Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by barbara (administrator) on LENOVOBA (13-11-2017 14:43:03)
Running from C:\Users\barbara\Downloads
Loaded Profiles: barbara (Available Profiles: barbara & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-09-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5783328 2017-09-19] (IObit)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-10-20] (SUPERAntiSpyware)
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\Run: [eM Client] => C:\Program Files (x86)\eM Client\MailClient.exe [23133000 2017-07-26] (eM Client s.r.o.)
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\Policies\Explorer: []
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
IFEO\IMF_ActionCenterDownloader.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
BootExecute: autocheck autochk * SmartDefragBootTime.exesdnclean64.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 78.157.167.7 78.157.167.57 192.168.100.1
Tcpip\..\Interfaces\{4236D1C1-F566-4FBB-9344-085B2C594350}: [DhcpNameServer] 78.157.167.7 78.157.167.57 192.168.100.1
Tcpip\..\Interfaces\{4D046EE1-B35A-464F-B6B5-F4F84C6FD19B}: [DhcpNameServer] 192.168.100.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-03] (Oracle Corporation)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll [2017-08-08] (IObit)
FireFox:
========
FF DefaultProfile: m9j5zw78.default
FF ProfilePath: C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default [2017-11-12]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-cs@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-de@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (English (US) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Español (España) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Finnish Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-fi@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Français Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-fr@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Galego (España) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-gl@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-he@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-hu@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-it@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Japanese Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-ja@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Korean (KR) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-ko@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-nl@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Polski Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-pl@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Russian (RU) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-ru@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-sl@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (српски (sr) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-sr@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-24] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 5 -> C:\Program Files (x86)\PDF Architect 5\np-previewer.dll [2017-07-05] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-2155449529-2713239103-2906735623-1001: jpl.nasa.gov/NASAEyes -> C:\Users\barbara\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-03-09] (Jet Propulsion Laboratory)
Chrome:
=======
CHR Profile: C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default [2017-11-13]
CHR Extension: (Prezentace) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-12]
CHR Extension: (Dokumenty) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-12]
CHR Extension: (Disk Google) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-12]
CHR Extension: (YouTube) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-12]
CHR Extension: (Adobe Acrobat) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-12]
CHR Extension: (Tabulky) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-12]
CHR Extension: (Gmail) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-12]
CHR Extension: (Chrome Media Router) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASC_GhromePlugin.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-09] (SUPERAntiSpyware.com)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
S3 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S3 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [296432 2014-04-16] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1768736 2017-07-18] (IObit)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 KrosPlusFireBird; C:\Program Files (x86)\Cenkros\Firebird\FBbin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
S3 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
S3 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2014-09-16] (Lenovo(beijing) Limited)
S3 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-16] (Lenovo(beijing) Limited)
S3 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [37624 2014-04-21] (Lenovo(beijing) Limited)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-02-13] ()
S3 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [50600 2016-03-03] (Microsoft)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-08-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-08-18] (NVIDIA Corporation)
S3 PDF Architect 5; C:\Program Files\PDF Architect 5\ws.exe [2709176 2017-07-05] (pdfforge GmbH)
S3 PDF Architect 5 CrashHandler; C:\Program Files\PDF Architect 5\crash-handler-ws.exe [1051312 2017-07-05] (pdfforge GmbH)
S3 PDF Architect 5 Creator; C:\Program Files\PDF Architect 5\creator-ws.exe [859312 2017-07-05] (pdfforge GmbH)
S3 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-26] (PointGrab LTD)
S3 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-09-16] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2014-09-16] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2014-09-16] (Lenovo)
R3 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2014-09-16] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-03-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-03-25] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3743648 2017-02-13] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S3 PDF Architect 5 Manager; "C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe" [X]
S2 PG_Service_Launcher; "C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32840 2017-07-13] (ELAN Microelectronic Corp.)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2017-01-12] (Glarysoft Ltd)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-17] (REALiX(tm))
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231400 2017-08-24] (Intel Corporation)
R1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [26272 2017-03-29] (IObit.com)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFDownProtect.sys [21360 2017-03-08] (IObit.com)
S4 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22440 2017-01-06] (IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFForceDelete.sys [16216 2017-06-30] (IObit.com)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [21872 2017-09-28] (IObit.com)
S3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3526400 2017-03-09] (Intel Corporation)
S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NETwNs64; C:\WINDOWS\system32\DRIVERS\Netwsw02.sys [3427848 2017-10-22] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-08-18] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34752 2016-12-15] (IObit.com)
R3 ROCKEYNT; C:\WINDOWS\system32\DRIVERS\Rockey4.sys [36904 2017-08-29] (Feitian Technologies Co., Ltd.)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782816 2017-11-12] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3127552 2017-01-17] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2017-01-17] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-03-25] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-03-25] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-03-25] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-11-12] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-11-12] (Zemana Ltd.)
U0 aswVmm; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-13 14:43 - 2017-11-13 14:43 - 000025386 _____ C:\Users\barbara\Downloads\FRST.txt
2017-11-13 14:42 - 2017-11-13 14:43 - 000000000 ____D C:\FRST
2017-11-13 14:41 - 2017-11-13 14:41 - 007189760 _____ (VS Revo Group ) C:\Users\barbara\Downloads\revosetup.exe
2017-11-13 14:41 - 2017-11-13 14:41 - 002392576 _____ (Farbar) C:\Users\barbara\Downloads\FRST64.exe
2017-11-13 14:30 - 2017-11-13 14:30 - 000000882 _____ C:\Users\barbara\Desktop\help_HJT.txt
2017-11-13 13:35 - 2017-11-13 13:35 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-11-13 13:32 - 2017-11-13 13:32 - 026835016 _____ (Adlice Software) C:\Users\barbara\Downloads\RogueKiller_portable64 (1).exe
2017-11-13 13:30 - 2017-11-13 13:30 - 000508576 _____ (TweakBit) C:\Users\barbara\Downloads\_TB_LA_PCR_NEW_DSK-repairkit (1).exe
2017-11-13 02:06 - 2017-11-13 02:06 - 000000270 __RSH C:\Users\barbara\ntuser.pol
2017-11-13 02:05 - 2017-11-13 14:42 - 000171097 _____ C:\WINDOWS\ZAM.krnl.trace
2017-11-13 02:05 - 2017-11-13 14:42 - 000113889 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-11-13 01:56 - 2017-11-13 01:56 - 000511216 _____ C:\Users\barbara\Desktop\bitdef.pdf
2017-11-13 01:24 - 2017-11-12 23:29 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20171113-012436.backup
2017-11-13 01:20 - 2017-11-13 02:02 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-11-13 01:20 - 2017-11-13 01:20 - 000001436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-11-13 01:20 - 2017-11-13 01:20 - 000001424 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-11-13 01:20 - 2017-11-13 01:20 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-11-13 01:20 - 2017-11-13 01:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-11-13 01:20 - 2017-11-13 01:20 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-11-13 01:20 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2017-11-13 01:18 - 2017-11-13 01:19 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\barbara\Downloads\spybotsd-2.6.46 (1).exe
2017-11-13 01:09 - 2017-11-13 01:09 - 000001116 _____ C:\Users\Public\Desktop\OpenOffice 4.1.4.lnk
2017-11-13 01:09 - 2017-11-13 01:09 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.4
2017-11-13 01:05 - 2017-11-13 01:05 - 000000000 ____D C:\Users\barbara\Desktop\OpenOffice 4.1.4 (cs) Installation Files
2017-11-13 01:02 - 2017-11-13 01:04 - 128658532 _____ C:\Users\barbara\Downloads\Apache_OpenOffice_4.1.4_Win_x86_install_cs.exe
2017-11-13 00:23 - 2017-11-13 00:26 - 000073901 _____ C:\Users\barbara\Desktop\HJT_2.pdf
2017-11-13 00:21 - 2017-11-13 00:26 - 000040571 _____ C:\Users\barbara\Desktop\HJT_1.pdf
2017-11-13 00:05 - 2017-11-13 00:05 - 000001195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2017-11-12 23:48 - 2017-11-12 23:48 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-11-12 23:48 - 2017-11-12 23:48 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-11-12 23:48 - 2017-11-12 23:48 - 000001185 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-11-12 23:48 - 2017-11-12 23:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-11-12 23:48 - 2017-11-12 23:48 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-11-12 23:43 - 2017-11-12 23:43 - 000000000 ____D C:\Users\barbara\AppData\Local\Zemana
2017-11-12 23:42 - 2017-11-12 23:42 - 006625600 _____ (Zemana Ltd. ) C:\Users\barbara\Downloads\Zemana.AntiMalware.Setup.exe
2017-11-12 23:31 - 2017-11-12 23:28 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2017-11-12 23:28 - 2017-11-12 23:28 - 000000000 ____D C:\zoek_backup
2017-11-12 23:26 - 2017-11-12 23:26 - 001303259 _____ C:\Users\barbara\Desktop\zoek.rar
2017-11-12 23:23 - 2017-11-12 23:23 - 001313792 _____ C:\Users\barbara\Downloads\zoek.exe
2017-11-12 22:17 - 2017-11-12 22:18 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\barbara\Downloads\spybotsd-2.6.46.exe
2017-11-12 19:25 - 2017-11-12 22:32 - 000000000 ____D C:\ProgramData\RogueKiller
2017-11-12 19:24 - 2017-11-12 19:25 - 026828360 _____ (Adlice Software) C:\Users\barbara\Downloads\RogueKiller_portable64.exe
2017-11-12 19:23 - 2017-11-12 19:25 - 115013810 _____ (Sophos Limited) C:\Users\barbara\Downloads\Nepotvrzeno 150397.crdownload
2017-11-12 18:08 - 2017-11-12 18:14 - 173850392 _____ (Sophos Limited) C:\Users\barbara\Downloads\Sophos Virus Removal Tool (2).exe
2017-11-12 17:44 - 2017-11-12 17:49 - 173850392 _____ (Sophos Limited) C:\Users\barbara\Downloads\Sophos Virus Removal Tool (1).exe
2017-11-12 16:08 - 2017-11-12 16:08 - 000003584 _____ C:\Users\barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-12 15:32 - 2017-11-12 15:32 - 000000000 ____D C:\ProgramData\Sophos
2017-11-12 15:31 - 2017-11-12 15:31 - 000002841 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-11-12 15:31 - 2017-11-12 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-11-12 15:30 - 2017-11-12 15:30 - 000000000 ____D C:\Program Files (x86)\Sophos
2017-11-12 15:09 - 2017-11-12 15:12 - 180146408 _____ (Sophos Limited) C:\Users\barbara\Downloads\Sophos Virus Removal Tool.exe
2017-11-12 14:59 - 2017-11-13 01:01 - 000000000 ____D C:\ProgramData\ProductData
2017-11-12 14:27 - 2017-11-12 22:50 - 000002401 _____ C:\Users\barbara\Desktop\JRT.txt
2017-11-12 14:24 - 2017-11-12 14:25 - 001790024 _____ (Malwarebytes) C:\Users\barbara\Downloads\JRT.exe
2017-11-12 02:47 - 2017-11-12 02:47 - 000782816 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsPer.sys
2017-11-12 02:47 - 2017-11-12 02:47 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-11-12 01:16 - 2017-11-12 01:16 - 000508576 _____ (TweakBit) C:\Users\barbara\Downloads\_TB_LA_PCR_NEW_DSK-repairkit.exe
2017-11-11 23:52 - 2017-11-11 23:52 - 000001235 _____ C:\Users\barbara\Desktop\CrystalDiskInfo.lnk
2017-11-11 23:52 - 2017-11-11 23:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2017-11-11 23:52 - 2017-11-11 23:52 - 000000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2017-11-11 23:32 - 2017-11-11 23:32 - 000001902 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-11 23:32 - 2017-11-11 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-11 23:32 - 2017-11-11 23:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-11 23:32 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-11 23:19 - 2017-11-11 23:19 - 003980992 _____ (Crystal Dew World ) C:\Users\barbara\Downloads\CrystalDiskInfo7_5_0.exe
2017-11-11 23:18 - 2017-11-11 23:32 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-11 23:15 - 2017-11-11 23:16 - 078346672 _____ (Malwarebytes ) C:\Users\barbara\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-11 23:08 - 2017-11-12 14:20 - 000000000 ____D C:\AdwCleaner
2017-11-11 23:08 - 2017-11-11 23:08 - 008261584 _____ (Malwarebytes) C:\Users\barbara\Downloads\AdwCleaner.exe
2017-11-11 22:59 - 2017-11-13 02:05 - 106430464 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-11-11 22:59 - 2017-11-13 02:05 - 006291456 _____ C:\WINDOWS\system32\config\DEFAULT
2017-11-11 22:59 - 2017-11-13 02:05 - 000262144 _____ C:\WINDOWS\system32\config\SAM
2017-11-11 22:59 - 2017-11-13 02:05 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY
2017-11-11 22:59 - 2017-11-11 22:59 - 000000000 ____H C:\asc_rdflag
2017-11-11 22:56 - 2017-11-11 22:56 - 000448512 _____ (OldTimer Tools) C:\Users\barbara\Downloads\TFC.exe
2017-11-11 14:03 - 2017-11-11 14:03 - 000388608 _____ (Trend Micro Inc.) C:\Users\barbara\Downloads\HiJackThis.exe
2017-11-11 13:12 - 2017-11-11 13:13 - 000000000 ____D C:\ProgramData\F-Secure
2017-11-11 13:12 - 2017-11-11 13:12 - 000524248 _____ (F-Secure Corporation) C:\Users\barbara\Downloads\F-SecureOnlineScanner.exe
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\Users\barbara\AppData\Local\F-Secure
2017-11-11 13:12 - 2017-11-11 13:12 - 000000000 ____D C:\Users\barbara\AppData\Local\FSDART
2017-11-09 16:45 - 2017-11-09 17:51 - 1212097204 _____ C:\Users\barbara\Downloads\Já padouch 3 Cz Dabing.avi
2017-11-08 17:36 - 2017-10-11 08:35 - 000143016 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-08 17:36 - 2017-10-10 16:21 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-08 17:36 - 2017-10-10 14:18 - 002023936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-08 17:36 - 2017-10-10 14:18 - 001570304 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-08 17:36 - 2017-10-10 14:18 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-08 17:36 - 2017-10-10 14:18 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-08 17:36 - 2017-10-10 14:18 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-08 17:36 - 2017-10-10 14:18 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-11-08 17:36 - 2017-10-10 14:18 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-08 17:36 - 2017-10-10 14:18 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-08 17:36 - 2017-10-10 14:18 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-07 00:28 - 2017-11-07 00:28 - 000004146 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-07 00:28 - 2017-11-07 00:28 - 000003852 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-07 00:28 - 2017-11-07 00:28 - 000003814 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-07 00:28 - 2017-11-07 00:28 - 000003738 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-07 00:28 - 2017-11-07 00:28 - 000003738 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-07 00:28 - 2017-11-07 00:28 - 000003730 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-07 00:28 - 2017-11-07 00:28 - 000003554 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-07 00:28 - 2017-11-07 00:28 - 000003494 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-07 00:28 - 2017-08-18 05:32 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-11-07 00:28 - 2017-08-18 05:32 - 000048064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-11-07 00:26 - 2017-11-07 00:29 - 000003314 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2017-11-07 00:26 - 2017-11-07 00:29 - 000002978 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2017-11-03 17:26 - 2017-11-03 17:26 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-11-03 17:26 - 2017-11-03 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-03 17:10 - 2017-11-03 17:11 - 000003874 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-11-03 16:50 - 2017-11-03 16:50 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-03 16:50 - 2017-11-03 16:50 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-01 21:56 - 2017-11-01 21:56 - 000002170 _____ C:\Users\Public\Desktop\S3 Kasa.lnk
2017-11-01 21:56 - 2017-11-01 21:56 - 000002165 _____ C:\Users\Public\Desktop\Money S3.lnk
2017-11-01 21:56 - 2017-11-01 21:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CÍGLER SOFTWARE
2017-11-01 21:55 - 2017-11-01 23:24 - 000000000 ____D C:\ProgramData\CIGLER SOFTWARE
2017-11-01 21:55 - 2017-11-01 21:55 - 000000000 ____D C:\Users\Public\Documents\CIGLER SOFTWARE
2017-11-01 21:55 - 2017-11-01 21:55 - 000000000 ____D C:\Program Files (x86)\CIGLER SOFTWARE
2017-11-01 16:26 - 2017-11-01 16:26 - 000001407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2017-11-01 16:26 - 2017-11-01 16:26 - 000001395 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2017-10-30 20:09 - 2017-10-30 20:33 - 000000000 ____D C:\Users\barbara\AppData\Local\Star Stable
2017-10-22 08:33 - 2017-10-22 08:33 - 085835776 _____ C:\WINDOWS\system32\config\COMPONENTS.iodefrag.bak
2017-10-22 08:12 - 2017-10-22 08:13 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-22 08:10 - 2017-10-05 08:17 - 000380248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-10-22 08:10 - 2017-09-15 00:52 - 000986968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-10-22 08:10 - 2017-09-14 20:30 - 007439704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-22 08:10 - 2017-09-14 20:30 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-10-22 08:10 - 2017-09-14 20:29 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-10-22 08:10 - 2017-09-14 02:18 - 001384216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-22 08:10 - 2017-09-14 02:14 - 001124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-22 08:10 - 2017-09-13 14:32 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-22 08:10 - 2017-09-13 14:31 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-22 08:10 - 2017-09-13 14:27 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2017-10-22 08:10 - 2017-09-09 19:53 - 022361864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-22 08:10 - 2017-09-09 18:55 - 019790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-22 08:10 - 2017-09-09 18:38 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-22 08:10 - 2017-09-09 17:10 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-22 08:10 - 2017-09-09 16:49 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-22 08:10 - 2017-09-09 16:47 - 014466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-22 08:10 - 2017-09-09 16:21 - 012879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-22 08:10 - 2017-09-09 14:13 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-22 08:10 - 2017-09-09 14:13 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-22 08:10 - 2017-09-09 14:13 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-22 08:10 - 2017-09-09 04:50 - 002013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-22 08:10 - 2017-09-09 04:50 - 001364552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-10-22 08:10 - 2017-09-08 19:21 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-10-22 08:10 - 2017-09-08 19:15 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-22 08:10 - 2017-09-08 18:39 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-22 08:10 - 2017-09-08 18:14 - 003084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-22 08:10 - 2017-09-08 17:57 - 001084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-10-22 08:10 - 2017-09-08 17:50 - 002471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-22 08:10 - 2017-09-08 04:31 - 000685440 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-22 08:10 - 2017-09-08 04:28 - 000507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-22 08:10 - 2017-09-07 22:33 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-22 08:10 - 2017-09-07 22:33 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-22 08:10 - 2017-09-07 22:32 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-22 08:10 - 2017-09-07 22:32 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-10-22 08:10 - 2017-09-07 22:31 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-22 08:10 - 2017-09-07 22:17 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-10-22 08:10 - 2017-09-07 22:17 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-10-22 08:10 - 2017-09-07 22:15 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-10-22 08:10 - 2017-09-07 22:08 - 025729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-22 08:10 - 2017-09-07 22:00 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-22 08:10 - 2017-09-07 21:40 - 005982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-22 08:10 - 2017-09-07 21:32 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-10-22 08:10 - 2017-09-07 21:31 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-10-22 08:10 - 2017-09-07 21:29 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-10-22 08:10 - 2017-09-07 21:21 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-10-22 08:10 - 2017-09-07 21:13 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-10-22 08:10 - 2017-09-07 21:11 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-10-22 08:10 - 2017-09-07 21:10 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-10-22 08:10 - 2017-09-07 21:10 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-10-22 08:10 - 2017-09-07 21:08 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-10-22 08:10 - 2017-09-07 21:08 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-22 08:10 - 2017-09-07 20:54 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-10-22 08:10 - 2017-09-07 20:44 - 015262720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-22 08:10 - 2017-09-07 20:40 - 003240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-22 08:10 - 2017-09-07 20:27 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-22 08:10 - 2017-09-07 20:20 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-22 08:10 - 2017-09-07 20:17 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-10-22 08:10 - 2017-09-07 20:10 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-10-22 08:10 - 2017-09-07 20:09 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-10-22 08:10 - 2017-09-07 20:04 - 020267008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-22 08:10 - 2017-09-07 20:03 - 002292736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-10-22 08:10 - 2017-09-07 19:58 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-22 08:10 - 2017-09-07 19:39 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-10-22 08:10 - 2017-09-07 19:38 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-10-22 08:10 - 2017-09-07 19:37 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-10-22 08:10 - 2017-09-07 19:33 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-10-22 08:10 - 2017-09-07 19:29 - 004547072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-22 08:10 - 2017-09-07 19:29 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-10-22 08:10 - 2017-09-07 19:27 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-10-22 08:10 - 2017-09-07 19:26 - 000694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-10-22 08:10 - 2017-09-07 19:25 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-10-22 08:10 - 2017-09-07 19:24 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-22 08:10 - 2017-09-07 19:17 - 013677568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-22 08:10 - 2017-09-07 19:01 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-22 08:10 - 2017-09-07 18:57 - 001316864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-22 08:10 - 2017-09-07 18:57 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-10-22 08:10 - 2017-09-07 18:20 - 000513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-22 08:10 - 2017-09-07 18:20 - 000513456 _____ C:\WINDOWS\system32\locale.nls
2017-10-22 08:10 - 2017-09-07 14:40 - 000995272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-22 08:10 - 2017-09-07 14:40 - 000922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-22 08:10 - 2017-09-07 00:07 - 000158552 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-22 08:10 - 2017-09-06 22:17 - 000461144 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-22 08:10 - 2017-09-06 22:17 - 000443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2017-10-22 08:10 - 2017-09-06 15:14 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-22 08:10 - 2017-08-11 02:39 - 002779136 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-10-22 08:10 - 2017-08-11 02:30 - 002464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-10-22 07:59 - 2017-10-22 07:59 - 010719648 _____ C:\WINDOWS\system32\Drivers\Netwfw02.dat
2017-10-22 07:59 - 2017-10-22 07:59 - 003427848 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwsw02.sys
2017-10-20 08:05 - 2017-10-20 08:05 - 000263330 _____ C:\Users\barbara\Downloads\stanovisko0000005001606408.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-13 14:27 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-13 13:32 - 2017-01-05 20:06 - 000000000 ____D C:\Users\barbara\AppData\Roaming\eM Client
2017-11-13 13:30 - 2017-01-05 23:09 - 000000000 ____D C:\Users\barbara\AppData\Roaming\Skype
2017-11-13 12:25 - 2014-09-16 03:17 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-13 12:19 - 2014-09-16 03:25 - 000734494 _____ C:\WINDOWS\system32\perfh005.dat
2017-11-13 12:19 - 2014-09-16 03:25 - 000148824 _____ C:\WINDOWS\system32\perfc005.dat
2017-11-13 12:19 - 2014-03-18 10:53 - 001739092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-13 12:19 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2017-11-13 02:28 - 2017-01-12 16:38 - 000000000 ___RD C:\Users\barbara\OneDrive
2017-11-13 02:06 - 2016-12-22 13:36 - 000000000 ____D C:\Users\barbara
2017-11-13 02:05 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-13 02:05 - 2013-08-22 15:44 - 000453936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-13 02:05 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2017-11-13 02:04 - 2016-12-23 08:14 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2155449529-2713239103-2906735623-1001
2017-11-13 02:04 - 2014-09-16 04:10 - 000006656 _____ C:\WINDOWS\system32\VfService.trf
2017-11-13 01:09 - 2017-01-05 17:56 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2017-11-13 00:27 - 2017-09-07 03:20 - 000000000 ____D C:\Users\barbara\AppData\Roaming\ORPALIS PDF Reducer Free
2017-11-12 17:15 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-11-12 17:07 - 2017-01-24 23:39 - 000000000 ____D C:\Users\barbara\AppData\Local\CrashDumps
2017-11-12 14:14 - 2017-01-12 18:53 - 000000000 ____D C:\ProgramData\IObit
2017-11-12 14:13 - 2017-01-12 18:53 - 000000000 ____D C:\Users\barbara\AppData\Roaming\IObit
2017-11-12 14:13 - 2017-01-12 18:53 - 000000000 ____D C:\Program Files (x86)\IObit
2017-11-12 14:13 - 2014-12-31 19:35 - 000000000 ____D C:\Users\barbara\AppData\LocalLow\IObit
2017-11-12 02:53 - 2017-01-12 14:32 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2017-11-12 02:52 - 2017-01-05 18:09 - 000002794 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-11-12 02:52 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-12 02:47 - 2017-09-28 01:35 - 000002307 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
2017-11-11 22:59 - 2017-08-24 02:12 - 101425152 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2017-11-11 22:59 - 2017-08-24 02:12 - 001515520 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2017-11-11 22:59 - 2017-08-24 02:12 - 000061440 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2017-11-11 22:59 - 2017-08-24 02:12 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2017-11-11 22:59 - 2017-08-24 02:11 - 006492160 _____ C:\WINDOWS\system32\config\DRIVERS.iodefrag.bak
2017-11-10 20:01 - 2017-08-30 08:45 - 000000000 ____D C:\Users\barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-11-08 22:52 - 2017-01-13 04:02 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-08 17:37 - 2013-08-22 16:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-07 00:32 - 2017-01-12 13:32 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-11-07 00:30 - 2014-09-16 03:16 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-07 00:29 - 2016-12-22 13:41 - 000000000 ____D C:\Users\barbara\AppData\Local\NVIDIA
2017-11-07 00:28 - 2017-01-22 23:30 - 000001443 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-11-07 00:28 - 2014-09-16 03:17 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-11-07 00:28 - 2014-09-16 03:15 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-07 00:27 - 2017-01-12 14:32 - 000001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2017-11-07 00:27 - 2017-01-12 14:32 - 000001107 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2017-11-07 00:21 - 2017-01-02 17:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-11-07 00:19 - 2017-10-12 20:33 - 000000000 ____D C:\Users\barbara\AppData\Local\PDFCreator
2017-11-06 21:03 - 2017-01-12 15:50 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-06 21:03 - 2017-01-12 15:50 - 000002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-03 17:26 - 2017-07-15 23:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-11-03 17:26 - 2017-07-15 23:51 - 000000000 ____D C:\Program Files\Java
2017-11-03 17:13 - 2017-01-12 12:11 - 000000000 ____D C:\Program Files\PDFCreator
2017-11-03 17:10 - 2017-01-05 18:09 - 000000000 ____D C:\Program Files\CCleaner
2017-11-03 17:09 - 2017-01-05 18:09 - 000000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-11-01 16:26 - 2017-01-12 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2017-10-30 16:41 - 2017-10-09 09:37 - 000001030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicPick.lnk
2017-10-30 16:41 - 2017-10-09 09:37 - 000001018 _____ C:\Users\Public\Desktop\PicPick.lnk
2017-10-30 15:41 - 2017-06-20 12:16 - 000000027 _____ C:\ProgramData\lcsuc_prof.cfg
2017-10-22 08:30 - 2013-08-22 16:36 - 000000000 ___RD C:\WINDOWS\ToastData
2017-10-22 08:29 - 2017-01-05 23:09 - 000000000 ____D C:\ProgramData\Skype
2017-10-22 08:15 - 2017-01-12 20:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-22 08:12 - 2017-01-12 20:51 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-20 12:26 - 2017-01-12 13:56 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
==================== Files in the root of some directories =======
2016-12-28 13:48 - 2016-12-28 13:52 - 000000082 _____ () C:\Program Files\smaple.txt
2017-11-12 16:08 - 2017-11-12 16:08 - 000003584 _____ () C:\Users\barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-28 13:54 - 2016-12-28 13:54 - 001065984 _____ () C:\Users\barbara\AppData\Local\file__0.localstorage
2014-09-16 03:27 - 2014-09-16 03:27 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-06-20 12:16 - 2017-10-30 15:41 - 000000027 _____ () C:\ProgramData\lcsuc_prof.cfg
2017-01-02 17:43 - 2017-01-02 17:43 - 000000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Some files in TEMP:
====================
2017-11-13 13:28 - 2017-09-14 20:30 - 001737600 _____ (Microsoft Corporation) C:\Users\barbara\AppData\Local\Temp\dllnt_dump.dll
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\mfevtps.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-10-28 01:52
==================== End of FRST.txt ============================
rolování oken Vyřešeno
Re: rolování oken
Tak, provedla jsem smazání těch nevybraných položek v rougekiller.
Logy FRST jsou tu také.
K bosenštině v Zemana - bydlím samozřejmě v ČR. Jednoduše, když je v instalačním průvodci rozbalovací nabídka (volba jazyka), tak se automaticky přerolovává až dolů, což bývá zjednodušená čínština nebo něco podobně nečitelného. Když držím šipku nahoru, nabídka se roluje nahoru a dolů, a když zahlédnu, že je zrovna na něčem srozumitelnějším, snažím se rychle odentrovat. Takto jsem se na milióntý pokus trefila do jakž takž pochopitelného jazyka. Po instalaci lze v nastavení jazyk změnit, ale nabídka opět "utíká" dolů - viditelná v okně zůstala slovenština...
Je to o nervy - nabídky se rolují a přenastavují na poslední volbu - kupř. při otevření ovládacích panelů>>>myš>>>kurzor se samovolně nastaví ten poslední "Zvětšené (systémové nastavení)" a jakýkoli pokus zvolit něco jiného je zbytečný - vždy se to posune až na tu poslední volbu
Logy FRST jsou tu také.
K bosenštině v Zemana - bydlím samozřejmě v ČR. Jednoduše, když je v instalačním průvodci rozbalovací nabídka (volba jazyka), tak se automaticky přerolovává až dolů, což bývá zjednodušená čínština nebo něco podobně nečitelného. Když držím šipku nahoru, nabídka se roluje nahoru a dolů, a když zahlédnu, že je zrovna na něčem srozumitelnějším, snažím se rychle odentrovat. Takto jsem se na milióntý pokus trefila do jakž takž pochopitelného jazyka. Po instalaci lze v nastavení jazyk změnit, ale nabídka opět "utíká" dolů - viditelná v okně zůstala slovenština...
Je to o nervy - nabídky se rolují a přenastavují na poslední volbu - kupř. při otevření ovládacích panelů>>>myš>>>kurzor se samovolně nastaví ten poslední "Zvětšené (systémové nastavení)" a jakýkoli pokus zvolit něco jiného je zbytečný - vždy se to posune až na tu poslední volbu
Re: rolování oken
Bitdefender nenalezen
v HJT jsem to fixla, výsledek žádný. Zoufalství...
v HJT jsem to fixla, výsledek žádný. Zoufalství...
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: rolování oken
adwcleaner , smazala si to? Nevidím log.
Odinstaluj:
Spybot - Search and Destroy
IObit Malware Fighter
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
jaký používáš antivir?
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Můžeš odinstalovat všechny doplňky z FF.
Odinstaluj:
Spybot - Search and Destroy
IObit Malware Fighter
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
jaký používáš antivir?
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
Kód: Vybrat vše
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {53DBB73E-928C-43F0-85F4-E2DAECA61809} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
Task: {9828AACB-D0A2-42B8-B842-1229FFAEC658} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15601 more lines.
GroupPolicy: Restriction - Chrome <==== ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASC_GhromePlugin.crx <not found>
U0 aswVmm; no ImagePath
C:\ProgramData\DP45977C.lfl
C:\ProgramData\lcsuc_prof.cfg
C:\Users\barbara\AppData\Local\Temp\dllnt_dump.dll
EmptyTemp:
End(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-de@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (English (US) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Español (España) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Finnish Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-fi@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Français Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-fr@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Galego (España) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-gl@bluegriffon.org.xpi [2017-07-10] [not signed]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon
A pod.
Můžeš odinstalovat všechny doplňky z FF.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: rolování oken
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by barbara (14-11-2017 00:48:36) Run:1
Running from C:\Users\barbara\Desktop
Loaded Profiles: barbara (Available Profiles: barbara & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {53DBB73E-928C-43F0-85F4-E2DAECA61809} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
Task: {9828AACB-D0A2-42B8-B842-1229FFAEC658} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15601 more lines.
GroupPolicy: Restriction - Chrome <==== ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASC_GhromePlugin.crx <not found>
U0 aswVmm; no ImagePath
C:\ProgramData\DP45977C.lfl
C:\ProgramData\lcsuc_prof.cfg
C:\Users\barbara\AppData\Local\Temp\dllnt_dump.dll
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53DBB73E-928C-43F0-85F4-E2DAECA61809} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53DBB73E-928C-43F0-85F4-E2DAECA61809} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9828AACB-D0A2-42B8-B842-1229FFAEC658} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9828AACB-D0A2-42B8-B842-1229FFAEC658} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\str => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com => key removed successfully
There are 7936 more sites. => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com => key removed successfully
There are 7936 more sites. => Error: No automatic fix found for this entry.
127.0.0.1 localhost => Error: No automatic fix found for this entry.
127.0.0.1 www.007guard.com => Error: No automatic fix found for this entry.
127.0.0.1 007guard.com => Error: No automatic fix found for this entry.
127.0.0.1 008i.com => Error: No automatic fix found for this entry.
127.0.0.1 www.008k.com => Error: No automatic fix found for this entry.
127.0.0.1 008k.com => Error: No automatic fix found for this entry.
127.0.0.1 www.00hq.com => Error: No automatic fix found for this entry.
127.0.0.1 00hq.com => Error: No automatic fix found for this entry.
127.0.0.1 010402.com => Error: No automatic fix found for this entry.
127.0.0.1 www.032439.com => Error: No automatic fix found for this entry.
127.0.0.1 032439.com => Error: No automatic fix found for this entry.
127.0.0.1 www.0scan.com => Error: No automatic fix found for this entry.
127.0.0.1 0scan.com => Error: No automatic fix found for this entry.
127.0.0.1 1000gratisproben.com => Error: No automatic fix found for this entry.
127.0.0.1 www.1000gratisproben.com => Error: No automatic fix found for this entry.
127.0.0.1 1001namen.com => Error: No automatic fix found for this entry.
127.0.0.1 www.1001namen.com => Error: No automatic fix found for this entry.
127.0.0.1 100888290cs.com => Error: No automatic fix found for this entry.
127.0.0.1 www.100888290cs.com => Error: No automatic fix found for this entry.
127.0.0.1 www.100sexlinks.com => Error: No automatic fix found for this entry.
127.0.0.1 100sexlinks.com => Error: No automatic fix found for this entry.
127.0.0.1 10sek.com => Error: No automatic fix found for this entry.
127.0.0.1 www.10sek.com => Error: No automatic fix found for this entry.
127.0.0.1 www.1-2005-search.com => Error: No automatic fix found for this entry.
127.0.0.1 1-2005-search.com => Error: No automatic fix found for this entry.
127.0.0.1 123fporn.info => Error: No automatic fix found for this entry.
127.0.0.1 www.123fporn.info => Error: No automatic fix found for this entry.
127.0.0.1 123haustiereundmehr.com => Error: No automatic fix found for this entry.
127.0.0.1 www.123haustiereundmehr.com => Error: No automatic fix found for this entry.
127.0.0.1 123moviedownload.com => Error: No automatic fix found for this entry.
There are 15601 more lines. => Error: No automatic fix found for this entry.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd => key removed successfully
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\lcsuc_prof.cfg => moved successfully
C:\Users\barbara\AppData\Local\Temp\dllnt_dump.dll => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4316305 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2604737 B
Edge => 0 B
Chrome => 40114014 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 828 B
NetworkService => 0 B
barbara => 7855992 B
Administrator => 12290 B
RecycleBin => 0 B
EmptyTemp: => 60.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 00:48:47 ====
Ran by barbara (14-11-2017 00:48:36) Run:1
Running from C:\Users\barbara\Desktop
Loaded Profiles: barbara (Available Profiles: barbara & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {53DBB73E-928C-43F0-85F4-E2DAECA61809} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
Task: {9828AACB-D0A2-42B8-B842-1229FFAEC658} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 15601 more lines.
GroupPolicy: Restriction - Chrome <==== ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASC_GhromePlugin.crx <not found>
U0 aswVmm; no ImagePath
C:\ProgramData\DP45977C.lfl
C:\ProgramData\lcsuc_prof.cfg
C:\Users\barbara\AppData\Local\Temp\dllnt_dump.dll
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53DBB73E-928C-43F0-85F4-E2DAECA61809} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53DBB73E-928C-43F0-85F4-E2DAECA61809} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9828AACB-D0A2-42B8-B842-1229FFAEC658} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9828AACB-D0A2-42B8-B842-1229FFAEC658} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\str => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com => key removed successfully
There are 7936 more sites. => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com => key removed successfully
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com => key removed successfully
There are 7936 more sites. => Error: No automatic fix found for this entry.
127.0.0.1 localhost => Error: No automatic fix found for this entry.
127.0.0.1 www.007guard.com => Error: No automatic fix found for this entry.
127.0.0.1 007guard.com => Error: No automatic fix found for this entry.
127.0.0.1 008i.com => Error: No automatic fix found for this entry.
127.0.0.1 www.008k.com => Error: No automatic fix found for this entry.
127.0.0.1 008k.com => Error: No automatic fix found for this entry.
127.0.0.1 www.00hq.com => Error: No automatic fix found for this entry.
127.0.0.1 00hq.com => Error: No automatic fix found for this entry.
127.0.0.1 010402.com => Error: No automatic fix found for this entry.
127.0.0.1 www.032439.com => Error: No automatic fix found for this entry.
127.0.0.1 032439.com => Error: No automatic fix found for this entry.
127.0.0.1 www.0scan.com => Error: No automatic fix found for this entry.
127.0.0.1 0scan.com => Error: No automatic fix found for this entry.
127.0.0.1 1000gratisproben.com => Error: No automatic fix found for this entry.
127.0.0.1 www.1000gratisproben.com => Error: No automatic fix found for this entry.
127.0.0.1 1001namen.com => Error: No automatic fix found for this entry.
127.0.0.1 www.1001namen.com => Error: No automatic fix found for this entry.
127.0.0.1 100888290cs.com => Error: No automatic fix found for this entry.
127.0.0.1 www.100888290cs.com => Error: No automatic fix found for this entry.
127.0.0.1 www.100sexlinks.com => Error: No automatic fix found for this entry.
127.0.0.1 100sexlinks.com => Error: No automatic fix found for this entry.
127.0.0.1 10sek.com => Error: No automatic fix found for this entry.
127.0.0.1 www.10sek.com => Error: No automatic fix found for this entry.
127.0.0.1 www.1-2005-search.com => Error: No automatic fix found for this entry.
127.0.0.1 1-2005-search.com => Error: No automatic fix found for this entry.
127.0.0.1 123fporn.info => Error: No automatic fix found for this entry.
127.0.0.1 www.123fporn.info => Error: No automatic fix found for this entry.
127.0.0.1 123haustiereundmehr.com => Error: No automatic fix found for this entry.
127.0.0.1 www.123haustiereundmehr.com => Error: No automatic fix found for this entry.
127.0.0.1 123moviedownload.com => Error: No automatic fix found for this entry.
There are 15601 more lines. => Error: No automatic fix found for this entry.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd => key removed successfully
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\lcsuc_prof.cfg => moved successfully
C:\Users\barbara\AppData\Local\Temp\dllnt_dump.dll => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4316305 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2604737 B
Edge => 0 B
Chrome => 40114014 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 828 B
NetworkService => 0 B
barbara => 7855992 B
Administrator => 12290 B
RecycleBin => 0 B
EmptyTemp: => 60.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 00:48:47 ====
Re: rolování oken
Defender a Malvarebytes byly vypnuty pro čištění PC. Jinak mám spuštěný Superantispyvare. Měla MacAfee, přsd časem jsem ho sundala a zatím jsem nenainstalovala nic místo něj.
Adwcleaner je v jiné složce, nerada mám věci na ploše. Data má všechna na jiné partition, jen programy na C:
Adwcleaner je v jiné složce, nerada mám věci na ploše. Data má všechna na jiné partition, jen programy na C:
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: rolování oken
Nainstaluj si antivir Avast , Avira nebo Comodo , ostatní odinstaluj.
ještě jsem v minulém příspěvku toho dost napsal..
Je třeba na to reagovat.
ještě jsem v minulém příspěvku toho dost napsal..
Je třeba na to reagovat.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: rolování oken
Vše podle minulého příspěvku jsem provedla. FF nepoužívám a nemám, doplňky tudíž také ne.
Re: rolování oken
Nainstalovala jsem Aviru, odinstalovávám ostatní. Avira zatím nenašla nic.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: rolování oken
Nepoužíváš FF? Tak bych odinstaloval.
Co problémy?
Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: rolování oken
Ale já tam FF nemám. Nainstalovala jsem Aviru, při prvním průchodu full scan našla akorát nějakého trojana v zazipovaném cracku, teď jsem objevila, že se dá zvolit ještě vyšší úroveň heuristické analýzy, tak jsem to zvolila a spustila znovu, uvidíme. Zatím beze změn.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: rolování oken
FF , tím myslím firefox Mozilla.
jak beze změň? V pořádku?
jak beze změň? V pořádku?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 11 hostů