pro Conder

[janka13]

zdravím a prosím o kontrolu a rady

Adwcleaner a MBAM bez nálezu

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Janka (administrator) on LAPTOP-JANKA (31-03-2018 15:02:06)
Running from C:\Users\Janka\Desktop
Loaded Profiles: Janka (Available Profiles: defaultuser0 & Janka)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(PS Media s.r.o.) C:\Windows\SysWOW64\ssins.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe\HxAccounts.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.18011.13411.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2017-03-07] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16735744 2016-11-15] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-15] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-15] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029064 2016-12-16] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 85.119.89.2 8.8.8.8
Tcpip\..\Interfaces\{f7b9cd55-c498-475f-be3c-1b641bdae3e7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{fe16ac84-8aba-4283-8f3a-cf041ef3ac4f}: [DhcpNameServer] 85.119.89.2 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-2489188112-2961885803-1461791873-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ttszok0e.default
FF ProfilePath: C:\Users\Janka\AppData\Roaming\Mozilla\Firefox\Profiles\ttszok0e.default [2018-03-31]
FF Homepage: Mozilla\Firefox\Profiles\ttszok0e.default -> hxxps://www.seznam.cz/
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Janka\AppData\Roaming\Mozilla\Firefox\Profiles\ttszok0e.default\features\{02a1632a-d89e-4d12-a9a7-603996f9adae}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-29] [Legacy]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-22] (Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8521384 2018-03-24] (Microsoft Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68336 2018-03-02] (Lenovo Group Limited)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 osrss; C:\WINDOWS\system32\osrss.dll [108584 2018-01-18] (Microsoft Corporation)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [241408 2016-08-26] (Realtek Semiconductor Corp.)
R2 ssinstall; C:\WINDOWS\SysWOW64\ssins.exe [4058496 2018-03-28] (PS Media s.r.o.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [267328 2017-05-16] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-28] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309839.inf_amd64_168acb088d48fafb\atikmdag.sys [26587656 2016-12-23] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309839.inf_amd64_168acb088d48fafb\atikmpag.sys [527256 2016-12-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [87840 2016-12-23] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\WINDOWS\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-09] (CyberLink)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-28] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-28] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-28] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-28] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-28] (Malwarebytes)
R1 MpKsl236ad2b9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8350553-6396-440E-9E7D-1A4BF5E5DA9E}\MpKsl236ad2b9.sys [58120 2018-03-31] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [736872 2016-08-26] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-08-05] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3150344 2016-10-24] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6813664 2017-05-19] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-28] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-28] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-28] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-31 15:02 - 2018-03-31 15:02 - 000010955 _____ C:\Users\Janka\Desktop\FRST.txt
2018-03-29 11:24 - 2018-03-29 11:24 - 000000000 ____D C:\WINDOWS\system32\4_168acb088d48fafb
2018-03-29 11:24 - 2018-03-29 11:24 - 000000000 ____D C:\WINDOWS\system32\˙˙˙˙˙˙˙˙erStore
2018-03-28 18:59 - 2018-03-28 18:59 - 000003584 _____ C:\Users\Janka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-03-28 17:49 - 2018-03-28 18:56 - 000000000 ____D C:\Users\Janka\AppData\Local\PlaceholderTileLogoFolder
2018-03-28 14:51 - 2018-03-28 14:51 - 000000000 ____D C:\Users\Janka\AppData\Roaming\WinRAR
2018-03-28 14:50 - 2018-03-28 14:50 - 000001053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2018-03-28 14:50 - 2018-03-28 14:50 - 000000000 ____D C:\Users\Janka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-03-28 14:50 - 2018-03-28 14:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-03-28 14:50 - 2018-03-28 14:50 - 000000000 ____D C:\Program Files\WinRAR
2018-03-28 14:49 - 2018-03-28 14:49 - 002411920 _____ C:\Users\Janka\Downloads\winrar-x64-550cz.exe
2018-03-28 14:35 - 2018-03-28 14:35 - 004058496 _____ (PS Media s.r.o.) C:\WINDOWS\SysWOW64\ssins.exe
2018-03-28 14:35 - 2018-03-28 14:35 - 001363456 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\SysWOW64\libeay32.dll
2018-03-28 14:35 - 2018-03-28 14:35 - 000359936 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\SysWOW64\ssleay32.dll
2018-03-28 14:35 - 2018-03-28 14:35 - 000002824 _____ C:\WINDOWS\SysWOW64\ca.pem
2018-03-28 14:35 - 2018-03-28 14:35 - 000002269 _____ C:\WINDOWS\SysWOW64\cert.crt
2018-03-28 14:35 - 2018-03-28 14:35 - 000001679 _____ C:\WINDOWS\SysWOW64\keyfile.key
2018-03-28 14:35 - 2018-03-28 14:35 - 000000079 _____ C:\WINDOWS\SysWOW64\ssinstall-uninstall.bat
2018-03-28 07:54 - 2018-03-28 07:54 - 000045960 ____N (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-28 07:53 - 2018-03-28 07:56 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-28 07:53 - 2018-03-28 07:53 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-28 07:53 - 2018-03-28 07:53 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-28 07:53 - 2018-03-28 07:53 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-28 07:53 - 2018-03-28 07:53 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-28 07:53 - 2018-03-28 07:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-28 07:53 - 2018-03-28 07:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-28 07:53 - 2018-03-28 07:53 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-28 07:53 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-28 07:50 - 2018-03-28 07:52 - 071605784 _____ (Malwarebytes ) C:\Users\Janka\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4506.exe
2018-03-27 22:35 - 2018-03-27 22:35 - 000000000 ____D C:\WINDOWS\system32\€
2018-03-27 22:35 - 2018-03-27 22:35 - 000000000 ____D C:\WINDOWS\system32\˙˙˙˙˙˙˙˙ë
2018-03-27 22:28 - 2018-03-27 22:28 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-03-27 22:26 - 2018-03-27 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2018-03-27 22:25 - 2018-03-27 22:25 - 000000000 ____D C:\Program Files (x86)\AMD
2018-03-27 22:19 - 2018-03-27 22:19 - 000000000 ____D C:\Users\Janka\AppData\Local\DBG
2018-03-27 22:18 - 2018-03-27 22:18 - 000000000 ___HD C:\Users\Janka\MicrosoftEdgeBackups
2018-03-27 22:16 - 2018-03-27 22:16 - 000000000 ___RD C:\Users\Janka\3D Objects
2018-03-27 22:14 - 2018-03-27 22:14 - 000000020 ___SH C:\Users\Janka\ntuser.ini
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Public\Documents\Obrázky
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Public\Documents\Hudba
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Public\Documents\Filmy
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default\Šablony
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default\Soubory cookie
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default\Poslední
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default\Okolní tiskárny
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default\Okolní síť
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default\Nabídka Start
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default\Dokumenty
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default\Documents\Obrázky
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default\Documents\Hudba
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default\Documents\Filmy
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default\Data aplikací
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default User\Documents\Obrázky
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default User\Documents\Hudba
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default User\Documents\Filmy
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Data aplikací
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\ProgramData\Šablony
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\ProgramData\Plocha
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\ProgramData\Dokumenty
2018-03-27 22:11 - 2018-03-27 22:11 - 000000000 _SHDL C:\ProgramData\Data aplikací
2018-03-27 22:10 - 2018-03-28 08:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-27 22:10 - 2018-03-28 07:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2018-03-27 22:10 - 2018-03-27 22:11 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2489188112-2961885803-1461791873-1001
2018-03-27 22:10 - 2018-03-27 22:11 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-03-27 22:10 - 2018-03-27 22:10 - 000002988 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-03-27 22:10 - 2018-03-27 22:10 - 000002476 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2018-03-27 22:10 - 2018-03-27 22:10 - 000002476 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2018-03-27 22:10 - 2018-03-27 22:10 - 000002218 _____ C:\WINDOWS\System32\Tasks\PDVDServ14 Task
2018-03-27 22:09 - 2018-03-27 22:09 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2018-03-27 22:09 - 2018-03-27 22:09 - 000011433 _____ C:\WINDOWS\diagerr.xml
2018-03-27 22:07 - 2018-03-27 22:14 - 000000000 ____D C:\Windows.old
2018-03-27 22:07 - 2018-03-27 22:07 - 000022924 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-03-27 22:01 - 2018-03-28 08:09 - 001812168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-27 21:41 - 2018-03-27 21:41 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-03-27 21:36 - 2018-03-27 21:36 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2018-03-27 21:26 - 2018-03-28 18:42 - 000000000 ____D C:\Users\Janka\AppData\Local\Packages
2018-03-27 21:26 - 2018-03-27 21:26 - 000000000 ____D C:\ProgramData\USOShared
2018-03-27 21:23 - 2018-03-27 22:18 - 000000000 ____D C:\Users\Janka
2018-03-27 21:23 - 2018-03-27 22:04 - 000000000 ____D C:\Users\defaultuser0
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\Janka\Šablony
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\Janka\Soubory cookie
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\Janka\Poslední
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\Janka\Okolní tiskárny
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\Janka\Okolní síť
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\Janka\Nabídka Start
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\Janka\Dokumenty
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\Janka\Documents\Obrázky
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\Janka\Documents\Hudba
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\Janka\Documents\Filmy
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\Janka\Data aplikací
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\Janka\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\Janka\AppData\Local\Data aplikací
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\defaultuser0\Šablony
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\defaultuser0\Soubory cookie
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\defaultuser0\Poslední
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\defaultuser0\Okolní tiskárny
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\defaultuser0\Okolní síť
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\defaultuser0\Nabídka Start
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\defaultuser0\Dokumenty
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Obrázky
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Hudba
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Filmy
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\defaultuser0\Data aplikací
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2018-03-27 21:23 - 2018-03-27 21:23 - 000000000 _SHDL C:\Users\defaultuser0\AppData\Local\Data aplikací
2018-03-27 21:19 - 2018-03-27 21:19 - 000000000 ____D C:\AMD
2018-03-27 21:17 - 2017-09-29 15:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-03-27 21:13 - 2018-03-31 14:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-27 21:13 - 2018-03-27 21:55 - 000426080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-27 20:18 - 2018-03-27 22:07 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-03-27 20:18 - 2018-03-27 20:19 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-03-27 19:24 - 2018-03-27 19:24 - 000000000 ____D C:\WINDOWS\system32\sk
2018-03-27 18:25 - 2018-03-27 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2018-03-27 18:24 - 2018-03-27 18:24 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-03-27 18:24 - 2018-03-27 18:24 - 000000000 ____D C:\Program Files\MSBuild
2018-03-27 18:24 - 2018-03-27 18:24 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-03-27 18:24 - 2018-03-27 18:24 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-03-27 18:18 - 2017-09-22 18:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-03-27 18:18 - 2017-09-22 18:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-03-27 18:18 - 2017-09-22 18:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-03-27 18:17 - 2017-09-28 15:50 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-03-27 18:17 - 2017-09-28 15:50 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-03-27 18:17 - 2017-09-28 15:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-03-27 18:14 - 2017-09-28 19:04 - 006586368 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons001b.dll
2018-03-27 18:14 - 2017-09-28 19:02 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData001b.dll
2018-03-27 18:14 - 2017-09-28 19:01 - 001914368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS2.dll
2018-03-27 18:14 - 2017-09-28 18:45 - 006586368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons001b.dll
2018-03-27 18:14 - 2017-09-28 18:43 - 001867264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MLS2.dll
2018-03-27 18:14 - 2017-09-28 18:43 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData001b.dll
2018-03-27 18:12 - 2017-09-28 19:05 - 005739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2018-03-27 18:12 - 2017-09-28 19:05 - 002629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2018-03-27 18:12 - 2017-09-28 18:56 - 006347776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2018-03-27 18:12 - 2017-09-28 18:44 - 002629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2018-03-27 18:12 - 2017-09-28 18:38 - 005484032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2018-03-27 18:10 - 2018-03-27 18:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-03-27 18:10 - 2018-03-27 18:10 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-03-27 18:10 - 2018-03-27 18:10 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-03-27 18:10 - 2018-03-27 18:10 - 000417440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2018-03-27 18:10 - 2018-03-27 18:10 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-03-27 18:10 - 2018-03-27 18:10 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-03-27 18:10 - 2018-03-27 18:10 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-03-27 18:10 - 2018-03-27 18:10 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-03-27 18:10 - 2018-03-27 18:10 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-03-27 18:10 - 2018-03-27 18:10 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-03-27 18:10 - 2018-03-27 18:10 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2018-03-27 17:55 - 2018-03-27 17:55 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-03-27 16:12 - 2018-03-28 07:45 - 000000000 ___DC C:\WINDOWS\Panther
2018-03-27 15:18 - 2018-03-27 15:11 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp71.dll
2018-03-27 15:18 - 2018-03-27 15:10 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr71.dll
2018-03-26 18:42 - 2018-03-26 18:42 - 000000000 ___RD C:\Users\Janka\Documents\Scanned Documents
2018-03-26 18:42 - 2018-03-26 18:42 - 000000000 ____D C:\Users\Janka\Documents\Fax
2018-03-26 11:23 - 2018-03-26 11:23 - 000000000 ____D C:\Users\Janka\AppData\LocalLow\Lenovo
2018-03-26 11:19 - 2018-03-26 11:19 - 000000000 ____D C:\Users\Janka\AppData\Roaming\FastStone
2018-03-26 11:17 - 2018-03-27 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2018-03-26 11:17 - 2018-03-26 11:18 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2018-03-26 11:17 - 2018-03-26 11:17 - 000001185 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
2018-03-26 10:54 - 2018-03-27 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-26 10:54 - 2018-03-26 10:55 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-03-26 10:54 - 2018-03-26 10:54 - 000000000 ____D C:\Program Files\CCleaner
2018-03-26 10:46 - 2018-03-26 11:08 - 000000000 ____D C:\Users\Janka\AppData\Local\Google
2018-03-26 10:45 - 2018-03-26 11:09 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-26 10:39 - 2018-03-26 10:39 - 015333512 _____ (Piriform Ltd) C:\Users\Janka\Downloads\ccsetup541.exe
2018-03-25 18:15 - 2018-03-25 18:15 - 000000000 ____D C:\Users\Janka\AppData\Roaming\LibreOffice
2018-03-25 18:12 - 2018-03-27 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.0
2018-03-25 18:12 - 2018-03-25 18:12 - 000001205 _____ C:\Users\Public\Desktop\LibreOffice 6.0.lnk
2018-03-25 18:09 - 2018-03-25 18:10 - 000000000 ____D C:\Program Files (x86)\LibreOffice
2018-03-25 17:39 - 2018-03-25 17:49 - 251949056 _____ C:\Users\Janka\Downloads\LibreOffice_6.0.2_Win_x86.msi
2018-03-25 13:05 - 2018-03-31 08:57 - 000000000 ____D C:\Users\Janka\AppData\LocalLow\Mozilla
2018-03-25 13:05 - 2018-03-27 16:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-25 13:05 - 2018-03-27 10:02 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-25 13:05 - 2018-03-25 13:09 - 000000000 ____D C:\Users\Janka\AppData\Local\Mozilla
2018-03-25 13:05 - 2018-03-25 13:05 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-03-25 13:05 - 2018-03-25 13:05 - 000000000 ____D C:\Users\Janka\AppData\Roaming\Mozilla
2018-03-25 13:04 - 2018-03-27 16:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-25 12:46 - 2018-03-27 22:07 - 000000000 ____D C:\WINDOWS\system32\be0c4cfc08a16527170e072d379ce966c35907fd7578b..bin
2018-03-25 12:46 - 2018-03-25 12:46 - 000000000 ____D C:\Users\Janka\AppData\Local\NetworkTiles
2018-03-24 19:55 - 2018-03-24 19:55 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-03-24 19:50 - 2018-03-26 18:36 - 000000000 ____D C:\AdwCleaner
2018-03-24 19:49 - 2018-03-24 19:50 - 008222496 _____ (Malwarebytes) C:\Users\Janka\Downloads\adwcleaner_7.0.8.0.exe
2018-03-24 18:52 - 2018-03-27 20:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2018-03-24 18:50 - 2018-03-02 09:40 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2018-03-24 18:47 - 2018-03-02 09:40 - 000425200 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2018-03-24 18:47 - 2018-03-02 09:40 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2018-03-24 18:47 - 2018-03-02 09:40 - 000053488 _____ (Lenovo Group Limited) C:\WINDOWS\system32\ImController.InfInstaller.exe
2018-03-24 18:23 - 2018-03-24 18:25 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2018-03-24 17:09 - 2018-03-24 17:11 - 039210952 _____ (Mozilla) C:\Users\Janka\Downloads\Firefox Setup 59.0.1.exe
2018-03-24 16:04 - 2018-03-27 16:11 - 000000036 _____ C:\WINDOWS\progress.ini
2018-03-24 15:36 - 2018-03-28 08:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-24 15:32 - 2018-03-27 11:47 - 000000802 _____ C:\Users\Janka\Desktop\Pomocník s aktualizací Windows 10.lnk
2018-03-22 19:01 - 2018-03-22 18:57 - 000548000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-03-22 18:59 - 2018-03-27 16:05 - 000000000 ___HD C:\$GetCurrent
2018-03-22 18:58 - 2018-03-27 11:47 - 000000814 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pomocník s aktualizací Windows 10.lnk
2018-03-22 18:57 - 2018-03-27 16:05 - 000000000 ____D C:\Windows10Upgrade
2018-03-22 18:57 - 2018-03-22 18:57 - 000000000 ___HD C:\$SysReset
2018-03-22 17:49 - 2018-03-19 18:50 - 002403328 _____ (Farbar) C:\Users\Janka\Desktop\FRST64.exe
2018-03-22 17:43 - 2018-03-22 18:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-22 17:43 - 2018-03-22 17:43 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-22 17:40 - 2018-03-22 17:42 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-22 17:40 - 2018-01-18 02:05 - 000108584 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-03-22 15:33 - 2018-03-24 15:56 - 000000000 ____D C:\Program Files\rempl
2018-03-19 18:53 - 2018-03-31 15:02 - 000000000 ____D C:\FRST
2018-03-01 17:35 - 2018-03-01 17:35 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2018-03-01 17:11 - 2018-03-01 17:11 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2018-03-01 17:11 - 2018-03-01 17:11 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2018-03-01 17:11 - 2018-03-01 17:11 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2018-03-01 16:58 - 2018-03-01 16:58 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2018-03-01 16:58 - 2018-03-01 16:58 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2018-03-01 16:58 - 2018-03-01 16:58 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2018-03-01 16:58 - 2018-03-01 16:58 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-31 14:06 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-31 10:23 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-31 10:21 - 2017-09-29 15:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-31 08:57 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-31 08:57 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-31 08:54 - 2018-02-08 21:49 - 000024993 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-03-30 11:28 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-30 11:23 - 2017-03-07 13:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2018-03-30 11:22 - 2017-03-07 13:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-29 19:23 - 2017-09-29 15:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-28 08:15 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Windows Defender
2018-03-28 08:09 - 2017-09-30 16:31 - 000770562 _____ C:\WINDOWS\system32\perfh005.dat
2018-03-28 08:09 - 2017-09-30 16:31 - 000156404 _____ C:\WINDOWS\system32\perfc005.dat
2018-03-28 08:03 - 2017-09-29 10:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-28 08:03 - 2017-03-07 14:42 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-03-28 07:47 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\appcompat
2018-03-27 22:24 - 2017-03-07 14:41 - 000000000 ____D C:\Program Files\AMD
2018-03-27 22:16 - 2018-02-08 22:04 - 000000000 ____D C:\Users\Janka\AppData\Local\TileDataLayer
2018-03-27 22:16 - 2016-07-29 19:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-27 22:15 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-27 22:13 - 2017-09-29 15:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-03-27 22:11 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\windows nt
2018-03-27 22:10 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-03-27 22:10 - 2017-09-29 10:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-03-27 22:08 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\Registration
2018-03-27 22:07 - 2018-02-17 04:37 - 000000000 ____D C:\Program Files\UNP
2018-03-27 22:07 - 2018-02-08 22:53 - 000000000 ____D C:\WINDOWS\system32\3ba6e8f1a90ea95a050e1d1af206abc6aca991f64a246..bin
2018-03-27 22:07 - 2017-09-29 15:49 - 000000000 ____D C:\WINDOWS\Setup
2018-03-27 22:07 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\spool
2018-03-27 22:07 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-27 22:07 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-03-27 22:07 - 2017-03-07 15:20 - 000000000 ____D C:\WINDOWS\system32\m32
2018-03-27 22:07 - 2017-03-07 13:55 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8
2018-03-27 22:07 - 2017-03-07 13:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD Create
2018-03-27 22:07 - 2016-07-16 13:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-03-27 22:05 - 2017-09-29 15:46 - 000000000 __RHD C:\Users\Public\Libraries
2018-03-27 21:42 - 2017-09-29 15:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-03-27 21:26 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\USOPrivate
2018-03-27 21:22 - 2017-09-29 10:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-03-27 21:22 - 2017-03-07 14:47 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-03-27 21:21 - 2017-03-07 14:46 - 000195905 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-03-27 21:21 - 2017-03-07 14:45 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-03-27 21:20 - 2017-03-07 14:45 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-03-27 20:20 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-03-27 20:18 - 2017-03-07 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2018-03-27 20:18 - 2017-03-07 14:46 - 000000000 ____D C:\Program Files\Synaptics
2018-03-27 20:18 - 2017-03-07 14:44 - 000000000 ____D C:\Program Files\Realtek
2018-03-27 20:18 - 2017-03-07 14:42 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-03-27 19:25 - 2017-09-30 16:31 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-03-27 19:25 - 2017-09-29 15:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-03-27 19:25 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-03-27 19:24 - 2017-09-30 16:31 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-03-27 19:24 - 2017-09-29 15:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-03-27 19:24 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-03-27 19:24 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-03-27 19:24 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-03-27 19:24 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\IME
2018-03-27 19:24 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\Help
2018-03-27 19:24 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-03-27 19:24 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\system
2018-03-27 19:24 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-03-27 19:24 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-03-27 19:24 - 2017-09-29 10:45 - 000000000 ____D C:\WINDOWS\servicing
2018-03-27 19:02 - 2017-09-30 16:31 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-03-27 19:02 - 2017-09-30 16:31 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-03-27 19:02 - 2017-09-30 16:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-03-27 19:02 - 2017-09-30 16:31 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-03-27 19:02 - 2017-09-30 16:31 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-03-27 19:02 - 2017-09-30 16:31 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-03-27 19:02 - 2017-09-29 15:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-03-27 19:02 - 2017-09-29 15:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-03-27 18:25 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-03-27 18:25 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-03-27 18:23 - 2017-12-14 03:34 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-03-27 16:05 - 2018-02-08 22:08 - 000000000 ___RD C:\Users\Janka\OneDrive
2018-03-27 16:05 - 2018-02-08 22:07 - 000002398 _____ C:\Users\Janka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-25 18:28 - 2018-02-08 22:24 - 000000000 ____D C:\Users\Janka\AppData\Local\Comms
2018-03-25 18:15 - 2018-02-08 22:04 - 000000000 ____D C:\Users\Janka\AppData\Local\AMD
2018-03-25 18:14 - 2017-03-07 13:36 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-24 20:28 - 2017-03-07 13:27 - 000000000 ____D C:\ProgramData\Lenovo
2018-03-24 18:53 - 2017-03-07 13:49 - 000000000 ____D C:\Program Files\Lenovo
2018-03-24 18:53 - 2017-03-07 13:49 - 000000000 ____D C:\Program Files (x86)\Lenovo
2018-03-22 18:12 - 2018-02-08 22:05 - 000000000 ____D C:\Users\Janka\AppData\Local\Publishers
2018-03-19 18:14 - 2018-02-08 22:04 - 000000000 ____D C:\Users\Janka\AppData\Local\ConnectedDevicesPlatform

==================== Files in the root of some directories =======

2018-03-28 18:59 - 2018-03-28 18:59 - 000003584 _____ () C:\Users\Janka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2018-03-28 14:35 - 2018-03-28 14:35 - 004058496 _____ (PS Media s.r.o.) C:\Users\Janka\AppData\Local\Temp\ssins.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-27 21:13

==================== End of FRST.txt ============================

[Conder]

Ahoj

Program "Seznam Instalátor" mas nainstalovany umyselne?

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  Folder: C:\WINDOWS\system32\4_168acb088d48fafb
  Folder: C:\WINDOWS\system32\˙˙˙˙˙˙˙˙erStore
  Folder: C:\WINDOWS\system32\€
  Folder: C:\WINDOWS\system32\˙˙˙˙˙˙˙˙ë
  Folder: C:\WINDOWS\system32\be0c4cfc08a16527170e072d379ce966c35907fd7578b..bin
  
  HKU\S-1-5-21-2489188112-2961885803-1461791873-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
  Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
  Task: {6C491676-6CF0-44A2-88C5-398800A4113F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

[janka13]

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Janka (31-03-2018 17:19:16) Run:5
Running from C:\Users\Janka\Desktop
Loaded Profiles: Janka (Available Profiles: defaultuser0 & Janka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

Folder: C:\WINDOWS\system32\4_168acb088d48fafb
Folder: C:\WINDOWS\system32\��������erStore
Folder: C:\WINDOWS\system32\�
Folder: C:\WINDOWS\system32\���������
Folder: C:\WINDOWS\system32\be0c4cfc08a16527170e072d379ce966c35907fd7578b..bin

HKU\S-1-5-21-2489188112-2961885803-1461791873-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Task: {6C491676-6CF0-44A2-88C5-398800A4113F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========================= Folder: C:\WINDOWS\system32\4_168acb088d48fafb ========================

2018-03-29 11:24 - 2018-03-29 11:24 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\system32\4_168acb088d48fafb\atidxx64.dll
2018-03-29 11:24 - 2018-03-29 11:24 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\system32\4_168acb088d48fafb\atidxx64.dll\AMD
2018-03-29 11:24 - 2018-03-29 11:24 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\system32\4_168acb088d48fafb\atidxx64.dll\AMD\DxCache

====== End of Folder: ======


========================= Folder: C:\WINDOWS\system32\��������erStore ========================

not found.

====== End of Folder: ======


========================= Folder: C:\WINDOWS\system32\� ========================

not found.

====== End of Folder: ======


========================= Folder: C:\WINDOWS\system32\��������� ========================

not found.

====== End of Folder: ======


========================= Folder: C:\WINDOWS\system32\be0c4cfc08a16527170e072d379ce966c35907fd7578b..bin ========================

2018-03-25 12:46 - 2018-03-25 12:46 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\system32\be0c4cfc08a16527170e072d379ce966c35907fd7578b..bin\AMD
2018-03-25 12:46 - 2018-03-25 12:46 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\system32\be0c4cfc08a16527170e072d379ce966c35907fd7578b..bin\AMD\DxCache

====== End of Folder: ======

"HKU\S-1-5-21-2489188112-2961885803-1461791873-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C491676-6CF0-44A2-88C5-398800A4113F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C491676-6CF0-44A2-88C5-398800A4113F}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13783143 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2961591 B
Edge => 1006087 B
Chrome => 0 B
Firefox => 388957072 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 27110 B
defaultuser0 => 6656 B
Janka => 26348505 B

RecycleBin => 5636938 B
EmptyTemp: => 424.2 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 31-03-2018 18:11:17)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 18:11:18 ====

Seznam určitě nehodlám instalovat

[Conder]

Odinstaluj teda program "Seznam Instalátor".

Nasledne preskenuj PC cez AdwCleaner a posli log.

Poprosim este o spustenie tohto fixlistu:

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  Folder: C:\WINDOWS\system32\˙˙˙˙˙˙˙˙erStore
  Folder: C:\WINDOWS\system32\€
  Folder: C:\WINDOWS\system32\˙˙˙˙˙˙˙˙ë
  End

• Klikni na Subor a potom na Ulozit
• Vpravo dole vyber kodovanie Unicode
• Subor uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Pockaj na dokoncenie
• Tentokrat to bude bez restartu, otvori sa Fixlog.txt (pripadne bude na ploche), jeho obsah sem skopiruj

[janka13]

Podle návodu na odinstalaci "Seznam Instalátor" nereaguje

# AdwCleaner 7.0.8.0 - Logfile created on Sun Apr 01 07:24:31 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-30.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1822 B] - [2018/3/24 17:57:24]
C:/AdwCleaner/AdwCleaner[S0].txt - [1708 B] - [2018/3/24 17:53:30]
C:/AdwCleaner/AdwCleaner[S1].txt - [1081 B] - [2018/3/26 16:34:26]
C:/AdwCleaner/AdwCleaner[S2].txt - [1149 B] - [2018/3/26 16:36:0]
C:/AdwCleaner/AdwCleaner[S3].txt - [1216 B] - [2018/3/31 13:11:23]


########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt ##########

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Janka (01-04-2018 09:50:18) Run:6
Running from C:\Users\Janka\Desktop
Loaded Profiles: Janka (Available Profiles: defaultuser0 & Janka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
Folder: C:\WINDOWS\system32\˙˙˙˙˙˙˙˙erStore
Folder: C:\WINDOWS\system32\€
Folder: C:\WINDOWS\system32\˙˙˙˙˙˙˙˙ë
End
*****************


========================= Folder: C:\WINDOWS\system32\˙˙˙˙˙˙˙˙erStore ========================


====== End of Folder: ======


========================= Folder: C:\WINDOWS\system32\€ ========================

2018-03-27 22:35 - 2018-03-27 22:35 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\system32\€\AMD
2018-03-27 22:35 - 2018-03-27 22:35 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\system32\€\AMD\DxCache

====== End of Folder: ======


========================= Folder: C:\WINDOWS\system32\˙˙˙˙˙˙˙˙ë ========================

2018-03-27 22:35 - 2018-03-27 22:35 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\system32\˙˙˙˙˙˙˙˙ë\AMD
2018-03-27 22:35 - 2018-03-28 07:45 - 000000000 ____D [00000000000000000000000000000000] () C:\WINDOWS\system32\˙˙˙˙˙˙˙˙ë\AMD\DxCache
2018-03-27 22:35 - 2018-04-01 09:18 - 000065536 ____A [3F8C2FB4223F4D507FB8244AE0476D54] () C:\WINDOWS\system32\˙˙˙˙˙˙˙˙ë\AMD\DxCache\2775ebb6cb3b449348ad5ccf7827c4f207f0aabc56947f60..bin
2018-03-28 07:45 - 2018-04-01 09:17 - 000065536 ____A [EAFAF3F4B7E86F1D01559AEC88692B5B] () C:\WINDOWS\system32\˙˙˙˙˙˙˙˙ë\AMD\DxCache\79b1b077f565cac28f7c7ccedb5b9d560b2b9c7dee1e270c..bin

====== End of Folder: ======


==== End of Fixlog 09:50:18 ====

[Conder]

OK, mozme to teda odstranit rucne.

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  Zip: C:\WINDOWS\SysWOW64\ssins.exe; C:\WINDOWS\SysWOW64\libeay32.dll; C:\WINDOWS\SysWOW64\ssleay32.dll; C:\WINDOWS\SysWOW64\ca.pem; C:\WINDOWS\SysWOW64\cert.crt; C:\WINDOWS\SysWOW64\keyfile.key; C:\WINDOWS\SysWOW64\ssinstall-uninstall.bat
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Pockaj na dokoncenie
• Tentokrat to bude bez restartu, otvori sa Fixlog.txt (pripadne bude na ploche), jeho obsah sem skopiruj

Na ploche bude by sa mal vytvorit ZIP archiv s aktualnym datumom a casom, posli ho ako prilohu k dalsiemu prispevku.

Vytvor a posli nove logy z FRST.

[janka13]

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Janka (01-04-2018 17:41:32) Run:8
Running from C:\Users\Janka\Desktop
Loaded Profiles: Janka (Available Profiles: defaultuser0 & Janka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
Zip: C:\WINDOWS\SysWOW64\ssins.exe; C:\WINDOWS\SysWOW64\libeay32.dll; C:\WINDOWS\SysWOW64\ssleay32.dll; C:\WINDOWS\SysWOW64\ca.pem; C:\WINDOWS\SysWOW64\cert.crt; C:\WINDOWS\SysWOW64\keyfile.key; C:\WINDOWS\SysWOW64\ssinstall-uninstall.bat
End
*****************

================== Zip: ===================
"C:\WINDOWS\SysWOW64\ssins.exe" => not found
C:\WINDOWS\SysWOW64\libeay32.dll -> copied successfully to C:\Users\Janka\Desktop\01.04.2018_17.41.32.zip
C:\WINDOWS\SysWOW64\ssleay32.dll -> copied successfully to C:\Users\Janka\Desktop\01.04.2018_17.41.32.zip
C:\WINDOWS\SysWOW64\ca.pem -> copied successfully to C:\Users\Janka\Desktop\01.04.2018_17.41.32.zip
C:\WINDOWS\SysWOW64\cert.crt -> copied successfully to C:\Users\Janka\Desktop\01.04.2018_17.41.32.zip
C:\WINDOWS\SysWOW64\keyfile.key -> copied successfully to C:\Users\Janka\Desktop\01.04.2018_17.41.32.zip
"C:\WINDOWS\SysWOW64\ssinstall-uninstall.bat" => not found
=========== Zip: End ===========

==== End of Fixlog 17:41:35 ====

[janka13]

FRST

[janka13]

Addition

[Conder]

Pardon za zdrzanie

Poprosim teda este raz nove (aktualne) logy.

[janka13]

V pohodě, my už nikam nespěcháme


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Janka (03-04-2018 16:32:23)
Running from C:\Users\Janka\Desktop
Windows 10 Home Version 1709 16299.309 (X64) (2018-03-27 20:14:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2489188112-2961885803-1461791873-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2489188112-2961885803-1461791873-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2489188112-2961885803-1461791873-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2489188112-2961885803-1461791873-501 - Limited - Disabled)
Janka (S-1-5-21-2489188112-2961885803-1461791873-1001 - Administrator - Enabled) => C:\Users\Janka
WDAGUtilityAccount (S-1-5-21-2489188112-2961885803-1461791873-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{DB929D3C-5DF3-95A0-456F-403306EE69B6}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{EE08C0D5-792F-B256-A499-ECEC56915562}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{37F9C96B-294A-D6A7-183D-930C8A2F5D68}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{DAC91F38-7D04-90FC-19CB-AC1C608012ED}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{40E57BA2-6029-7A5D-A2BE-7D47039159D0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{7A54ECFD-70B7-08DF-D581-8CD04B4CDA09}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0F8A189-4C96-0179-ACEE-A98F618FD472}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{60694907-C4DE-A4AE-8DD0-E2E50E3A9C14}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{592C6F67-5D6B-8E34-90B9-2E9D44FC537B}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5F16D84E-851C-29BB-3CBE-A480DBAE3A09}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{13D096A7-D644-944F-F99D-82A17015AAE0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{06B55CAD-9FF0-EE80-954C-32FA86AED3BF}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{3B613BFA-C0AC-5FBF-29B1-3C362DFE417B}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{E3364BA9-283A-2B4C-2DED-90C284A54B8D}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{6E30A3B3-5427-9D91-5878-BD61820C5671}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{1E282415-8F60-005E-58C2-8FA7A7A391FB}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{8384ACC1-D00D-3818-8C45-E41E3C3FC6F9}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{DA4880B9-F477-386C-B07D-E13A7F4565C4}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{0FEDC0A5-8ED6-1A59-78A4-35E82784E3E0}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{3BF8C0EC-3127-F42D-78B7-7C5C9E682657}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{3F6354FB-8E86-4BEF-A53F-141D1493EE6D}) (Version: 2016.1216.1933.35155 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6714 - CyberLink Corp.)
FastStone Image Viewer 6.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.4 - FastStone Soft)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
LibreOffice 6.0.2.1 (HKLM-x32\...\{5DC6263F-8C54-478C-9417-535090AA76E6}) (Version: 6.0.2.1 - The Document Foundation)
Malwarebytes verze 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft Office 2016 pro domácnosti - cs-cz (HKLM\...\HomeStudentRetail - cs-cz) (Version: 16.0.9126.2116 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2489188112-2961885803-1461791873-1001\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.1 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.9126.2116 - Microsoft Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22402 - Microsoft Corporation)
Seznam Instalátor (HKLM-x32\...\ssinstall) (Version: - Seznam.cz)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AAB396C1-4338-4825-BFA1-A085F3C55781}) (Version: 2.19.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{7819341C-57E0-4F2B-A746-8F3EF9971A29}) (Version: 1.14.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (Cyberlink)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-12-16] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0181BF59-2AE3-497C-8169-5368F8B949B6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-28] (Microsoft Corporation)
Task: {1E69B205-861D-4C1C-9002-C901990B7CEE} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {2434DDC9-E23A-40BF-ABE8-84D0F9219828} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-30] (Microsoft Corporation)
Task: {3B1BE411-45F7-4874-B68C-E83D19A70D69} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {3F8FD171-6AEA-47F6-993C-BC3E5D77C99C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\45e50e5b-8174-41dd-87e0-d6993708e19d => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {5DDCD3AA-E945-4757-BCEF-BE6CCB40F006} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {6090ECC4-2AFB-4FDA-ADF3-376550A62464} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-03-02] (Lenovo Group Limited)
Task: {77D464BD-0CD9-47A4-9907-7858B047B03A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-30] (Microsoft Corporation)
Task: {A6055851-A3EB-42DE-A59E-E1111E0C726C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [2016-10-07] (CyberLink)
Task: {C68CE26C-B8DA-4832-90E5-E8BCC9D8EA7E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {C8EBA600-3474-48A7-AAD8-5AFA4F9F78F3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-28] (Microsoft Corporation)
Task: {D563A77C-D736-437A-BBCB-EF533176FB78} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [2016-07-14] (CyberLink Corp.)
Task: {D57F19E0-ABC9-4A65-A4AD-626FF6BD59C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-28] (Microsoft Corporation)
Task: {D7B43E0F-D473-4CA4-81F9-31513B45E9D5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {DB5EE0FB-8CD0-412C-A700-E4D1608D49B1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\70f3d193-90a0-4d5e-8517-de1425568fb2 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {DB9C1D7B-C11E-42CE-B25F-E107164EA4BB} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {DFD39D40-422C-475D-BE55-67CBD1412FC9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-24] (Microsoft Corporation)
Task: {E42C454B-9EAE-4B8D-B4FE-A2AE1C2E8109} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\834fb62d-36d5-47d8-aa75-38f6cdf86cb9 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {E84A46AD-C6C5-4D5D-BEF6-9B4C818DA9FF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\35a454f0-bb2e-4e41-8e73-cc2368e39217 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited)
Task: {F2A869D4-BF3A-4867-A2A1-282794A63CEF} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe [2018-03-12] (Lenovo Group Ltd.)
Task: {FBD3CAD1-FF17-4F85-AF85-F566254C3D92} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\Lenovo\Power2Go\CLVDLauncher.exe [2016-09-20] (CyberLink Corp.)
Task: {FFD0703F-1732-48DF-95B6-42EFAC3D3C82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-28] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 15:41 - 2017-09-29 15:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-28 09:06 - 2018-02-22 02:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-28 09:06 - 2018-02-22 02:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-28 09:56 - 2018-03-28 09:58 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-28 09:56 - 2018-03-28 09:58 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-28 09:56 - 2018-03-28 09:58 - 022050304 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-28 09:56 - 2018-03-28 09:58 - 002584576 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-28 09:56 - 2018-03-28 09:58 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-03-07 13:49 - 2017-03-07 13:49 - 000791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2017-03-07 13:49 - 2017-03-07 13:49 - 000097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-03-07 13:55 - 2016-09-21 03:18 - 000763160 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2016-09-21 19:18 - 2016-09-21 19:18 - 000027416 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2018-03-31 17:20 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2489188112-2961885803-1461791873-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 85.119.89.2 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-2489188112-2961885803-1461791873-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{465488B0-1612-4F1D-9B49-1B0E1EE1C44B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{9895CB1A-A35F-450D-91AA-34266BA3C030}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{CDB75804-6CC0-4824-B468-3C468427F28B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7BF18FC3-B006-4570-9230-645BE712E122}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{9970553A-4E5A-4454-9EB6-7C11E17944B5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6AC249AD-C86D-4614-82FA-4027EA90FAAD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{681A44C2-1BAF-49D7-A285-79B5E77D549F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{10909541-9732-4204-A363-D39D50948D46}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{AAF621BB-6A75-4BF1-85BA-2BA71507BAAA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{BB0ACF57-5308-4DEF-B0DD-84C98B8C8468}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{BC985583-232B-46C0-A6D9-6696A6FB9DA6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{596E9C8B-D853-4D3F-8C9C-59591B84C43B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4B6714D4-2265-43FC-B689-F0D228EBAA85}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{2DA018EA-0384-4DFB-9520-3CC076969710}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{DB9ECA14-4D32-4E49-AE92-43F7FA5D92C6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe

==================== Restore Points =========================

27-03-2018 22:18:26 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
29-03-2018 19:03:21 Bobeš
31-03-2018 10:17:36 Odebrání jazykové sady

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2018 11:19:47 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (5308,G,0) Pokus o otevření souboru C:\Users\Janka\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení selhal. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru selže a dojde k chybě -1032 (0xfffffbf8).

Error: (03/31/2018 05:20:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (03/31/2018 05:19:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (03/31/2018 10:17:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (03/29/2018 07:03:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (03/28/2018 09:26:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-JANKA)
Description: Balíček microsoft.windowscommunicationsapps_17.9029.22105.0_x64__8wekyb3d8bbwe+microsoft.windowslive.mail se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error: (03/27/2018 10:26:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MsiExec.exe, verze: 5.0.16299.15, časové razítko: 0xba382a43
Název chybujícího modulu: MSI97E3.tmp, verze: 1.0.0.1, časové razítko: 0x57d65757
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000000e39d
ID chybujícího procesu: 0x22ec
Čas spuštění chybující aplikace: 0x01d3c609d9759587
Cesta k chybující aplikaci: C:\Windows\System32\MsiExec.exe
Cesta k chybujícímu modulu: C:\WINDOWS\Installer\MSI97E3.tmp
ID zprávy: d93987ab-a173-4331-986a-22d843dfd19a
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/27/2018 10:24:45 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet


System errors:
=============
Error: (04/03/2018 04:25:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/03/2018 04:25:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/03/2018 04:25:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/03/2018 04:25:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/03/2018 04:25:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (04/03/2018 04:24:59 PM) (Source: TPM) (EventID: 15) (User: )
Description: V hardwaru čipu TPM (Trusted Platform Module) došlo k neobnovitelné chybě ovladače zařízení, která brání používání služeb TPM (například šifrování dat). Budete-li potřebovat další pomoc, obraťte se na výrobce počítače.

Error: (04/03/2018 09:35:12 AM) (Source: TPM) (EventID: 12) (User: )
Description: V hardwaru čipu TPM (Trusted Platform Module) došlo k chybě ovladače zařízení, kvůli které je možné, že nebudou správně fungovat některé aplikace využívající služby TPM. Restartujte počítač, aby byl resetován hardware čipu TPM. Budete-li potřebovat další pomoc při řešení těchto hardwarových potíží, obraťte se na výrobce počítače.

Error: (04/03/2018 07:53:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2018-03-29 19:14:40.456
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {FB275628-9D02-4E73-87E0-D8E184A10F4B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-03-29 19:01:58.536
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {7F2EDFB7-56A3-4B7A-854C-C6331A747FD1}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

==================== Memory info ===========================

Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 57%
Total physical RAM: 3490.6 MB
Available physical RAM: 1466.17 MB
Total Virtual: 4834.6 MB
Available Virtual: 2513.96 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:443.68 GB) (Free:375.61 GB) NTFS
Drive d: (Data) (Fixed) (Total:467.58 GB) (Free:461.02 GB) NTFS

\\?\Volume{548d78a3-88da-480c-bfbe-b0ff4965f77a}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{6c23730e-e998-4778-9b27-46d999e4ab5c}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.52 GB) NTFS
\\?\Volume{15ce846e-9175-493c-b893-f4221c50b338}\ (LENOVO_PART) (Fixed) (Total:18.03 GB) (Free:5.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 25CEF3CA)

Partition: GPT.

==================== End of Addition.txt ============================

[Conder]

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  S2 ssinstall; C:\WINDOWS\SysWOW64\ssins.exe [X]
  2018-03-29 11:24 - 2018-03-29 11:24 - 000000000 ____D C:\WINDOWS\system32\4_168acb088d48fafb
  2018-03-29 11:24 - 2018-03-29 11:24 - 000000000 ____D C:\WINDOWS\system32\˙˙˙˙˙˙˙˙erStore
  2018-03-28 14:35 - 2018-03-28 14:35 - 000002824 _____ C:\WINDOWS\SysWOW64\ca.pem
  2018-03-28 14:35 - 2018-03-28 14:35 - 000002269 _____ C:\WINDOWS\SysWOW64\cert.crt
  2018-03-28 14:35 - 2018-03-28 14:35 - 000001679 _____ C:\WINDOWS\SysWOW64\keyfile.key
  2018-03-27 22:35 - 2018-03-27 22:35 - 000000000 ____D C:\WINDOWS\system32\€
  2018-03-27 22:35 - 2018-03-27 22:35 - 000000000 ____D C:\WINDOWS\system32\˙˙˙˙˙˙˙˙ë
  2018-03-25 12:46 - 2018-03-27 22:07 - 000000000 ____D C:\WINDOWS\system32\be0c4cfc08a16527170e072d379ce966c35907fd7578b..bin
  2018-03-27 22:07 - 2018-02-08 22:53 - 000000000 ____D C:\WINDOWS\system32\3ba6e8f1a90ea95a050e1d1af206abc6aca991f64a246..bin
  DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ssinstall
  
  Hosts:
  EmptyTemp:
  End

• Klikni na Subor a potom na Ulozit
• Vpravo dole vyber kodovanie Unicode
• Subor uloz na plochu s nazvom fixlist.txt
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

[janka13]

Budeš chtít nový FRST log?
nepozoruji problémy

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Janka (03-04-2018 18:58:03) Run:9
Running from C:\Users\Janka\Desktop
Loaded Profiles: Janka (Available Profiles: defaultuser0 & Janka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

S2 ssinstall; C:\WINDOWS\SysWOW64\ssins.exe [X]
2018-03-29 11:24 - 2018-03-29 11:24 - 000000000 ____D C:\WINDOWS\system32\4_168acb088d48fafb
2018-03-29 11:24 - 2018-03-29 11:24 - 000000000 ____D C:\WINDOWS\system32\˙˙˙˙˙˙˙˙erStore
2018-03-28 14:35 - 2018-03-28 14:35 - 000002824 _____ C:\WINDOWS\SysWOW64\ca.pem
2018-03-28 14:35 - 2018-03-28 14:35 - 000002269 _____ C:\WINDOWS\SysWOW64\cert.crt
2018-03-28 14:35 - 2018-03-28 14:35 - 000001679 _____ C:\WINDOWS\SysWOW64\keyfile.key
2018-03-27 22:35 - 2018-03-27 22:35 - 000000000 ____D C:\WINDOWS\system32\€
2018-03-27 22:35 - 2018-03-27 22:35 - 000000000 ____D C:\WINDOWS\system32\˙˙˙˙˙˙˙˙ë
2018-03-25 12:46 - 2018-03-27 22:07 - 000000000 ____D C:\WINDOWS\system32\be0c4cfc08a16527170e072d379ce966c35907fd7578b..bin
2018-03-27 22:07 - 2018-02-08 22:53 - 000000000 ____D C:\WINDOWS\system32\3ba6e8f1a90ea95a050e1d1af206abc6aca991f64a246..bin
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ssinstall

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
ssinstall => service not found.
C:\WINDOWS\system32\4_168acb088d48fafb => moved successfully
C:\WINDOWS\system32\˙˙˙˙˙˙˙˙erStore => moved successfully
C:\WINDOWS\SysWOW64\ca.pem => moved successfully
C:\WINDOWS\SysWOW64\cert.crt => moved successfully
C:\WINDOWS\SysWOW64\keyfile.key => moved successfully
C:\WINDOWS\system32\€ => moved successfully
C:\WINDOWS\system32\˙˙˙˙˙˙˙˙ë => moved successfully
C:\WINDOWS\system32\be0c4cfc08a16527170e072d379ce966c35907fd7578b..bin => moved successfully
C:\WINDOWS\system32\3ba6e8f1a90ea95a050e1d1af206abc6aca991f64a246..bin => moved successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ssinstall => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12807103 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 825528 B
Edge => 0 B
Chrome => 0 B
Firefox => 29515513 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
defaultuser0 => 0 B
Janka => 2243386 B

RecycleBin => 126 B
EmptyTemp: => 49.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:59:14 ====

[Conder]

Novy log netreba, vyzera to OK

[janka13]

Tak ti moc děkuji za doladění mého nového NTB.
Vím na koho se s důvěrou při problémech můžu obrátit

Ať se ti daří