kolečko myši při rolování "poskakuje" tam a zpět Vyřešeno

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

udělala si? Nevidím log.

Myš byla asi měněna..
ovladače ke grafice jsou v pořádku?

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[Reklama]

[bara1317]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by barbara (administrator) on LENOVOBA (12-04-2018 23:17:21)
Running from C:\Users\barbara\Downloads
Loaded Profiles: barbara (Available Profiles: barbara & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Avira Operations GmbH & Co. KG;) C:\Program Files (x86)\Avira\SoftwareUpdater\AviraSoftwareUpdaterToastNotificationsBridge.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-03-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\Policies\Explorer: []
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
BootExecute: autocheck autochk * SmartDefragBootTime.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 78.157.167.7 78.157.167.57 192.168.100.1
Tcpip\..\Interfaces\{4236D1C1-F566-4FBB-9344-085B2C594350}: [DhcpNameServer] 78.157.167.7 78.157.167.57 192.168.100.1
Tcpip\..\Interfaces\{4D046EE1-B35A-464F-B6B5-F4F84C6FD19B}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_162\bin\ssv.dll [2018-03-19] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_162\bin\jp2ssv.dll [2018-03-19] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: m9j5zw78.default
FF ProfilePath: C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default [2018-04-12]
FF Homepage: Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default -> about:home
FF NewTab: Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default -> about:newtab
FF Extension: (Czech (CZ) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-cs@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-de@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (English (US) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Español (España) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Finnish Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-fi@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Français Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-fr@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Galego (España) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-gl@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-he@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-hu@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-it@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Japanese Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-ja@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Korean (KR) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-ko@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-nl@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Polski Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-pl@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Russian (RU) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-ru@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-sl@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (српски (sr) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-sr@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\barbara\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\m9j5zw78.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2017-07-11] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\dtplugin\npDeployJava1.dll [2018-03-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\plugin2\npjp2.dll [2018-03-19] (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default [2018-04-12]
CHR Extension: (Prezentace) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-12]
CHR Extension: (Dokumenty) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-12]
CHR Extension: (Disk Google) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-12]
CHR Extension: (YouTube) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-12]
CHR Extension: (Tabulky) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-12]
CHR Extension: (Gmail) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-12]
CHR Extension: (Chrome Media Router) - C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-12]
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-09] (SUPERAntiSpyware.com)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1136744 2018-03-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [492560 2018-03-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [492560 2018-03-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1533608 2018-03-07] (Avira Operations GmbH & Co. KG)
S3 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [443024 2018-03-12] (Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2938504 2018-02-15] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [103328 2018-04-11] (Avira Operations GmbH & Co. KG)
S3 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [183448 2017-08-24] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [296432 2014-04-16] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 KrosPlusFireBird; C:\Program Files (x86)\Cenkros\Firebird\FBbin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
S3 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
S3 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2014-09-16] (Lenovo(beijing) Limited)
S3 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-16] (Lenovo(beijing) Limited)
S3 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [37624 2014-04-21] (Lenovo(beijing) Limited)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-02-13] ()
S3 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [50600 2016-03-03] (Microsoft)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2158912 2018-03-28] (Electronic Arts)
S3 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3028808 2018-03-28] (Electronic Arts)
S3 PDF Architect 5; C:\Program Files\PDF Architect 5\ws.exe [2709176 2017-07-05] (pdfforge GmbH)
S3 PDF Architect 5 CrashHandler; C:\Program Files\PDF Architect 5\crash-handler-ws.exe [1051312 2017-07-05] (pdfforge GmbH)
S3 PDF Architect 5 Creator; C:\Program Files\PDF Architect 5\creator-ws.exe [859312 2017-07-05] (pdfforge GmbH)
S3 PDF Architect 6 Manager; C:\Program Files (x86)\PDF Architect 6 Manager\PDF Architect 6\Architect Manager.exe [994080 2018-02-20] (© pdfforge GmbH.)
S3 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-09-16] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2014-09-16] (Lenovo)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2014-09-16] (Lenovo)
R3 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2014-09-16] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-03-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-03-25] (Microsoft Corporation)
S3 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3743648 2017-02-13] (Intel® Corporation)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-10-05] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [178840 2017-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-02-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-10-05] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-10-05] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-10-05] (Avira Operations GmbH & Co. KG)
S3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32840 2017-07-14] (ELAN Microelectronic Corp.)
S1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [18576 2018-03-19] (Glarysoft Ltd)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-17] (REALiX(tm))
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231400 2017-08-24] (Intel Corporation)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3521032 2018-01-12] (Intel Corporation)
S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 NETwNs64; C:\WINDOWS\system32\DRIVERS\Netwsw02.sys [3427848 2017-10-22] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-08-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-08-18] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-08-18] (NVIDIA Corporation)
R3 ROCKEYNT; C:\WINDOWS\system32\DRIVERS\Rockey4.sys [36904 2017-08-29] (Feitian Technologies Co., Ltd.)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782816 2017-11-12] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3127552 2017-01-17] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2017-01-17] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-03-25] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-03-25] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-03-25] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-11-13] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-11-13] (Zemana Ltd.)
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-12 23:17 - 2018-04-12 23:17 - 000022644 _____ C:\Users\barbara\Downloads\FRST.txt
2018-04-12 23:17 - 2018-04-12 23:17 - 000000000 ____D C:\FRST
2018-04-12 23:14 - 2018-04-12 23:14 - 002403328 _____ (Farbar) C:\Users\barbara\Downloads\FRST64.exe
2018-04-12 22:36 - 2018-04-12 22:36 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-04-12 22:22 - 2018-04-12 23:17 - 000067870 _____ C:\WINDOWS\ZAM.krnl.trace
2018-04-12 22:22 - 2018-04-12 23:17 - 000038009 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-04-12 22:14 - 2018-04-12 22:14 - 000388608 _____ (Trend Micro Inc.) C:\Users\barbara\Downloads\HijackThis (1).exe
2018-04-12 19:45 - 2018-04-12 19:43 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2018-04-12 19:43 - 2018-04-12 19:43 - 000000000 ____D C:\zoek_backup
2018-04-12 19:41 - 2018-04-12 19:42 - 001168896 _____ C:\Users\barbara\Downloads\zoek.exe
2018-04-12 18:00 - 2018-04-12 18:00 - 008222496 _____ (Malwarebytes) C:\Users\barbara\Downloads\adwcleaner_7.0.8.0.exe
2018-04-12 16:46 - 2018-04-12 16:46 - 000000887 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-04-12 16:46 - 2018-04-12 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-04-12 16:46 - 2018-04-12 16:46 - 000000000 ____D C:\Program Files\RogueKiller
2018-04-12 16:44 - 2018-04-12 16:44 - 036606712 _____ (Adlice Software ) C:\Users\barbara\Downloads\setup.exe
2018-04-12 12:34 - 2018-04-12 12:38 - 195958672 _____ (Sophos Limited) C:\Users\barbara\Downloads\Sophos Virus Removal Tool.exe
2018-04-12 12:32 - 2018-04-12 12:32 - 000001254 _____ C:\Users\barbara\Desktop\JRT.txt
2018-04-12 12:28 - 2018-04-12 12:28 - 001790024 _____ (Malwarebytes) C:\Users\barbara\Downloads\JRT.exe
2018-04-11 10:04 - 2018-04-11 10:04 - 000001902 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-11 10:04 - 2018-04-11 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-11 10:04 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-11 10:01 - 2018-04-11 10:01 - 072943704 _____ (Malwarebytes ) C:\Users\barbara\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4678.exe
2018-04-11 09:53 - 2018-04-12 18:10 - 000000000 ____D C:\AdwCleaner
2018-04-11 09:52 - 2018-04-11 09:52 - 008222496 _____ (Malwarebytes) C:\Users\barbara\Downloads\AdwCleaner.exe
2018-04-11 09:40 - 2018-04-11 09:40 - 000448512 _____ (OldTimer Tools) C:\Users\barbara\Downloads\TFC.exe
2018-04-09 13:14 - 2018-04-09 13:14 - 000388608 _____ (Trend Micro Inc.) C:\Users\barbara\Downloads\HijackThis.exe
2018-04-09 13:01 - 2018-04-09 13:41 - 000000000 ____D C:\Users\barbara\AppData\Local\FSDART
2018-04-09 13:01 - 2018-04-09 13:02 - 000000000 ____D C:\ProgramData\F-Secure
2018-04-09 13:01 - 2018-04-09 13:01 - 000000000 ____D C:\Users\barbara\AppData\Local\F-Secure
2018-04-09 12:24 - 2018-04-09 12:24 - 000000808 _____ C:\DelFix.txt
2018-04-09 10:32 - 2018-04-09 10:32 - 000000000 ____D C:\Users\barbara\AppData\Local\ElevatedDiagnostics
2018-04-08 22:08 - 2018-04-08 22:08 - 000001073 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-04-08 01:34 - 2018-03-16 20:51 - 000144000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-04-08 01:34 - 2018-03-14 15:23 - 001993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-04-08 01:34 - 2018-03-14 15:23 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-04-08 01:34 - 2018-03-14 15:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-04-08 01:34 - 2018-03-14 15:23 - 000656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-04-08 01:34 - 2018-03-14 15:23 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-04-08 01:34 - 2018-03-14 15:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2018-04-08 01:34 - 2018-03-14 15:23 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-04-08 01:34 - 2018-03-14 15:23 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-04-08 01:34 - 2018-03-14 15:23 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-04-08 01:34 - 2018-02-10 03:29 - 000531632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-04-08 01:34 - 2018-02-10 03:25 - 001137872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-04-08 01:34 - 2018-02-09 19:44 - 000276304 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-04-08 01:34 - 2018-02-09 19:21 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-04-08 01:34 - 2018-02-08 20:53 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-04-08 01:34 - 2018-02-08 20:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-04-08 01:34 - 2018-02-08 20:18 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-04-08 01:34 - 2018-02-08 20:03 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-04-08 01:34 - 2018-02-08 19:49 - 000289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-04-08 01:34 - 2018-02-08 19:42 - 001001984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-04-08 01:34 - 2018-02-08 19:42 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-04-08 01:34 - 2018-02-08 19:40 - 001096192 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-04-08 01:34 - 2018-02-08 19:38 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-04-08 01:34 - 2018-02-08 19:27 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-04-08 01:34 - 2018-02-08 19:24 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-04-08 01:34 - 2018-02-08 19:03 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-04-08 01:34 - 2018-02-08 19:03 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-04-08 01:34 - 2018-01-25 16:19 - 000995272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-04-08 01:34 - 2018-01-25 16:14 - 000922944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-04-08 01:10 - 2018-04-08 01:13 - 000020326 _____ C:\WINDOWS\SysWOW64\Defrag.debuglog
2018-04-07 18:21 - 2018-04-11 10:25 - 000001701 _____ C:\Users\barbara\Desktop\malwarebytes.txt
2018-04-07 18:12 - 2018-04-11 10:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-02 01:38 - 2018-04-02 01:38 - 000000000 ____D C:\Users\barbara\AppData\Local\MajorSilence
2018-04-02 01:15 - 2018-04-02 01:15 - 000000000 ____D C:\Users\barbara\AppData\Local\fontconfig
2018-04-02 01:14 - 2018-04-02 01:14 - 000000024 _____ C:\Users\barbara\AppData\Roaming\splitterdirectorys.txt
2018-04-02 01:13 - 2018-04-02 01:13 - 000001295 _____ C:\Users\Public\Desktop\Free Video Splitter.lnk
2018-04-02 01:13 - 2018-04-02 01:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Splitter
2018-04-02 01:00 - 2005-06-15 03:00 - 000102400 _____ (TechSmith Corporation) C:\WINDOWS\SysWOW64\tsccvid.dll
2018-04-02 00:52 - 2018-04-02 00:52 - 000001347 _____ C:\Users\barbara\Desktop\AVIToolbox.lnk
2018-04-02 00:52 - 2018-04-02 00:52 - 000000000 ____D C:\Users\barbara\AppData\Roaming\KC Softwares
2018-04-02 00:52 - 2018-04-02 00:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KC Softwares
2018-04-02 00:52 - 2018-04-02 00:52 - 000000000 ____D C:\Program Files (x86)\KC Softwares
2018-03-22 12:41 - 2018-03-22 12:41 - 000001147 _____ C:\Users\Public\Desktop\Avira.lnk
2018-03-19 04:20 - 2018-03-02 20:55 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-19 04:20 - 2018-03-02 20:55 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-19 04:13 - 2018-03-03 09:24 - 007407960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-19 04:13 - 2018-03-03 09:24 - 000419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-03-19 04:13 - 2018-03-03 09:11 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-03-19 04:13 - 2018-03-03 09:11 - 001676064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-19 04:13 - 2018-03-03 09:11 - 001536120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-19 04:13 - 2018-03-03 09:11 - 001500432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-19 04:13 - 2018-03-03 09:11 - 001371352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-19 04:13 - 2018-03-03 07:23 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2018-03-19 04:13 - 2018-03-03 07:22 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2018-03-19 04:13 - 2018-02-18 22:53 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-03-19 04:13 - 2018-02-16 17:51 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-03-19 04:13 - 2018-02-16 17:51 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-03-19 04:13 - 2018-02-16 17:45 - 025742848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-19 04:13 - 2018-02-16 17:44 - 013678080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-19 04:13 - 2018-02-16 17:28 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-03-19 04:13 - 2018-02-16 17:24 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-03-19 04:13 - 2018-02-16 17:24 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-03-19 04:13 - 2018-02-16 17:19 - 020286976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-19 04:13 - 2018-02-16 16:37 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-03-19 04:13 - 2018-02-16 16:37 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-03-19 04:13 - 2018-02-15 17:15 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-19 04:13 - 2018-02-15 16:57 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-19 04:13 - 2018-02-10 22:24 - 000178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-19 04:13 - 2018-02-10 21:29 - 000274272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-19 04:13 - 2018-02-10 21:29 - 000124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NV_AGP.SYS
2018-03-19 04:13 - 2018-02-10 21:29 - 000065888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ULIAGPKX.SYS
2018-03-19 04:13 - 2018-02-10 21:29 - 000062304 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AGP440.sys
2018-03-19 04:13 - 2018-02-10 21:29 - 000021856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-19 04:13 - 2018-02-10 21:29 - 000017240 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msisadrv.sys
2018-03-19 04:13 - 2018-02-10 21:25 - 000533856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-19 04:13 - 2018-02-10 21:08 - 001307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-19 04:13 - 2018-02-10 21:06 - 000356184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-19 04:13 - 2018-02-10 19:50 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-03-19 04:13 - 2018-02-10 19:40 - 002901504 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-19 04:13 - 2018-02-10 19:40 - 000577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-19 04:13 - 2018-02-10 19:37 - 005779968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-19 04:13 - 2018-02-10 19:27 - 000817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-19 04:13 - 2018-02-10 19:26 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-19 04:13 - 2018-02-10 19:20 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-03-19 04:13 - 2018-02-10 19:10 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-19 04:13 - 2018-02-10 19:09 - 003757056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-19 04:13 - 2018-02-10 19:06 - 002295296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-19 04:13 - 2018-02-10 19:03 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-03-19 04:13 - 2018-02-10 19:01 - 000617472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-19 04:13 - 2018-02-10 19:00 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-19 04:13 - 2018-02-10 18:59 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-19 04:13 - 2018-02-10 18:58 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-03-19 04:13 - 2018-02-10 18:57 - 015281664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-19 04:13 - 2018-02-10 18:54 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-03-19 04:13 - 2018-02-10 18:52 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-03-19 04:13 - 2018-02-10 18:50 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-03-19 04:13 - 2018-02-10 18:50 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-03-19 04:13 - 2018-02-10 18:48 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-19 04:13 - 2018-02-10 18:47 - 002134016 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-03-19 04:13 - 2018-02-10 18:46 - 002412544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-19 04:13 - 2018-02-10 18:44 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-19 04:13 - 2018-02-10 18:43 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-19 04:13 - 2018-02-10 18:40 - 004496384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-19 04:13 - 2018-02-10 18:39 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-03-19 04:13 - 2018-02-10 18:35 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-03-19 04:13 - 2018-02-10 18:34 - 000694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-03-19 04:13 - 2018-02-10 18:34 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-03-19 04:13 - 2018-02-10 18:33 - 002058240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-03-19 04:13 - 2018-02-10 18:33 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-19 04:13 - 2018-02-10 18:30 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-19 04:13 - 2018-02-10 18:29 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-19 04:13 - 2018-02-10 18:23 - 001545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-03-19 04:13 - 2018-02-10 18:12 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-03-19 04:13 - 2018-02-10 18:11 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-03-19 04:13 - 2018-02-10 18:09 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-03-19 04:13 - 2018-02-08 19:37 - 002779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-03-19 04:13 - 2018-02-08 18:57 - 002464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2018-03-19 04:13 - 2018-02-02 22:42 - 003320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-19 04:13 - 2018-02-02 21:24 - 003610112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-19 03:02 - 2018-03-19 03:02 - 000001235 _____ C:\Users\barbara\Desktop\CrystalDiskInfo.lnk
2018-03-19 03:00 - 2018-03-19 03:00 - 000000000 ____D C:\Users\barbara\AppData\Local\AviraSpeedup
2018-03-19 02:58 - 2018-03-19 02:58 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-03-19 02:58 - 2018-03-19 02:58 - 000000000 ____D C:\Users\barbara\AppData\Roaming\Sun
2018-03-19 02:58 - 2018-03-19 02:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-03-19 02:55 - 2018-04-10 04:11 - 000000000 ____D C:\Users\barbara\AppData\Local\PDFCreator
2018-03-19 02:55 - 2018-03-19 02:55 - 000000000 ____D C:\Program Files (x86)\PDF Architect 6 Manager
2018-03-19 02:54 - 2018-03-19 02:54 - 000000000 ____D C:\ProgramData\PDF Architect 6
2018-03-19 02:53 - 2018-03-19 02:53 - 000000861 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2018-03-19 02:53 - 2018-03-19 02:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2018-03-19 02:51 - 2018-03-19 02:51 - 000002340 _____ C:\Users\barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2018-03-19 02:51 - 2018-03-19 02:51 - 000002067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2018-03-19 02:50 - 2018-03-19 02:50 - 000002976 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2018-03-19 02:48 - 2018-03-19 02:50 - 000001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2018-03-19 02:48 - 2018-03-19 02:50 - 000001109 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2018-03-19 02:33 - 2018-03-19 02:33 - 000003870 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-03-19 00:40 - 2018-03-19 00:40 - 000003176 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze
2018-03-19 00:40 - 2018-03-19 00:40 - 000003022 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2018-03-19 00:40 - 2017-03-09 14:53 - 000030744 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2018-03-19 00:40 - 2016-03-25 15:33 - 000128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2018-03-13 13:44 - 2018-03-13 13:44 - 001469952 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorA.sys
2018-03-13 13:44 - 2018-03-13 13:44 - 000999760 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2018-03-13 13:44 - 2018-03-13 13:44 - 000122824 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-12 23:10 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2018-04-12 22:34 - 2016-12-23 09:14 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2155449529-2713239103-2906735623-1001
2018-04-12 22:30 - 2014-09-16 04:25 - 000734494 _____ C:\WINDOWS\system32\perfh005.dat
2018-04-12 22:30 - 2014-09-16 04:25 - 000148824 _____ C:\WINDOWS\system32\perfc005.dat
2018-04-12 22:30 - 2014-03-18 11:53 - 001739092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-12 22:26 - 2014-09-16 04:17 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-12 22:24 - 2017-01-12 17:38 - 000000000 ___RD C:\Users\barbara\OneDrive
2018-04-12 22:23 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-12 22:21 - 2014-09-16 05:10 - 000006656 _____ C:\WINDOWS\system32\VfService.trf
2018-04-12 20:18 - 2017-11-14 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-04-12 19:56 - 2016-12-22 14:36 - 000000000 ____D C:\Users\barbara
2018-04-12 18:03 - 2017-01-12 19:53 - 000000000 ____D C:\Users\barbara\AppData\Roaming\IObit
2018-04-12 18:03 - 2014-12-31 20:35 - 000000000 ____D C:\Users\barbara\AppData\LocalLow\IObit
2018-04-12 16:47 - 2017-01-05 21:06 - 000000000 ____D C:\Users\barbara\AppData\Roaming\eM Client
2018-04-12 12:24 - 2017-12-24 21:47 - 000000000 ____D C:\ProgramData\Origin
2018-04-12 10:47 - 2017-12-24 21:54 - 000000000 ____D C:\Users\barbara\AppData\Roaming\Origin
2018-04-10 03:42 - 2017-01-25 00:39 - 000000000 ____D C:\Users\barbara\AppData\Local\CrashDumps
2018-04-09 13:38 - 2017-11-13 17:04 - 000000000 ____D C:\Users\barbara\Downloads\backups
2018-04-09 09:58 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-04-08 22:21 - 2017-01-12 14:56 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-04-08 22:21 - 2017-01-08 17:26 - 000000000 ____D C:\Program Files (x86)\Star Stable Online
2018-04-08 22:21 - 2017-01-06 00:09 - 000000000 ____D C:\ProgramData\Skype
2018-04-08 22:08 - 2017-11-13 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-04-08 19:05 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-04-08 14:58 - 2017-08-30 09:45 - 000000000 ____D C:\Users\barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2018-04-08 01:39 - 2017-01-13 05:02 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-08 01:39 - 2013-08-22 17:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-04-08 01:37 - 2017-12-01 20:38 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-08 01:24 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-04-07 23:03 - 2013-08-22 17:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-04-07 18:12 - 2017-11-12 00:18 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-07 16:20 - 2017-01-12 15:32 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2018-04-07 16:17 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-04-04 19:43 - 2017-12-24 21:54 - 000000000 ____D C:\Program Files (x86)\Origin
2018-03-26 03:01 - 2017-12-25 21:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2018-03-22 12:41 - 2014-09-16 04:28 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-22 11:38 - 2014-09-16 05:23 - 000000000 ____D C:\ProgramData\Energy Manager
2018-03-21 02:58 - 2017-01-12 16:50 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-21 02:58 - 2017-01-12 16:50 - 000002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-19 04:19 - 2013-08-22 16:44 - 000454656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-19 04:04 - 2018-03-10 12:15 - 000000000 ____D C:\Users\Public\Speedup Sessions
2018-03-19 04:02 - 2017-01-12 13:11 - 000000000 ____D C:\Program Files\PDFCreator
2018-03-19 03:58 - 2017-01-12 21:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-19 03:58 - 2017-01-06 00:09 - 000000000 ____D C:\Users\barbara\AppData\Roaming\Skype
2018-03-19 03:55 - 2017-10-22 09:12 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-19 03:55 - 2017-01-12 21:51 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-19 03:02 - 2017-11-12 00:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2018-03-19 03:02 - 2017-11-12 00:52 - 000000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2018-03-19 03:01 - 2017-12-25 21:13 - 000001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2018-03-19 03:01 - 2017-12-25 21:13 - 000001145 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2018-03-19 02:58 - 2017-07-16 00:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2018-03-19 02:58 - 2017-07-16 00:51 - 000000000 ____D C:\Program Files\Java
2018-03-19 02:51 - 2017-12-25 21:13 - 000001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2018-03-19 02:51 - 2017-12-25 21:13 - 000001169 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2018-03-19 02:51 - 2017-12-25 21:13 - 000001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
2018-03-19 02:51 - 2017-12-25 21:13 - 000001153 _____ C:\Users\Public\Desktop\WavePad Sound Editor.lnk
2018-03-19 02:50 - 2017-01-12 15:32 - 000018576 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2018-03-19 02:48 - 2017-01-12 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2018-03-19 02:39 - 2017-12-25 21:12 - 000000000 ____D C:\ProgramData\NCH Software
2018-03-19 02:39 - 2017-12-25 21:12 - 000000000 ____D C:\Program Files (x86)\NCH Software
2018-03-19 02:33 - 2017-01-05 19:09 - 000000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-03-19 00:39 - 2017-03-25 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2018-03-13 13:41 - 2017-09-28 02:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5

==================== Files in the root of some directories =======

2016-12-28 14:48 - 2016-12-28 14:52 - 000000082 _____ () C:\Program Files\smaple.txt
2018-04-02 01:14 - 2018-04-02 01:14 - 000000024 _____ () C:\Users\barbara\AppData\Roaming\splitterdirectorys.txt
2017-11-12 17:08 - 2017-11-12 17:08 - 000003584 _____ () C:\Users\barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-28 14:54 - 2016-12-28 14:54 - 001065984 _____ () C:\Users\barbara\AppData\Local\file__0.localstorage
2017-11-15 13:03 - 2017-11-15 13:03 - 000000017 _____ () C:\Users\barbara\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2018-04-12 22:36 - 2018-03-03 09:11 - 001737600 _____ (Microsoft Corporation) C:\Users\barbara\AppData\Local\Temp\dllnt_dump.dll

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\mfevtps.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-06 02:34

==================== End of FRST.txt ============================

[bara1317]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by barbara (12-04-2018 23:17:59)
Running from C:\Users\barbara\Downloads
Windows 8.1 (Update) (X64) (2016-12-22 12:39:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2155449529-2713239103-2906735623-500 - Administrator - Disabled) => C:\Users\Administrator
barbara (S-1-5-21-2155449529-2713239103-2906735623-1001 - Administrator - Enabled) => C:\Users\barbara
Guest (S-1-5-21-2155449529-2713239103-2906735623-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2155449529-2713239103-2906735623-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Disabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Aktualizace NVIDIA 28.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 28.0.0.0 - NVIDIA Corporation) Hidden
Any Video Converter Professional 6.1.8 (HKLM-x32\...\Any Video Converter Professional_is1) (Version: - Any-Video-Converter.com)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
AutoCAD 2015 – Čeština (Czech) (HKLM\...\{5783F2D7-E001-0000-0102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 – Čeština (Czech) (HKLM\...\{5783F2D7-E001-0405-2102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack – Čeština (Czech) (HKLM\...\{5783F2D7-E001-0405-1102-0060B0CE6BBA}) (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.2.3.1000 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk AutoCAD 2015 – Čeština (Czech) (HKLM\...\AutoCAD 2015 – Čeština (Czech)) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk ReCap (HKLM\...\{31ABA3F2-0000-1033-0102-111D43815377}) (Version: 1.3.1.39 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk)
Avira (HKLM-x32\...\{5269e51a-b619-4c55-8a5c-8c7eaf27e6cf}) (Version: 1.2.108.24268 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{DBA89A98-6FF1-4FE3-8147-69DD2C5DE889}) (Version: 1.2.108.24268 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.34.27 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{ED00B2D3-9D90-4A44-9982-BA4527157330}) (Version: 2.0.5.1516 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.7.1.7268 - Avira Operations GmbH & Co. KG)
BlueGriffon version 2.3.1 (HKLM-x32\...\{A9015334-10BE-4D64-A776-203336EFE806}_is1) (Version: 2.3.1 - Disruptive Innovations SAS)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
CENKROS 4 (HKLM-x32\...\{30044428-2B17-46EF-B473-28BC89909399}) (Version: - KROS a.s.)
ClPhpEd(remove only) (HKLM-x32\...\ClPhpEd) (Version: - )
CrystalDiskInfo 7.5.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.2 - Crystal Dew World)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 5.03 - NCH Software)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.2.0 - IObit)
Ekonomický systém Money S3 (HKLM-x32\...\Money S3) (Version: 17.900 (20171022_14) - CÍGLER SOFTWARE, a.s.)
Electrum (HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\Electrum) (Version: 2.9.3 - Electrum Technologies GmbH)
eM Client (HKLM-x32\...\{686A0A09-76B2-41A3-AC4C-22E7C88316C1}) (Version: 7.1.31849.0 - eM Client Inc.)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.20 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.20 - Lenovo)
EPSON XP-600 Series Printer Uninstall (HKLM\...\EPSON XP-600 Series) (Version: - SEIKO EPSON Corporation)
Express Animate (HKLM-x32\...\ExpressAnimate) (Version: 3.02 - NCH Software)
FastStone Image Viewer 6.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.4 - FastStone Soft)
Free Video Splitter (HKLM-x32\...\{EAE005AD-F629-49DD-A605-C2264267622A}) (Version: 1.0.0 - Media Freeware)
Glary Utilities 5.93 (HKLM-x32\...\Glary Utilities 5) (Version: 5.93.0.115 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
Import souborů SketchUp (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{F519CBBC-B049-4117-AF94-63F08E719CA5}) (Version: 17.1.1450.0402 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{66614300-cd9b-4a62-8b18-c97e9562dc3e}) (Version: 19.50.0 - Intel Corporation)
Java 8 Update 162 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180162F0}) (Version: 8.0.1620.12 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 141 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180141}) (Version: 8.0.1410.15 - Oracle Corporation)
Java SE Development Kit 8 Update 144 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180144}) (Version: 8.0.1440.1 - Oracle Corporation)
Java SE Development Kit 8 Update 151 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180151}) (Version: 8.0.1510.12 - Oracle Corporation)
Java SE Development Kit 8 Update 162 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180162}) (Version: 8.0.1620.12 - Oracle Corporation)
KC Softwares AVIToolbox (HKLM-x32\...\KC Softwares AVIToolbox_is1) (Version: 2.7.1.58 - KC Softwares)
KickMyGraphics 2.0 (HKLM-x32\...\KickMyGraphics_is1) (Version: - MijnRaad.nl)
Kros (HKLM\...\{148477A0-A868-425E-9F93-CE8CE95AFE44}) (Version: 8.5.940 - Softland) Hidden
Kros PDF (HKLM-x32\...\{e6b27eee-2b6f-4344-8f4b-93591eb3f24e}) (Version: 162.100.1.0 - Kros a.s.)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10279 - Realtek Semiconductor Corp.)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo)
Lenovo Settings (HKLM-x32\...\{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.46 - Lenovo) Hidden
Lenovo Settings (HKLM-x32\...\InstallShield_{42F8AFC3-7944-46CC-9689-94FF9869D0A7}) (Version: 1.0.0.46 - Lenovo)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Updates (HKLM-x32\...\{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.3.0.6 - Lenovo) Hidden
Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.3.0.6 - Lenovo)
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.1.14.3211 - Lenovo)
Magic Transfer (HKLM-x32\...\{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo) Hidden
Magic Transfer (HKLM-x32\...\InstallShield_{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo)
Malwarebytes verze 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Manager (HKLM-x32\...\{0DF6CCDE-4039-46E8-BB87-D602FC172B85}) (Version: 6.0.2.135 - pdfforge GmbH) Hidden
Manager (HKLM-x32\...\{2D00EBC4-DD22-4F5B-9BA1-F98ED2C6FCF2}) (Version: 5.0.15.31893 - 2017 pdfforge GmbH. All rights reserved) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
novaPDF 8 Printer Driver (HKLM\...\{F9F62525-05B6-4AD7-8D30-0D872CC1FB3C}) (Version: 8.5.940 - Softland)
novaPDF 8 SDK COM (x86) (HKLM-x32\...\{A6DF899D-5518-4DAB-A4F9-F7D0CDD43224}) (Version: 8.5.940 - Softland)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
OpenOffice 4.1.4 (HKLM-x32\...\{6CA4F7F3-B909-4292-B791-AAA959155DE0}) (Version: 4.14.9788 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.16.49299 - Electronic Arts, Inc.)
ORPALIS PDF Reducer 3 Free Edition (HKLM-x32\...\{CA597518-9486-4DA2-8CEE-0FADD5CE364A}) (Version: 3.0.19 - ORPALIS)
PDF Architect 5 (HKLM-x32\...\PDF Architect 5) (Version: 5.0.26.34003 - pdfforge GmbH)
PDF Architect 5 Create Module (HKLM\...\{0E25DE98-E56E-4259-B554-F1360BB2DC22}) (Version: 5.0.28.34044 - pdfforge GmbH) Hidden
PDF Architect 5 Edit Module (HKLM\...\{EE01D8D7-2DD0-4C43-BF42-D9C8FC8DAE99}) (Version: 5.0.28.34044 - pdfforge GmbH) Hidden
PDF Architect 5 View Module (HKLM\...\{4DC94B75-B036-474D-8AC8-E2D055C95FBD}) (Version: 5.0.28.34044 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.2.0 - pdfforge GmbH)
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 3.21 - NCH Software)
PicPick (HKLM-x32\...\PicPick) (Version: 4.2.8 - NGWIN)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
QuickMediaConverter (HKLM-x32\...\QUICKMEDIACONVERTERExécutable Windows 64 bits) (Version: 0.7.73.0 - MediaArea.net)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21300 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Roblox Player for barbara (HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - Roblox Corporation)
RocketCake 1.4 (remove only) (HKLM-x32\...\RocketCake 1.4) (Version: - Ambiera)
RogueKiller version 12.12.12.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.12.0 - Adlice Software)
SaveSnap (HKLM-x32\...\SaveSnap) (Version: - )
SketchUp 2016 (HKLM\...\{D87EE6DC-32BA-4219-AC75-0A6FD54ED058}) (Version: 16.0.19912 - Trimble Navigation Limited)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.8.5 - IObit)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Speciální aplikace Autodesk (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
StageLight (HKLM\...\StageLight) (Version: 1.3.0.4350 - Open Labs, LLC.)
Star Stable Online (HKLM-x32\...\{8CD50415-04B7-459E-8CBD-DA96A9CDF98E}) (Version: 1.01.0000 - Star Stable Entertainment AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1232 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.81 - Synaptics Incorporated)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.41.38.1020 - Electronic Arts Inc.)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 6.01 - NCH Software)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 8.02 - NCH Software)
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\cs-CZ\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-13] ()
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2014-02-07] (Autodesk)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2018-03-02] (Glarysoft Ltd)
ContextMenuHandlers1: [PDFArchitect5_ManagerExt] -> {00B7B69F-6774-4906-9C7F-7D117A3644A9} => C:\Program Files\PDF Architect 5\creator-context-menu.dll [2017-07-05] (pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-04-24] (Lenovo)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-12-18] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2018-03-02] (Glarysoft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [000LenovoFoldersContextMenu] -> {D2DB7BAA-9E12-4640-825C-B1EB36A3809A} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-04-24] (Lenovo)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2014-04-16] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\windows\system32\igfxOSP.dll [2014-04-16] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-13] ()
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2018-03-02] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-12-18] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A506274-2307-4BAD-8741-851E218C1F4B} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [2014-09-16] (Lenovo(beijing) Limited)
Task: {1C7E036A-A57D-4F45-B5BB-D69817B6A491} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {1DA3AFFF-F505-4E66-A437-29FF443A5596} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {259DDAAF-B2AB-4F6F-9EDB-B4CDB452EBB2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {2C5A7E9A-265F-4329-9846-4E8B9911EC2A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-07] (Synaptics Incorporated)
Task: {3F3B49DB-7909-4937-B706-A03DEBBBC26E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
Task: {4AC7B28D-1A96-4205-B899-C16D2E92836C} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2018-03-08] (Avira Operations GmbH & Co. KG)
Task: {5928FDA6-E389-4876-BC20-BEBFED53D78F} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] ()
Task: {64872B6D-A83A-45C0-8A31-CC2364CCCC21} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {65E3D09C-A846-46A3-9F95-518B9C4CB363} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\3 => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Task: {779F898D-2FF8-4BB5-8283-33EB8E44788F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-18] (NVIDIA Corporation)
Task: {7F7A1D49-640D-4DB1-A050-5D8EB52C5899} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {8A6365D3-9495-4F87-A966-7EB3EA3E7694} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {8DFD098B-F9C7-42A3-93D8-5F96BABB1DEF} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-22] ()
Task: {9126D997-AC10-4FB9-8E16-704A8A2B30AE} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2018-03-05] (Glarysoft Ltd)
Task: {97EF61A6-9A7C-4825-85B9-EA65822E6F28} - System32\Tasks\eM Client Database Backup => C:\Program Files (x86)\eM Client\DbBackup.exe [2017-12-20] ()
Task: {9E82D4C9-CA51-4DA9-A79F-FE8A87CA3801} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-18] (NVIDIA Corporation)
Task: {A58040E5-859D-46F6-AF39-1104250E141C} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-12-19] (Oracle Corporation)
Task: {AFAE5CA2-C2D7-4E70-A216-5BCF9153421E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {B439C479-639F-4CDB-B8BB-FC19E67B5D67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
Task: {BF526917-FF32-4A3C-87BD-3054095352F5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {D4115115-0A8E-4306-BBAE-B2E535824BE3} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-07-28] (IObit)
Task: {D94E96DE-391A-404B-A2E5-305DA1F25E98} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-18] (NVIDIA Corporation)
Task: {D9F023A4-56CA-496E-865D-C737DDDC1819} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-18] (NVIDIA Corporation)
Task: {DAB1FDFE-8A31-4F28-BAB9-7CEB1E87C0AA} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-03-07] (Avira Operations GmbH & Co. KG)
Task: {DB360708-DD13-41A5-9A5B-A80F6F7F4F62} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {DFC1AAC4-63CD-450E-BC09-1B608D4F406F} - \Driver Booster SkipUAC (barbara) -> No File <==== ATTENTION
Task: {E018848B-22D4-460F-8E05-30BA072B7162} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {EA4FB681-1EFA-40F0-88D9-6CB3B54E1DAF} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\barbara\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\Users\barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2014-09-16 05:10 - 2014-09-16 05:10 - 000068880 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
2014-09-16 05:10 - 2014-09-16 05:10 - 000672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll
2014-06-17 07:47 - 2014-04-16 10:28 - 000080312 _____ () C:\windows\system32\igfxexps.dll
2017-01-23 00:29 - 2017-08-18 06:32 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-09-16 04:17 - 2016-12-29 15:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-16 05:15 - 2012-04-24 12:43 - 000390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-01-23 00:29 - 2017-08-18 06:32 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-03-12 11:33 - 2018-03-12 11:33 - 000192512 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\be3004c59375e380be71b11fdcd5f0c1\Windows.Foundation.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"

[bara1317]

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\.DEFAULT\...\125sms.com -> www.125sms.com
IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\.DEFAULT\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
IE restricted site: HKU\.DEFAULT\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\.DEFAULT\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\.DEFAULT\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\.DEFAULT\...\1987324.com -> www.1987324.com
IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\.DEFAULT\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\.DEFAULT\...\1importantiamreal.com -> www.1importantiamreal.com

There are 7916 more sites.

IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\125sms.com -> www.125sms.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\12w.net -> download-video.12w.net
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1987324.com -> www.1987324.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1importantiamreal.com -> www.1importantiamreal.com

There are 7916 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 19:45 - 2018-04-12 19:45 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 78.157.167.7 - 78.157.167.57
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: MBAMService => 2
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "AVI Splitter Software.exe"
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{553A8E35-1568-4620-9158-DCEC5F73D348}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{35DC1ED4-510A-4883-AE6A-FB39B78AE400}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{117DFC4C-172D-4496-ABA5-1E69F3FB737D}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B0A75022-1A6B-4510-831D-80C36A9E5FCF}] => (Allow) LPort=55100
FirewallRules: [{759A209A-B91C-482D-814A-1BC8FA71850A}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{36C52146-8710-41ED-B8D1-AB27A27BAEA9}] => (Allow) LPort=50248
FirewallRules: [{38F7EE92-FF6C-40F4-AB23-71817EB08874}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{9F18CC39-F311-4948-A49B-F126C7EA37A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{C74E057E-223E-4792-A882-004E8ED811DC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C6376FBE-B7C6-4574-8B4B-0F5F57AF37A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{C628231B-F313-4E25-8A75-F9B76CD0EDE5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{AD1A3828-7F01-4C23-A177-E45E76CDACE7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{FA1EDC98-6AAE-4F3F-87EA-D8E2525B799E}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F6DDBBBA-195A-40F7-A3DE-29689350DB2B}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{1A8A0D13-CF5F-4F8C-9F8A-19A24896FA8B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C47206C5-C9B2-4AA8-B447-7CEBF76DB0CF}] => (Allow) LPort=8501
FirewallRules: [{55CD5583-712F-469D-BF42-5C3EFC06CFC7}] => (Allow) LPort=8501
FirewallRules: [{CC6A037B-18A8-42EA-A690-C97CA1027351}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{0525B50E-8F88-4C69-9A74-C620457C4F60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D297E60E-31BC-457E-82B9-25A852841099}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{72BD5184-71D8-4F35-ACC9-945E19D07D3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{15583035-9005-4212-B801-45ACD84C07B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{7486DAEA-5E49-4059-AA0C-154F58106D2B}C:\program files (x86)\nch software\expressanimate\expressanimate.exe] => (Allow) C:\program files (x86)\nch software\expressanimate\expressanimate.exe
FirewallRules: [UDP Query User{3D079869-2105-46F2-A0CE-7678D7E88D83}C:\program files (x86)\nch software\expressanimate\expressanimate.exe] => (Allow) C:\program files (x86)\nch software\expressanimate\expressanimate.exe
FirewallRules: [TCP Query User{C52ABEC2-A62D-4F0B-939F-230FED9777E4}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [UDP Query User{5A1FD96B-3D39-46A5-84D1-AE15E9847291}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [{E1FEA929-F644-41D1-B509-6B1B1E47D123}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{AC64FB14-3A2B-4E78-AFD3-CB15F64B7663}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{6F74968F-E3FD-4715-AFE6-A8EA2E2D94AA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{A824774D-844B-435A-B200-D80BF83FD887}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{70729718-8CC2-49C4-B29A-A86C8B2C7813}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe
FirewallRules: [{F7D4FD2A-465D-4FBE-8D4E-C7362A223324}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DriverBooster.exe
FirewallRules: [{CD76D1D2-673E-4937-A55B-61095F7E5C62}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe
FirewallRules: [{5BFC21EF-F610-4D1C-ABD3-3138047B67D1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\DBDownloader.exe
FirewallRules: [{A21341C3-331B-4CFC-88C9-28810CAA7CE6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe
FirewallRules: [{2E51D633-8D80-493C-8115-5E583BF0DB1B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\AutoUpdate.exe
FirewallRules: [{AEC00070-E290-4D13-97B4-21DD66573AA8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F0AD9E43-2E3A-4171-90F2-729E61808924}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe
FirewallRules: [{E1A10892-BED2-47E4-A1D7-6950A799C6A9}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe
FirewallRules: [TCP Query User{48C91D27-B56F-48C4-B2E0-1BA4A2C8AA74}C:\program files (x86)\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files (x86)\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe
FirewallRules: [UDP Query User{34D39D57-5072-475B-B20C-CEA6A7421A44}C:\program files (x86)\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe] => (Allow) C:\program files (x86)\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe

==================== Restore Points =========================

10-04-2018 12:41:46 Scheduled Checkpoint
12-04-2018 12:30:45 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2018 11:17:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOBA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (04/12/2018 11:17:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOBA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (04/12/2018 11:17:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOBA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (04/12/2018 11:17:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOBA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (04/12/2018 11:17:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOBA)
Description: Aplikaci E046963F.LenovoSupport_k1h2ywk1493x8!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (04/12/2018 11:17:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOBA)
Description: Aplikaci E046963F.LenovoSupport_k1h2ywk1493x8!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (04/12/2018 11:16:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOBA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (04/12/2018 11:16:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVOBA)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.


System errors:
=============
Error: (04/12/2018 11:17:10 PM) (Source: DCOM) (EventID: 10010) (User: LENOVOBA)
Description: Server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/12/2018 11:17:04 PM) (Source: DCOM) (EventID: 10010) (User: LENOVOBA)
Description: Server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/12/2018 11:17:04 PM) (Source: DCOM) (EventID: 10010) (User: LENOVOBA)
Description: Server App.AppX6v65ke6xy52mzp48tbdgqddy15h0mcbk.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/12/2018 11:17:04 PM) (Source: DCOM) (EventID: 10010) (User: LENOVOBA)
Description: Server Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4 se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/12/2018 11:17:04 PM) (Source: DCOM) (EventID: 10010) (User: LENOVOBA)
Description: Server App.AppX1222w7mnscdhak8wye3bynztq2t5x6q9.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/12/2018 11:17:04 PM) (Source: DCOM) (EventID: 10010) (User: LENOVOBA)
Description: Server Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4 se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/12/2018 11:16:52 PM) (Source: DCOM) (EventID: 10010) (User: LENOVOBA)
Description: Server Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4 se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/12/2018 11:16:52 PM) (Source: DCOM) (EventID: 10010) (User: LENOVOBA)
Description: Server Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4 se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
===================================
Date: 2017-10-02 03:46:40.194
Description:
Prohledávání Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... terprise=0
Název: Trojan:Win32/Skeeyah.A!rfn
ID: 2147694182
Závažnost: Severe
Kategorie: Trojan
Cesta: file:_C:\Users\barbara\AppData\Local\Temp\034638710.exe;file:_E:\9_Install\Adobe Acrobat Pro DC 2015.010.20060 Multilingual + Crack\ADOBE_CC_V2015-XFORCE\xf-adobecc2015.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
Verze podpisu: AV: 1.253.149.0, AS: 1.253.149.0, NIS: 118.0.0.0
Verze modulu: AM: 1.1.14202.0, NIS: 2.1.14202.0

Date: 2017-10-02 03:46:39.288
Description:
Prohledávání Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... terprise=0
Název: Trojan:Win32/Skeeyah.A!rfn
ID: 2147694182
Závažnost: Severe
Kategorie: Trojan
Cesta: file:_C:\Users\barbara\AppData\Local\Temp\034638710.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
Verze podpisu: AV: 1.253.149.0, AS: 1.253.149.0, NIS: 118.0.0.0
Verze modulu: AM: 1.1.14202.0, NIS: 2.1.14202.0

Date: 2017-10-02 03:38:56.289
Description:
Prohledávání Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... terprise=0
Název: HackTool:Win32/Keygen!rfn
ID: 2147692398
Závažnost: Medium
Kategorie: Tool
Cesta: file:_C:\Users\barbara\AppData\Local\Temp\033855805.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
Verze podpisu: AV: 1.253.149.0, AS: 1.253.149.0, NIS: 118.0.0.0
Verze modulu: AM: 1.1.14202.0, NIS: 2.1.14202.0

Date: 2017-05-31 04:27:06.331
Description:
Prohledávání Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... terprise=0
Název: HackTool:Win32/Keygen
ID: 2147593794
Závažnost: Medium
Kategorie: Tool
Cesta: containerfile:_E:\9_Install\CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual + Keygen\Crack\Keygen.exe;file:_E:\9_Install\Autocad2015\64\AutoCAD 2015 Keygen 64bit.exe;file:_E:\9_Install\Autocad2015\AutoCAD 2015 Keygen 64bit.exe;file:_E:\9_Install\CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual + Keygen\Crack\Keygen.exe->(UPX)
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\System32\rundll32.exe
Verze podpisu: AV: 1.243.80.0, AS: 1.243.80.0, NIS: 116.88.0.0
Verze modulu: AM: 1.1.13704.0, NIS: 2.1.12706.0

Date: 2017-05-30 07:47:24.019
Description:
Prohledávání Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... terprise=0
Název: HackTool:Win32/Keygen
ID: 2147593794
Závažnost: Medium
Kategorie: Tool
Cesta: containerfile:_E:\9_Install\CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual + Keygen\Crack\Keygen.exe;file:_E:\9_Install\Autocad2015\64\AutoCAD 2015 Keygen 64bit.exe;file:_E:\9_Install\Autocad2015\AutoCAD 2015 Keygen 64bit.exe;file:_E:\9_Install\CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual + Keygen\Crack\Keygen.exe->(UPX)
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\System32\rundll32.exe
Verze podpisu: AV: 1.243.80.0, AS: 1.243.80.0, NIS: 116.88.0.0
Verze modulu: AM: 1.1.13704.0, NIS: 2.1.12706.0

Date: 2017-05-24 12:00:33.679
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.243.80.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13704.0
Kód chyby: 0x8024402c
Popis chyby :An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2017-03-31 00:28:25.442
Description:
Prohledávání Windows Defender zaznamenalo kritickou chybu při provádění akce u malwaru nebo jiného potenciálně nežádoucího softwaru.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... terprise=0
Název: BrowserModifier:Win32/Neobar
ID: 225451
Závažnost: High
Kategorie: Browser Modifier
Cesta: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\Youtube AdBlock;regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Users\Administrator\AppData\LocalLow\Youtube AdBlock;regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Users\Administrator\AppData\Local\Temp;regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Users\barbara\AppData\LocalLow\Youtube AdBlock;regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Users\barbara\AppData\Local\Google\Chrome\User Data;regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\Users\barbara\AppData\Local\Temp;regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\C:\WINDOWS\Temp;regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Program Files (x86)\Youtube AdBlock;regkeyvalue:_HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\\C:\Users\Administrator\A
Původ zjišťování: Neznámý
Typ zjišťování: Konkrétní
Zdroj zjišťování: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Akce: Karanténa
Stav akce: No additional actions required
Kód chyby: 0x80070057
Popis chyby: The parameter is incorrect.
Verze podpisu: AV: 1.239.450.0, AS: 1.239.450.0, NIS: 116.88.0.0
Verze modulu: AM: 1.1.13601.0, NIS: 2.1.12706.0

CodeIntegrity:
===================================

Date: 2018-04-12 22:23:09.796
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-12 19:47:00.652
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-12 18:05:07.024
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-11 09:44:12.484
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-09 13:43:46.660
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-09 13:40:58.667
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-09 12:39:27.641
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-09 11:50:41.012
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 19%
Total physical RAM: 16296.27 MB
Available physical RAM: 13175.99 MB
Total Virtual: 17896.27 MB
Available Virtual: 15005.14 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:298.32 GB) (Free:202.46 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:19.5 GB) NTFS
Drive e: () (Fixed) (Total:590 GB) (Free:239.08 GB) NTFS

\\?\Volume{f2309503-e317-4551-9cec-7f88d675c860}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.63 GB) NTFS
\\?\Volume{9aaf57eb-788e-4cf9-8454-887cdf779da7}\ (PBR_DRV) (Fixed) (Total:15.86 GB) (Free:4.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 53BB0211)

Partition: GPT.

==================== End of Addition.txt ============================

[jaro3]

Měla bys odinstalovat cracknuté:
IObit Malware Fighter
ADOBE_CC_V2015-XFORCE
CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual
AutoCAD 2015

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
C:\Users\barbara\AppData\Local\Temp\dllnt_dump.dll
C:\Windows\SysWOW64\mfevtps.exe
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\ChromeHTML: -> <==== ATTENTION
Task: {3F3B49DB-7909-4937-B706-A03DEBBBC26E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
Task: {B439C479-639F-4CDB-B8BB-FC19E67B5D67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
Task: {DFC1AAC4-63CD-450E-BC09-1B608D4F406F} - \Driver Booster SkipUAC (barbara) -> No File <==== ATTENTION
Shortcut: C:\Users\barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\Users\barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\.DEFAULT\...\125sms.com -> www.125sms.com
IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\.DEFAULT\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
IE restricted site: HKU\.DEFAULT\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\.DEFAULT\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\.DEFAULT\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\.DEFAULT\...\1987324.com -> www.1987324.com
IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\.DEFAULT\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\.DEFAULT\...\1importantiamreal.com -> www.1importantiamreal.com
There are 7916 more sites.
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\125sms.com -> www.125sms.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\12w.net -> download-video.12w.net
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1987324.com -> www.1987324.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1importantiamreal.com -> www.1importantiamreal.com
There are 7916 more sites.
C:\Users\barbara\AppData\Local\Temp\034638710.exe;file:_E:\9_Install\Adobe Acrobat Pro DC 2015.010.20060 Multilingual + Crack\ADOBE_CC_V2015-XFORCE\xf-adobecc2015.exe
C:\ProgramData\F-Secure
C:\Users\barbara\AppData\Local\F-Secure
C:\Users\barbara\AppData\Local\Temp\034638710.exe
E:\9_Install\Adobe Acrobat Pro DC 2015.010.20060 Multilingual + Crack\ADOBE_CC_V2015-XFORCE\xf-adobecc2015.exe
C:\Users\barbara\AppData\Local\Temp\034638710.exe
C:\Users\barbara\AppData\Local\Temp\033855805.exe

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.


jsou tam kritické chyby u windows defender a windows update..

[bara1317]

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by barbara (13-04-2018 11:22:37) Run:1
Running from C:\Users\barbara\Desktop
Loaded Profiles: barbara & (Available Profiles: barbara & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =´┐¢
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
C:\Users\barbara\AppData\Local\Temp\dllnt_dump.dll
C:\Windows\SysWOW64\mfevtps.exe
HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\ChromeHTML: -> <==== ATTENTION
Task: {3F3B49DB-7909-4937-B706-A03DEBBBC26E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
Task: {B439C479-639F-4CDB-B8BB-FC19E67B5D67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-05] (Google Inc.)
Task: {DFC1AAC4-63CD-450E-BC09-1B608D4F406F} - \Driver Booster SkipUAC (barbara) -> No File <==== ATTENTION
Shortcut: C:\Users\barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\Users\barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\.DEFAULT\...\125sms.com -> www.125sms.com
IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net
IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com
IE restricted site: HKU\.DEFAULT\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\.DEFAULT\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net
IE restricted site: HKU\.DEFAULT\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com
IE restricted site: HKU\.DEFAULT\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\.DEFAULT\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\.DEFAULT\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\.DEFAULT\...\1987324.com -> www.1987324.com
IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\.DEFAULT\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\.DEFAULT\...\1importantiamreal.com -> www.1importantiamreal.com
There are 7916 more sites.
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\123topsearch.com -> www.123topsearch.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\125sms.co.uk -> www.125sms.co.uk
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\125sms.com -> www.125sms.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\12w.net -> download-video.12w.net
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\132.com -> www.132.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1337-crew.to -> www.1337-crew.to
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1337crew.info -> www.1337crew.info
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\136136.net -> down.136136.net
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\150freesms.de -> www.150freesms.de
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\163ns.com -> ert0003.e76.163ns.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\17concepts.info -> www.17concepts.info
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\180searchassistant.com -> www.180searchassistant.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\180solutions.com -> bis.180solutions.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1987324.com -> www.1987324.com
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1ghporn.info -> www.1ghporn.info
IE restricted site: HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\...\1importantiamreal.com -> www.1importantiamreal.com
There are 7916 more sites.
C:\Users\barbara\AppData\Local\Temp\034638710.exe;file:_E:\9_Install\Adobe Acrobat Pro DC 2015.010.20060 Multilingual + Crack\ADOBE_CC_V2015-XFORCE\xf-adobecc2015.exe
C:\ProgramData\F-Secure
C:\Users\barbara\AppData\Local\F-Secure
C:\Users\barbara\AppData\Local\Temp\034638710.exe
E:\9_Install\Adobe Acrobat Pro DC 2015.010.20060 Multilingual + Crack\ADOBE_CC_V2015-XFORCE\xf-adobecc2015.exe
C:\Users\barbara\AppData\Local\Temp\034638710.exe
C:\Users\barbara\AppData\Local\Temp\033855805.exe

EmptyTemp:
End

*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj" => removed successfully
C:\Users\barbara\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Windows\SysWOW64\mfevtps.exe => moved successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001_Classes\ChromeHTML" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F3B49DB-7909-4937-B706-A03DEBBBC26E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F3B49DB-7909-4937-B706-A03DEBBBC26E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B439C479-639F-4CDB-B8BB-FC19E67B5D67}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B439C479-639F-4CDB-B8BB-FC19E67B5D67}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFC1AAC4-63CD-450E-BC09-1B608D4F406F} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (barbara)" => removed successfully
"C:\Users\barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk" => Could not move.
"C:\Users\barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk" => Could not move.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123topsearch.com" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.co.uk" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.com" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12w.net" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\132.com" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337-crew.to" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337crew.info" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\136136.net" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\150freesms.de" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\163ns.com" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17-plus.com" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\171203.com" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17concepts.info" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1800searchonline.com" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180searchassistant.com" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1gb.ru" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1ghporn.info" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1importantiamreal.com" => removed successfully
There are 7916 more sites. => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123topsearch.com" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.co.uk" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.com" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12w.net" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\132.com" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337-crew.to" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337crew.info" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\136136.net" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\150freesms.de" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\163ns.com" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17-plus.com" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\171203.com" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17concepts.info" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1800searchonline.com" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180searchassistant.com" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1gb.ru" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1ghporn.info" => removed successfully
"HKU\S-1-5-21-2155449529-2713239103-2906735623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1importantiamreal.com" => removed successfully
There are 7916 more sites. => Error: No automatic fix found for this entry.
"C:\Users\barbara\AppData\Local\Temp\034638710.exe;file:_E:\9_Install\Adobe Acrobat Pro DC 2015.010.20060 Multilingual + Crack\ADOBE_CC_V2015-XFORCE\xf-adobecc2015.exe" => not found
C:\ProgramData\F-Secure => moved successfully
C:\Users\barbara\AppData\Local\F-Secure => moved successfully
"C:\Users\barbara\AppData\Local\Temp\034638710.exe" => not found
"E:\9_Install\Adobe Acrobat Pro DC 2015.010.20060 Multilingual + Crack\ADOBE_CC_V2015-XFORCE\xf-adobecc2015.exe" => not found
"C:\Users\barbara\AppData\Local\Temp\034638710.exe" => not found
"C:\Users\barbara\AppData\Local\Temp\033855805.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9586124 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 378 B
Edge => 0 B
Chrome => 119807982 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 31854 B
NetworkService => 0 B
barbara => 6683013 B
Administrator => 0 B

RecycleBin => 0 B
EmptyTemp: => 137.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:22:49 ====

[bara1317]

IOrbit malware fighter tu nemám a myslím, že jsem ani neměla - akorát se mi úporně nabízí, navíc cokoli od IOrbitu jsem měla frewarové
ADOBE_CC_V2015-XFORCE nemám nainstalované, je tuším jen součástí nějakého instalačního balíku, zazipovaný
CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual - totéž, nemám a neměla jsem nainstalované, je v zipu
AutoCAD 2015 - bez toho jsem nefunkční, pár let jel a nepůsobil žádné problémy, dosti pracně se instaluje, raději bych zkusila ho nechat, pokud to půjde

[jaro3]

přeinstaluj si Youtube AdBlock , má problémy.

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
C:\Program Files (x86)\IObit\IObit Malware Fighter
C:\Users\barbara\AppData\Local\Temp\034638710.exe
E:\9_Install\Adobe Acrobat Pro DC 2015.010.20060 Multilingual + Crack\ADOBE_CC_V2015-XFORCE\xf-adobecc2015.exe
E:\9_Install\CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual + Keygen\Crack\Keygen.exe

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

pokud jsou ještě problémy , podívej se do správce zařízení , zda tam není otazník nebo vykřičník.