:44 - 00052696 _____ C:\Users\Terezka\Downloads\food_vocab3.pdf
2017-02-13 08:00 - 2017-02-13 08:00 - 00072895 _____ C:\Users\Terezka\Downloads\Bez názvu4.pdf
2017-02-13 08:00 - 2017-02-13 08:00 - 00041189 _____ C:\Users\Terezka\Downloads\VERB PATTERNS intermediate EXERCISE .pdf
2017-02-12 20:30 - 2017-02-12 20:30 - 00007334 _____ C:\Users\Terezka\Desktop\motivacni dopis.odt
2017-02-10 13:30 - 2017-02-10 13:30 - 00049275 _____ C:\Users\Terezka\Desktop\maturita.pdf
2017-02-10 12:44 - 2017-02-10 20:12 - 00015010 _____ C:\Users\Terezka\Desktop\maturita.odt
2017-02-08 20:00 - 2017-02-13 14:46 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-08 20:00 - 2017-02-08 19:57 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-08 20:00 - 2017-02-08 19:57 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-08 20:00 - 2017-02-08 19:57 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-08 20:00 - 2017-02-08 19:57 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-08 19:59 - 2017-02-08 19:59 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-02-08 08:24 - 2017-02-08 08:24 - 00000000 ____D C:\Users\Terezka\Downloads\Speaking
2017-02-08 08:24 - 2017-02-08 08:24 - 00000000 ____D C:\Users\Terezka\Downloads\Read&Write
2017-02-08 08:24 - 2017-02-08 08:24 - 00000000 ____D C:\Users\Terezka\Downloads\Listening
2017-02-08 08:21 - 2017-02-08 08:22 - 24656295 _____ C:\Users\Terezka\Downloads\23318-preliminary-sample-paper-6.zip
2017-02-06 22:39 - 2017-02-06 22:39 - 00355817 _____ C:\Users\Terezka\Downloads\ucj-ks-ang-rozvrh 1.rocnik MGR 6.2.2017.pdf
2017-02-06 11:10 - 2017-02-06 11:10 - 00000000 ____D C:\Users\Terezka\AppData\LocalLow\Temp
2017-02-06 10:35 - 2017-02-06 10:41 - 112401277 _____ C:\Users\Terezka\Downloads\TATKA.odp
2017-01-28 19:26 - 2017-01-28 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-28 19:25 - 2017-01-28 19:26 - 00000000 ____D C:\Program Files\iTunes
2017-01-28 19:25 - 2017-01-28 19:25 - 00000000 ____D C:\Program Files\iPod
2017-01-28 19:19 - 2017-01-28 19:20 - 00000000 ____D C:\Users\Terezka\AppData\Local\MicrosoftEdge
2017-01-27 08:52 - 2017-01-27 08:57 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-25 16:00 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 16:00 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-25 11:54 - 2017-01-25 14:21 - 00025109 _____ C:\Users\Terezka\Desktop\Japanese.odt
2017-01-24 08:07 - 2017-01-24 08:07 - 00000000 ____D C:\Users\Terezka\AppData\Local\Viber
2017-01-22 19:18 - 2017-01-22 19:21 - 00031802 _____ C:\Users\Terezka\Desktop\článek-únor-2017beta.odt
2017-01-16 16:11 - 2017-01-16 16:11 - 00000000 ____D C:\Users\Terezka\AppData\LocalLow\Google
2017-01-16 16:09 - 2017-01-16 16:14 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-13 22:41 - 2016-11-23 23:21 - 00000000 ____D C:\Users\Terezka\AppData\LocalLow\Mozilla
2017-02-13 22:40 - 2016-09-21 13:38 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-13 20:16 - 2015-08-31 08:32 - 00000000 ____D C:\Users\Terezka\AppData\Roaming\ViberPC
2017-02-13 20:13 - 2016-09-21 14:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-13 20:12 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-13 15:45 - 2015-01-26 09:44 - 00000000 ____D C:\Users\Terezka\Desktop\zástupci
2017-02-13 14:46 - 2015-05-28 20:49 - 00000000 ____D C:\temp
2017-02-13 14:43 - 2015-01-26 10:16 - 00000000 ____D C:\Users\Terezka\Documents\ViberDownloads
2017-02-13 14:39 - 2016-09-21 14:24 - 00004012 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458646701
2017-02-13 14:39 - 2016-03-22 12:38 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-13 13:33 - 2015-01-25 14:21 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-12 08:00 - 2015-01-25 16:19 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-02-11 13:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 13:02 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-09 11:19 - 2016-09-21 23:36 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-08 19:59 - 2015-01-25 16:19 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-08 19:59 - 2015-01-25 16:19 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-08 19:59 - 2015-01-25 16:19 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-08 19:59 - 2015-01-25 16:19 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-08 19:59 - 2015-01-25 16:19 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-08 19:59 - 2015-01-25 16:19 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-02-08 19:58 - 2016-03-22 12:38 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-02-08 19:58 - 2015-01-25 16:19 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-05 21:29 - 2015-01-25 14:53 - 00000000 ____D C:\Users\Terezka\Documents\Bluetooth Exchange Folder
2017-02-05 18:52 - 2015-05-13 11:52 - 00000000 ____D C:\Users\Terezka\Documents\Manga
2017-02-03 05:55 - 2015-01-26 09:59 - 00000000 ____D C:\ProgramData\Skype
2017-02-03 05:54 - 2015-12-24 09:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-01-31 00:32 - 2015-01-26 10:58 - 00000000 ____D C:\Users\Terezka\Documents\Angličtina Opava
2017-01-28 19:49 - 2016-11-20 14:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 19:49 - 2015-04-09 05:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-28 19:38 - 2015-01-25 14:21 - 00000000 ____D C:\Users\Terezka\AppData\Local\Google
2017-01-28 19:25 - 2015-01-26 09:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-27 17:43 - 2016-09-21 14:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-01-27 08:57 - 2016-06-30 11:12 - 00002409 _____ C:\Users\Terezka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 08:57 - 2016-06-30 11:12 - 00000000 ___RD C:\Users\Terezka\OneDrive
2017-01-25 16:06 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 09:31 - 2015-01-26 09:44 - 00000000 ____D C:\ProgramData\Oracle
2017-01-24 08:17 - 2015-01-26 09:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-24 08:17 - 2015-01-26 09:44 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-24 08:16 - 2015-01-26 09:45 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-24 00:06 - 2016-05-26 06:50 - 00000000 ____D C:\Users\Terezka\Documents\KakaoTalk Downloads
2017-01-22 18:12 - 2015-06-09 06:35 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-16 16:14 - 2016-09-21 14:24 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2014-08-13 09:15 - 2014-08-13 09:15 - 118463883 _____ () C:\Program Files\openoffice1.cab
2014-08-13 09:13 - 2014-08-13 09:13 - 2306048 _____ () C:\Program Files\openoffice411.msi
2014-08-13 09:13 - 2014-08-13 09:13 - 0478720 _____ () C:\Program Files\setup.exe
2014-08-13 09:13 - 2014-08-13 09:13 - 0000279 _____ () C:\Program Files\setup.ini
2015-01-25 21:00 - 2015-11-19 14:38 - 0007597 _____ () C:\Users\Terezka\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-11 14:37

==================== End of FRST.txt ============================

Plus mi tam vyskočil i nějaky druhý log, tak přidávám i ten.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
Ran by Terezka (13-02-2017 22:45:38)
Running from C:\Users\Terezka\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-21 13:29:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2137070963-678457880-824638316-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2137070963-678457880-824638316-503 - Limited - Disabled)
Guest (S-1-5-21-2137070963-678457880-824638316-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2137070963-678457880-824638316-1002 - Limited - Enabled)
Terezka (S-1-5-21-2137070963-678457880-824638316-1000 - Administrator - Enabled) => C:\Users\Terezka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
BisonCam Twain Pro (HKLM-x32\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.5 - Bison WebCam Ap)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
calibre 64bit (HKLM\...\{D7533406-78CD-4C2F-B363-D7224851720E}) (Version: 2.71.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.00 - Canon Inc.)
Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MG2900 series User Registration (HKLM-x32\...\Canon MG2900 series User Registration) (Version: - ‭Canon Inc.)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
DomDomSoft Manga Downloader (remove only) (HKLM-x32\...\DomDomSoft Manga Downloader) (Version: - )
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Freemore MP3 Cutter 3.8.1 (HKLM-x32\...\Freemore MP3 Cutter_is1) (Version: - FreeMoreSoft, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.0.1.2 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.0.1.2 - RICOH)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.55.0 - JMicron Technology Corp.)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.5.2.1427 - Kakao Corp.)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo BatteryGauge (HKLM\...\{CBEDEC16-C4F5-4255-99E4-5884EFEDD1BC}) (Version: 1.0.045.00 - Lenovo)
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.11.08 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-2137070963-678457880-824638316-1000\...\dda9ca0b023f4c56) (Version: 1.6.3.5 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2137070963-678457880-824638316-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-GB)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MP3 Cut 5.0.0 (HKLM-x32\...\1A455290-CCE1-400A-B40C-BA562A3804F5_is1) (Version: - Accmeware Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.01 - )
OpenOffice 4.1.3 (HKLM-x32\...\{7308600A-5231-459C-A3E2-A637F842CACA}) (Version: 4.13.9783 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6053 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.527 (x32 Version: 3.55.2393.527 - Avast Software) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.13 - )
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
Viber (HKU\S-1-5-21-2137070963-678457880-824638316-1000\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2137070963-678457880-824638316-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Terezka\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {068E07F2-E7F8-4B56-B352-9F5228366494} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0D23E298-D3C9-488D-922F-4BCC8C9668FC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {0D667367-2C85-47F1-8F79-9B15B876C2F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {0E0C9745-E8F7-4E2E-AC64-242CB80B0B56} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {1495FD05-C93E-409F-8CC4-08EF11B33401} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1796D1B3-10A4-482A-A0FB-490145107551} - System32\Tasks\SafeZone scheduled Autoupdate 1458646701 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-03] (Avast Software)
Task: {1D209342-A80C-41C8-A9A9-718ECEEE844D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {278DDCAF-7CAB-442B-B9DD-20399A6D6EEC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {3374522C-F5BC-4C43-ACD4-6BF6BB05D857} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {34CAEE0D-7082-4764-B196-67CA25348007} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {3D0CE301-E415-4EC7-90EB-E69A69BF556D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {46C5ABB2-7EA8-45AF-ACA4-21610380207B} - System32\Tasks\{965740E6-203A-47FD-9025-C4B8EFCDA75E} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/cs/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {4C6B9B21-DA5E-45FF-8C84-1CF56BC04728} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-08] (AVAST Software)
Task: {4D6E59DC-1B32-448B-BE03-243F4594ABF3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5671C79C-E1A2-4BDF-9CC6-405103ABD0D2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {578050FD-73A5-45C2-AD7C-2BA4ECB77A06} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {57C4E9D2-E603-4290-9CF8-1E4695E52049} - \Lenovo\Lenovo Service Bridge\S-1-5-21-2137070963-678457880-824638316-1000 -> No File <==== ATTENTION
Task: {5DF2F1A8-EA99-4FE8-83B8-3862849E8BC5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {67F6DD0A-1152-4C0C-BCCC-AE8BFF27A583} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-16] (Google Inc.)
Task: {6A29F748-AB31-453F-A77B-58D76EC40E73} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {6D9C2527-8DF2-4106-86C9-41CC311B3074} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {73EFDE9D-EA73-482B-9726-B61AA9B7EFDE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7DEF0034-B8D7-4242-B62D-11D727E20DD4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {818068EA-ED76-4B76-BC9F-10FB1FDBD450} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {84DFE17D-7AE2-4147-A2BB-4D06A04B41B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-16] (Google Inc.)
Task: {90B5AA46-6041-4C75-908F-893F6A738A9E} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {910C4B1F-A7BC-424F-883D-F1896A0D19A1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {A27D3FF4-FD34-45EF-BD24-DB7DAA900B5F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {A7C7CAD3-BFBC-400A-B3CA-3879D74362A5} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {A848F47A-F254-4BE6-9945-1482579C6AD0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {A9568132-4995-410D-B7BD-81820A1B0B72} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B15E6C8D-AF0D-461E-B98E-4569DAC51A69} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B2402C47-DF86-403B-995D-0BD0A027E112} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {B3F547B2-E872-4258-8CAA-9452E94E7B32} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {B935F71E-840A-4AE1-8D93-A47E8D2E24D9} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {B95C0DB5-456E-4AAE-A08C-4EF971AF855A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BD352B4D-A15D-4642-8913-B22A2ACC4493} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {BE0D5AA2-64AE-4D8D-8091-EB9F383A6B3B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {BE864D57-7972-4DCD-B5BB-67C8D46A7811} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {C2FA5B14-E3DA-4072-BFA7-8109968FEABB} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {C8A976C8-A4CD-4FD3-A42C-4FBDDB4662F9} - \PMTask -> No File <==== ATTENTION
Task: {C9E97FCA-5693-4ED7-8A6A-B4F592D3808B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {D32854F9-3725-48D0-BCC6-C4F6F6C5804D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {DCDA570C-A68D-4686-B083-954A41B5F15E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E3D6C04A-35C6-4165-A91E-174007E2345B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {E4D05456-D4BA-4F3B-A11C-4BC9B4CAC272} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {E6454A34-07CA-49D1-9836-AAFE4BC5244B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {ECBA6FDB-E9FC-44DC-BEA4-F57020EC2FE4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ED504139-2FD7-4834-B820-DBE624BAB6D8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {EF0F083C-4E26-477E-A8C2-FCC1F815186B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {F704F1E2-2F56-4894-A59B-843156D2347B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F8AA5DCC-9D85-4427-8484-170F853DE107} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {FD751427-C56A-411C-AF72-1A171F7E6554} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {FDD6B608-BFA3-4DBB-B8BD-6853B575CD6C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {FF40F178-7BE2-4C3D-915C-E54721630E2D} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 08:00 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2011-06-21 06:42 - 2011-06-21 06:42 - 00034304 _____ () C:\WINDOWS\System32\sst3cl6.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-14 08:00 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-23 10:45 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 18:24 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 18:23 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 18:23 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 18:23 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 18:23 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 18:23 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-06 16:24 - 2017-02-06 16:24 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 16:24 - 2017-02-06 16:24 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 16:24 - 2017-02-06 16:24 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 16:24 - 2017-02-06 16:24 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-24 08:07 - 2017-01-16 17:00 - 00042064 _____ () C:\Users\Terezka\AppData\Local\Viber\qrencode.dll
2017-01-24 08:07 - 2017-01-16 17:01 - 00398416 _____ () C:\Users\Terezka\AppData\Local\Viber\imageformats\qsvg.dll
2017-01-24 08:07 - 2017-01-16 17:00 - 00016976 _____ () C:\Users\Terezka\AppData\Local\Viber\libEGL.DLL
2017-01-24 08:07 - 2017-01-16 17:00 - 01652304 _____ () C:\Users\Terezka\AppData\Local\Viber\libGLESv2.dll
2017-02-08 19:58 - 2017-02-08 19:58 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-02 22:16 - 2017-01-02 22:17 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-08 19:57 - 2017-02-08 19:57 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-08 19:58 - 2017-02-08 19:58 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2137070963-678457880-824638316-1000\...\samsungsetup.com -> hxxp://www.samsungsetup.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2137070963-678457880-824638316-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Terezka\Pictures\směs\wallpapers\99f498f1bd25f7a757d3807ecad74924.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-2137070963-678457880-824638316-1000\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{F5F7F981-AB23-46E8-8EDD-B7672F226A45}] => C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{B7926DB6-0225-4D5C-9CB6-AF8AAFD92338}] => C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{A2622A5F-9F0A-46FB-B331-68E122C83F28}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B5C5856A-A782-440F-B465-6FEB142F42AC}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E49A936D-C44A-421D-92DD-6D2FAFCBDF5B}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EDBD4A7E-6EFA-4878-B879-AD3038ED4103}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D79EA61C-7728-4EEE-807E-0E1C108A5EF4}C:\program files (x86)\java\jre1.8.0_31\launch4j-tmp\frd.exe] => C:\program files (x86)\java\jre1.8.0_31\launch4j-tmp\frd.exe
FirewallRules: [UDP Query User{CF3BB319-94D4-4743-A63C-795D8BA9C3A9}C:\program files (x86)\java\jre1.8.0_31\launch4j-tmp\frd.exe] => C:\program files (x86)\java\jre1.8.0_31\launch4j-tmp\frd.exe
FirewallRules: [TCP Query User{029B03EC-F927-4090-A72B-6971F2F9454F}C:\program files (x86)\relevantknowledge\rlvknlg.exe] => C:\program files (x86)\relevantknowledge\rlvknlg.exe
FirewallRules: [UDP Query User{345EF845-715D-4AC5-931B-7D530775C98B}C:\program files (x86)\relevantknowledge\rlvknlg.exe] => C:\program files (x86)\relevantknowledge\rlvknlg.exe
FirewallRules: [{2FF12334-314F-4223-AD6A-ADCDF9E5EBF3}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C5E86E31-24F8-4B2B-8827-3CA301909CA2}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9A5E5BCF-508B-4A06-B89A-6E43ADFFB113}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{39FC292A-7317-45B3-A409-8C2EB7AA2AE6}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F7CD782F-67EF-430C-B835-0208CD827144}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4AEA3EE7-73A0-47D3-8020-F4720575FEC8}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C3BD0D5-00D0-4DE8-A8C3-DA10FE282816}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{F289A69F-0FD3-4E8A-A1F1-4A45E16EEF8D}C:\program files (x86)\java\jre1.8.0_72\launch4j-tmp\frd.exe] => C:\program files (x86)\java\jre1.8.0_72\launch4j-tmp\frd.exe
FirewallRules: [UDP Query User{34494A10-C71D-4D91-8BE5-A49FD6481CB9}C:\program files (x86)\java\jre1.8.0_72\launch4j-tmp\frd.exe] => C:\program files (x86)\java\jre1.8.0_72\launch4j-tmp\frd.exe
FirewallRules: [TCP Query User{7572C007-F0F9-4A4A-9756-5565D15B691E}C:\program files (x86)\java\jre1.8.0_77\launch4j-tmp\frd.exe] => C:\program files (x86)\java\jre1.8.0_77\launch4j-tmp\frd.exe
FirewallRules: [UDP Query User{B1B76060-1A9D-4D59-AB87-255875CA763E}C:\program files (x86)\java\jre1.8.0_77\launch4j-tmp\frd.exe] => C:\program files (x86)\java\jre1.8.0_77\launch4j-tmp\frd.exe
FirewallRules: [{784C08D6-71D0-4CA7-8D5D-8EEEAC1ABF26}] => C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

25-01-2017 16:04:53 Windows Update
03-02-2017 15:15:24 Scheduled Checkpoint
10-02-2017 15:21:17 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2017 02:41:15 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (02/13/2017 02:41:15 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (02/13/2017 01:29:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1798782

Error: (02/13/2017 01:29:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1798782

Error: (02/13/2017 01:29:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/13/2017 12:59:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6422

Error: (02/13/2017 12:59:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6422

Error: (02/13/2017 12:59:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/13/2017 12:59:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4875

Error: (02/13/2017 12:59:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4875


System errors:
=============
Error: (02/13/2017 08:14:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/13/2017 08:14:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/13/2017 08:14:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/13/2017 08:13:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/13/2017 08:12:10 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (02/13/2017 08:11:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/13/2017 08:11:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/13/2017 08:11:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Lenovo Keyboard Noise Reduction service terminated unexpectedly. It has done this 1 time(s).

Error: (02/13/2017 08:11:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Lenovo Auto Scroll service terminated unexpectedly. It has done this 1 time(s).

Error: (02/13/2017 08:11:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Message Queuing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz
Percentage of memory in use: 41%
Total physical RAM: 3932.86 MB
Available physical RAM: 2292.94 MB
Total Virtual: 7900.86 MB
Available Virtual: 6180.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.17 GB) (Free:341.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00B435F5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=507 MB) - (Type=27)

==================== End of Addition.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
CustomCLSID: HKU\S-1-5-21-2137070963-678457880-824638316-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Terezka\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
Task: {1495FD05-C93E-409F-8CC4-08EF11B33401} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {068E07F2-E7F8-4B56-B352-9F5228366494} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {1D209342-A80C-41C8-A9A9-718ECEEE844D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {278DDCAF-7CAB-442B-B9DD-20399A6D6EEC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {3D0CE301-E415-4EC7-90EB-E69A69BF556D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4D6E59DC-1B32-448B-BE03-243F4594ABF3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
ask: {57C4E9D2-E603-4290-9CF8-1E4695E52049} - \Lenovo\Lenovo Service Bridge\S-1-5-21-2137070963-678457880-824638316-1000 -> No File <==== ATTENTION
Task: {67F6DD0A-1152-4C0C-BCCC-AE8BFF27A583} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-16] (Google Inc.)
Task: {73EFDE9D-EA73-482B-9726-B61AA9B7EFDE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7DEF0034-B8D7-4242-B62D-11D727E20DD4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {84DFE17D-7AE2-4147-A2BB-4D06A04B41B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-16] (Google Inc.)
Task: {B15E6C8D-AF0D-461E-B98E-4569DAC51A69} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C2FA5B14-E3DA-4072-BFA7-8109968FEABB} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {C8A976C8-A4CD-4FD3-A42C-4FBDDB4662F9} - \PMTask -> No File <==== ATTENTION
Task: {D32854F9-3725-48D0-BCC6-C4F6F6C5804D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {DCDA570C-A68D-4686-B083-954A41B5F15E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {ECBA6FDB-E9FC-44DC-BEA4-F57020EC2FE4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ED504139-2FD7-4834-B820-DBE624BAB6D8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {FD751427-C56A-411C-AF72-1A171F7E6554} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
U3 idsvc; no ImagePath
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-02-2017
Ran by Terezka (14-02-2017 18:47:17) Run:1
Running from C:\Users\Terezka\Desktop
Loaded Profiles: Terezka (Available Profiles: Terezka & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CustomCLSID: HKU\S-1-5-21-2137070963-678457880-824638316-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Terezka\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
Task: {1495FD05-C93E-409F-8CC4-08EF11B33401} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {068E07F2-E7F8-4B56-B352-9F5228366494} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {1D209342-A80C-41C8-A9A9-718ECEEE844D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {278DDCAF-7CAB-442B-B9DD-20399A6D6EEC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {3D0CE301-E415-4EC7-90EB-E69A69BF556D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4D6E59DC-1B32-448B-BE03-243F4594ABF3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
ask: {57C4E9D2-E603-4290-9CF8-1E4695E52049} - \Lenovo\Lenovo Service Bridge\S-1-5-21-2137070963-678457880-824638316-1000 -> No File <==== ATTENTION
Task: {67F6DD0A-1152-4C0C-BCCC-AE8BFF27A583} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-16] (Google Inc.)
Task: {73EFDE9D-EA73-482B-9726-B61AA9B7EFDE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7DEF0034-B8D7-4242-B62D-11D727E20DD4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {84DFE17D-7AE2-4147-A2BB-4D06A04B41B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-16] (Google Inc.)
Task: {B15E6C8D-AF0D-461E-B98E-4569DAC51A69} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C2FA5B14-E3DA-4072-BFA7-8109968FEABB} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {C8A976C8-A4CD-4FD3-A42C-4FBDDB4662F9} - \PMTask -> No File <==== ATTENTION
Task: {D32854F9-3725-48D0-BCC6-C4F6F6C5804D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {DCDA570C-A68D-4686-B083-954A41B5F15E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {ECBA6FDB-E9FC-44DC-BEA4-F57020EC2FE4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {ED504139-2FD7-4834-B820-DBE624BAB6D8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {FD751427-C56A-411C-AF72-1A171F7E6554} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
U3 idsvc; no ImagePath
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End
*****************

HKU\S-1-5-21-2137070963-678457880-824638316-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1495FD05-C93E-409F-8CC4-08EF11B33401} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1495FD05-C93E-409F-8CC4-08EF11B33401} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{068E07F2-E7F8-4B56-B352-9F5228366494} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{068E07F2-E7F8-4B56-B352-9F5228366494} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D209342-A80C-41C8-A9A9-718ECEEE844D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D209342-A80C-41C8-A9A9-718ECEEE844D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{278DDCAF-7CAB-442B-B9DD-20399A6D6EEC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{278DDCAF-7CAB-442B-B9DD-20399A6D6EEC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D0CE301-E415-4EC7-90EB-E69A69BF556D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D0CE301-E415-4EC7-90EB-E69A69BF556D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D6E59DC-1B32-448B-BE03-243F4594ABF3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D6E59DC-1B32-448B-BE03-243F4594ABF3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
ask: {57C4E9D2-E603-4290-9CF8-1E4695E52049} - \Lenovo\Lenovo Service Bridge\S-1-5-21-2137070963-678457880-824638316-1000 -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{67F6DD0A-1152-4C0C-BCCC-AE8BFF27A583} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67F6DD0A-1152-4C0C-BCCC-AE8BFF27A583} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73EFDE9D-EA73-482B-9726-B61AA9B7EFDE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73EFDE9D-EA73-482B-9726-B61AA9B7EFDE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7DEF0034-B8D7-4242-B62D-11D727E20DD4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DEF0034-B8D7-4242-B62D-11D727E20DD4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84DFE17D-7AE2-4147-A2BB-4D06A04B41B3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84DFE17D-7AE2-4147-A2BB-4D06A04B41B3} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B15E6C8D-AF0D-461E-B98E-4569DAC51A69} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B15E6C8D-AF0D-461E-B98E-4569DAC51A69} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2FA5B14-E3DA-4072-BFA7-8109968FEABB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2FA5B14-E3DA-4072-BFA7-8109968FEABB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8A976C8-A4CD-4FD3-A42C-4FBDDB4662F9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8A976C8-A4CD-4FD3-A42C-4FBDDB4662F9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PMTask => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D32854F9-3725-48D0-BCC6-C4F6F6C5804D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D32854F9-3725-48D0-BCC6-C4F6F6C5804D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCDA570C-A68D-4686-B083-954A41B5F15E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCDA570C-A68D-4686-B083-954A41B5F15E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECBA6FDB-E9FC-44DC-BEA4-F57020EC2FE4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECBA6FDB-E9FC-44DC-BEA4-F57020EC2FE4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED504139-2FD7-4834-B820-DBE624BAB6D8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED504139-2FD7-4834-B820-DBE624BAB6D8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD751427-C56A-411C-AF72-1A171F7E6554} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD751427-C56A-411C-AF72-1A171F7E6554} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found.
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 35241694 B
Java, Flash, Steam htmlcache => 25362 B
Windows/system/drivers => 333935 B
Edge => 5651293 B
Chrome => 0 B
Firefox => 369357566 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 16674 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 25782 B
NetworkService => 11380 B
Terezka => 132281522 B
DefaultAppPool => 33058 B

RecycleBin => 0 B
EmptyTemp: => 517.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:54:04 ====

Smazáno. Nastala nějaká změna?

Chvíli jsem dal čas to přítelkyni otestovat...a říka že teď už to jede dobře.
Takže děkuji za pomoc

To jsem rád a nemáte zač!