Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Pomalý PC, reklamy...Maoha? (Win10)

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
JUSTpavelF
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 23 kvě 2017 14:40

Pomalý PC, reklamy...Maoha? (Win10)

#1 Příspěvek od JUSTpavelF »

nedávno jsem na internetu chytil virus.(20.5.17) Začaly mi vyskakovat reklamy. Našel jsem nějakou baylord a ta poradila stáhnout Malwarerbytes. Projel jsem to tím a nějakým ADWcleanerem. Přestaly reklamy, ale počítač j výrazně pomalejší, po nějaké době nejde pracovat s věcmi jako Prohledat Windows, upravit nějaké nastavení apod. Poté dám vypnout PC, ale vypíná dlouho, zhasne monitor, ale pc jede dál. Když jsem dal vlastní sken v MBAM, tak jsem našel několik věcí v nějaké složce maoha. Na konci skenu složky, program MBAM spadl. Četl jsem o maoha na několika stránkách a shoduje se s mými problémy (reklamy, vykon). Prosil bych o pomoc, ale jsem trochu laik. Fungoval by pry nejaky combofix (mozna), ale to je pro opravdu skusene. prosil bych poradit. Je to na disku C ve složce Program Files x86. Prosim o pomoc. DIky
Nahoru
Kodlz
Přítel fóra
Přítel fóra
Příspěvky: 780
Registrován: 30 kvě 2008 12:11

Re: Pomalý PC, reklamy...Maoha? (Win10)

#2 Příspěvek od Kodlz »

Ahoj,
pokud chces opravdu pomoc tak by sis mel prvne precist pravidla fora a postupovat podle daneho postupu a vlozit sem FRST.txt a Addition.txt
Nahoru
JUSTpavelF
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 23 kvě 2017 14:40

Re: Pomalý PC, reklamy...Maoha? (Win10)

#3 Příspěvek od JUSTpavelF »

Děkuji za upozornění a posílám log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by Pavel (administrator) on PAVEL-PC (23-05-2017 19:48:01)
Running from C:\Users\Pavel\Desktop
Loaded Profiles: Pavel (Available Profiles: Pavel)
Platform: Windows 10 Home Version 1703 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(深圳市猫哈网络科技发展有限公司) C:\Program Files (x86)\Maoha\JiSuZip\JszipSvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Malwarebytes Corporation) C:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes Corporation) C:\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Windows\Temp\gC67A.tmp.exe
(Malwarebytes Corporation) C:\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\Temp\g877B.tmp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Facebook) C:\Users\Pavel\AppData\Local\Facebook\Games\FacebookGameroom.exe
() C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(The CefSharp Authors) C:\Users\Pavel\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [gplyra] => C:\Users\Pavel\AppData\Roaming\gplyra\gplyra.exe <===== ATTENTION
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3048312 2017-05-20] (Electronic Arts)
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [4952128 2017-05-19] (GOG.com)
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29642368 2016-09-12] (Skype Technologies S.A.)
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software)
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1918696 2017-05-08] (TomTom)
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [isMiner V 1.9] => "C:\Users\Pavel\AppData\Roaming\isMiner\isMiner.exe" -checkforupdates <===== ATTENTION
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [msiql] => C:\Users\Pavel\AppData\Local\Temp\is-9OMOF.tmp\PopWnd.exe /RUNNING <===== ATTENTION
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [-36evSZXiV.exe] => C:\Program Files\Bandizip\TH9DJ\-36evSZXiV.exe -r1_5 -r2_1
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe /autostart <===== ATTENTION
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Pavel\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [JzShlobj] -> {9A0700D2-920A-4E52-8697-9B5230C92612} => C:\Program Files (x86)\Maoha\JiSuZip\JZipExt.dll -> No File
Startup: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-05-22]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Pavel\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{45a4bc62-200a-4446-862e-ec0b9dbcd902}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
URLSearchHook: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No File
SearchScopes: HKLM-x32 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm007^YYA^cz&si=CL6X8ovl4cECFbDLtAodRj0AIg&ptb=5477A9B7-1432-44C8-9262-C8076807290D&ind=2014110415&n=780ce2cf&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M ... -SearchBox
SearchScopes: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> {19E51EAF-6BCC-4FD5-BA32-C25DCA9A74DC} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> {2C92C4CC-E6A6-46B5-9029-D2F89334D433} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_16194
SearchScopes: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm007^YYA^cz&si=CL6X8ovl4cECFbDLtAodRj0AIg&ptb=5477A9B7-1432-44C8-9262-C8076807290D&ind=2014110415&n=780ce2cf&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> {5A73B9ED-3C3D-475D-8A5F-6E8047A8B61C} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=A ... psv=&pt=tb
SearchScopes: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> {77D844FF-4B69-4420-8C4F-D613510B1CDF} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> {9FDE2344-FC0A-4EE9-88DB-6EBD783FBD06} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_16194
SearchScopes: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> {B7BDB1BA-2457-4530-874A-85EAF4C93563} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> {C19B27F4-B12A-4B94-AC10-085F0E36B463} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_16194
SearchScopes: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> {D07BCFBA-3324-42ED-AA59-46644A31A15F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> {E53924F9-68A5-4628-A8FE-9E02541EAC2E} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> {FAA94AA0-B05F-4D47-9E76-9F4745572A9E} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_16194
BHO-x32: No Name -> {6a79cdac-f710-4996-842b-fdc33b785a35} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-20] (Oracle Corporation)
BHO-x32: No Name -> {d9f16d8b-81b5-4667-af4d-25365bbf7fc9} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-20] (Oracle Corporation)
Toolbar: HKLM - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} - No File
Toolbar: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> No Name - {F41A56D2-7B52-4D16-812C-A63C6CA9D4C5} - No File

FireFox:
========
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-20] (Oracle Corporation)
FF Plugin-x32: @OnlineMapFinder_9p.com/Plugin -> C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\NP9pStub.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2184864857-1076823462-3011522754-1001: SkypePlugin -> C:\Users\Pavel\AppData\Local\SkypePlugin\7.30.0.98\npGatewayNpapi.dll [2016-12-28] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2184864857-1076823462-3011522754-1001: SkypePlugin64 -> C:\Users\Pavel\AppData\Local\SkypePlugin\7.30.0.98\npGatewayNpapi-x64.dll [2016-12-28] (Skype Technologies S.A.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR NewTab: Default -> Active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html"
CHR DefaultSearchURL: Default -> hxxp://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam.cz
CHR DefaultSuggestURL: Default -> hxxp://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default [2017-05-22]
CHR Extension: (Prezentace Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-15]
CHR Extension: (Dokumenty Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-15]
CHR Extension: (Disk Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-15]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2017-05-20]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2017-05-20]
CHR Extension: (YouTube) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-15]
CHR Extension: (Tabulky Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-15]
CHR Extension: (Skype) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-23]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2017-05-20]
CHR Extension: (Gmail) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-15]
CHR Extension: (Chrome Media Router) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Auhardwaregl; C:\Windows\SysWow64\Auhardwaregl.dll [454440 2017-05-20] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1530376 2017-04-27] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-07-10] (EasyAntiCheat Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [512576 2017-05-19] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7955008 2017-05-19] (GOG.com)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [192304 2016-02-16] ()
R2 JszipService; C:\Program Files (x86)\Maoha\JiSuZip\JszipSvc.exe [130072 2017-02-16] (深圳市猫哈网络科技发展有限公司)
R2 MBAMScheduler; C:\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2162064 2017-05-20] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3136920 2017-05-20] (Electronic Arts)
S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2016-09-23] (SHAREit Technologies Co.Ltd)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
S2 Recover; C:\Program Files\Windows Media Player\ORYPS6G2SKIT9NTIP5Q\8'N&MA_hUv.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 HWHandSet; C:\WINDOWS\system32\DRIVERS\hw_quusbmdm.sys [223232 2016-02-16] (Huawei Technologies Co., Ltd.)
R1 JszipProtect; C:\Program Files (x86)\Maoha\JiSuZip\JsZipProtect64.sys [39256 2016-12-27] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2017-05-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R1 netboostmaster; C:\WINDOWS\system32\drivers\netboostmaster.sys [2911592 2017-05-22] () [File not signed]
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
R2 Uefochubsrv; C:\WINDOWS\system32\drivers\Uefochubsrv.sys [196640 2017-05-20] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 WiserIso; C:\WINDOWS\System32\Drivers\vcdrom.sys [25432 2016-12-27] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-23 19:48 - 2017-05-23 19:48 - 00020495 _____ C:\Users\Pavel\Desktop\FRST.txt
2017-05-23 19:45 - 2017-05-23 19:45 - 00000000 _____ C:\Users\Pavel\Desktop\FRSTLauncher.exe
2017-05-23 19:38 - 2017-05-23 19:48 - 00000000 ____D C:\FRST
2017-05-23 19:33 - 2017-05-23 19:33 - 02429952 _____ (Farbar) C:\Users\Pavel\Desktop\FRST64.exe
2017-05-22 20:40 - 2017-05-22 20:40 - 00000000 ____D C:\WINDOWS\pss
2017-05-21 20:08 - 2017-05-21 20:10 - 00000000 ____D C:\Users\Pavel\Documents\cosi, co bylo na plose
2017-05-21 19:56 - 2017-05-21 19:56 - 00215012 _____ C:\Users\Pavel\Documents\cc_20170521_195630.reg
2017-05-21 19:55 - 2017-05-21 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-21 19:55 - 2017-05-21 19:55 - 00000000 ____D C:\Program Files\CCleaner
2017-05-21 19:49 - 2017-05-21 19:54 - 09548112 _____ (Piriform Ltd) C:\Users\Pavel\Downloads\ccsetup530.exe
2017-05-21 19:36 - 2017-05-21 19:55 - 00000414 _____ C:\WINDOWS\wininit.ini
2017-05-21 19:24 - 2017-05-21 19:27 - 08894896 _____ (IObit ) C:\Users\Pavel\Downloads\Nepotvrzeno 445552.crdownload
2017-05-21 18:44 - 2017-05-21 18:44 - 00000000 ____D C:\LocalData
2017-05-21 18:43 - 2017-05-21 18:43 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\IObit
2017-05-21 18:34 - 2017-05-21 18:38 - 15721672 _____ (IObit ) C:\Users\Pavel\Downloads\driver_booster_setup.exe
2017-05-20 21:27 - 2017-05-20 21:38 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-05-20 20:59 - 2017-05-23 19:32 - 00000000 ____D C:\ProgramData\XLiPlatform
2017-05-20 20:56 - 2017-05-23 19:24 - 02793264 _____ C:\WINDOWS\netboostmasterHelp.dll
2017-05-20 20:56 - 2017-05-22 20:46 - 02911592 _____ C:\WINDOWS\system32\Drivers\netboostmaster.sys
2017-05-20 20:56 - 2017-05-20 20:56 - 02941800 _____ C:\WINDOWS\system32\Drivers\F785D4AC4C7B.dat
2017-05-20 20:48 - 2017-05-23 19:48 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-20 20:48 - 2017-05-20 20:56 - 00000000 ____D C:\ProgramData\Cache
2017-05-20 20:47 - 2017-05-20 20:47 - 00000738 _____ C:\Users\Pavel\Desktop\Malwarebytes Anti-Malware.lnk
2017-05-20 20:47 - 2017-05-20 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-05-20 20:47 - 2017-05-20 20:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-20 20:47 - 2017-05-20 20:47 - 00000000 ____D C:\Malwarebytes Anti-Malware
2017-05-20 20:47 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-05-20 20:47 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-20 20:47 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-20 20:43 - 2017-05-20 20:43 - 00000000 ___HD C:\OneDriveTemp
2017-05-20 20:14 - 2017-05-20 20:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-05-20 20:14 - 2017-05-20 20:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-05-20 20:13 - 2017-05-20 20:13 - 00454440 _____ C:\WINDOWS\SysWOW64\Auhardwaregl.dll
2017-05-20 20:13 - 2017-05-20 20:13 - 00196640 _____ C:\WINDOWS\system32\Drivers\Uefochubsrv.sys
2017-05-20 20:13 - 2017-05-20 20:13 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
2017-05-20 20:13 - 2017-05-20 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\WindowsTM
2017-05-20 20:13 - 2017-05-20 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\极速压缩
2017-05-20 20:13 - 2017-05-20 20:13 - 00000000 ____D C:\Program Files (x86)\Maoha
2017-05-20 20:13 - 2016-12-27 04:34 - 00025432 _____ C:\WINDOWS\system32\Drivers\vcdrom.sys
2017-05-20 20:12 - 2017-05-23 19:32 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\Seznam.cz
2017-05-20 20:12 - 2017-05-20 20:12 - 00002914 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
2017-05-20 20:12 - 2017-05-20 20:12 - 00002620 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
2017-05-20 20:11 - 2017-05-22 20:26 - 00000198 _____ C:\ServiceLog.txt
2017-05-20 20:11 - 2017-05-20 20:11 - 00003278 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_DEFAULT
2017-05-20 20:11 - 2017-05-20 20:11 - 00003104 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_UPDATES
2017-05-20 20:10 - 2017-05-20 21:05 - 00000000 ____D C:\ProgramData\VideoMemoryDiagnostic
2017-05-20 20:10 - 2017-05-20 20:10 - 00016852 _____ C:\WINDOWS\System32\Tasks\Magia Virtual Basic
2017-05-20 20:10 - 2017-05-20 20:10 - 00003044 _____ C:\WINDOWS\System32\Tasks\Pritc
2017-05-20 20:08 - 2017-05-20 20:08 - 00002922 _____ C:\WINDOWS\System32\Tasks\One System CarePeriod
2017-05-20 19:49 - 2017-05-20 19:49 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\BANDISOFT
2017-05-20 19:39 - 2017-05-20 19:39 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\Bandicam Company
2017-05-20 19:39 - 2017-05-20 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2017-05-20 15:22 - 2017-05-20 15:22 - 00000000 ____D C:\ProgramData\Sony
2017-05-20 15:20 - 2017-05-20 15:22 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\Sony
2017-05-20 15:20 - 2017-05-20 15:20 - 00000000 ____D C:\Users\Pavel\AppData\Local\Sony
2017-05-20 15:18 - 2017-05-20 15:18 - 00001026 _____ C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Vegas Pro 13.0 (64-bit).lnk
2017-05-20 15:18 - 2017-05-20 15:18 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony
2017-05-20 15:18 - 2017-05-20 15:18 - 00000000 ____D C:\Program Files (x86)\Sony
2017-05-20 15:17 - 2017-05-20 15:18 - 00000000 ____D C:\Program Files\Sony
2017-05-16 08:37 - 2017-05-16 08:37 - 00276672 _____ C:\Users\Pavel\Downloads\Lada.jpeg
2017-05-16 08:29 - 2017-05-16 08:29 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\Google
2017-05-13 12:34 - 2017-04-28 03:07 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-13 12:34 - 2017-04-28 02:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-13 12:34 - 2017-04-28 02:56 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-13 12:34 - 2017-04-28 02:55 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-13 12:34 - 2017-04-28 02:51 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-13 12:34 - 2017-04-28 02:46 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-13 12:34 - 2017-04-28 02:40 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-13 12:34 - 2017-04-28 02:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-13 12:34 - 2017-04-28 02:26 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-13 12:34 - 2017-04-28 02:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-13 12:34 - 2017-04-28 02:00 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-13 12:34 - 2017-04-28 01:58 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-13 12:34 - 2017-04-28 01:57 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-13 12:33 - 2017-04-28 03:38 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-13 12:33 - 2017-04-28 03:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-13 12:33 - 2017-04-28 03:19 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-13 12:33 - 2017-04-28 03:18 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-13 12:33 - 2017-04-28 03:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-13 12:33 - 2017-04-28 03:12 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-13 12:33 - 2017-04-28 03:12 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-13 12:33 - 2017-04-28 03:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-13 12:33 - 2017-04-28 03:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-13 12:33 - 2017-04-28 03:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-13 12:33 - 2017-04-28 03:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-13 12:33 - 2017-04-28 03:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-13 12:33 - 2017-04-28 03:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-13 12:33 - 2017-04-28 03:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-13 12:33 - 2017-04-28 03:06 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-13 12:33 - 2017-04-28 03:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-13 12:33 - 2017-04-28 03:05 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-13 12:33 - 2017-04-28 03:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-13 12:33 - 2017-04-28 03:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-13 12:33 - 2017-04-28 03:00 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-13 12:33 - 2017-04-28 02:59 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-13 12:33 - 2017-04-28 02:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-13 12:33 - 2017-04-28 02:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-13 12:33 - 2017-04-28 02:59 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-13 12:33 - 2017-04-28 02:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-13 12:33 - 2017-04-28 02:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-13 12:33 - 2017-04-28 02:58 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-13 12:33 - 2017-04-28 02:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-13 12:33 - 2017-04-28 02:53 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-13 12:33 - 2017-04-28 02:52 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-13 12:33 - 2017-04-28 02:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-13 12:33 - 2017-04-28 02:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-13 12:33 - 2017-04-28 02:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-13 12:33 - 2017-04-28 02:49 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-13 12:33 - 2017-04-28 02:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-13 12:33 - 2017-04-28 02:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-13 12:33 - 2017-04-28 02:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-13 12:33 - 2017-04-28 02:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-13 12:33 - 2017-04-28 02:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-13 12:33 - 2017-04-28 02:42 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-13 12:33 - 2017-04-28 02:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-13 12:33 - 2017-04-28 02:42 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-13 12:33 - 2017-04-28 02:42 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-13 12:33 - 2017-04-28 02:41 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-13 12:33 - 2017-04-28 02:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-13 12:33 - 2017-04-28 02:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-13 12:33 - 2017-04-28 02:40 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-13 12:33 - 2017-04-28 02:40 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-13 12:33 - 2017-04-28 02:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-13 12:33 - 2017-04-28 02:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-13 12:33 - 2017-04-28 02:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-13 12:33 - 2017-04-28 02:38 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-13 12:33 - 2017-04-28 02:38 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-13 12:33 - 2017-04-28 02:37 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-13 12:33 - 2017-04-28 02:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-13 12:33 - 2017-04-28 02:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-13 12:33 - 2017-04-28 02:33 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-13 12:33 - 2017-04-28 02:15 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-13 12:33 - 2017-04-28 02:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-13 12:33 - 2017-04-28 02:14 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-13 12:33 - 2017-04-28 02:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-13 12:33 - 2017-04-28 02:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-13 12:33 - 2017-04-28 02:11 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-13 12:33 - 2017-04-28 02:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-13 12:33 - 2017-04-28 02:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-13 12:33 - 2017-04-28 02:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-13 12:33 - 2017-04-28 02:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-13 12:33 - 2017-04-28 02:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-13 12:33 - 2017-04-28 02:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-13 12:33 - 2017-04-28 02:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-13 12:33 - 2017-04-28 02:06 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-13 12:33 - 2017-04-28 02:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-13 12:33 - 2017-04-28 02:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-13 12:33 - 2017-04-28 02:05 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-13 12:33 - 2017-04-28 02:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-13 12:33 - 2017-04-28 02:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-13 12:33 - 2017-04-28 02:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-13 12:33 - 2017-04-28 02:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-13 12:33 - 2017-04-28 02:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-13 12:33 - 2017-04-28 02:03 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-13 12:33 - 2017-04-28 02:03 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-13 12:33 - 2017-04-28 02:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-13 12:33 - 2017-04-28 02:03 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-13 12:33 - 2017-04-28 02:02 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-13 12:33 - 2017-04-28 02:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-13 12:33 - 2017-04-28 02:01 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-13 12:33 - 2017-04-28 01:59 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-13 12:33 - 2017-04-28 01:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-13 12:33 - 2017-04-28 01:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-13 12:33 - 2017-04-28 01:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-13 12:33 - 2017-04-28 01:59 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-13 12:33 - 2017-04-28 01:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-13 12:33 - 2017-04-28 01:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-13 12:33 - 2017-04-28 01:57 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-13 12:33 - 2017-04-28 01:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-13 12:33 - 2017-04-28 01:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-13 12:33 - 2017-04-28 01:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-13 12:33 - 2017-04-28 01:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-13 12:33 - 2017-04-28 01:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-13 12:33 - 2017-04-28 01:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-01 15:12 - 2017-05-01 15:12 - 00000000 ____D C:\Users\Pavel\AppData\Local\DBG
2017-05-01 13:42 - 2017-05-01 13:42 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-01 13:42 - 2017-05-01 13:42 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-01 13:42 - 2017-05-01 13:42 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-05-01 13:42 - 2017-05-01 13:42 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-05-01 13:42 - 2017-05-01 13:42 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-01 13:42 - 2017-05-01 13:42 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-05-01 13:42 - 2017-05-01 13:42 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-01 13:42 - 2017-05-01 13:42 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-01 13:42 - 2017-05-01 13:42 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-01 13:42 - 2017-05-01 13:42 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-01 13:42 - 2017-05-01 13:42 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-05-01 13:42 - 2017-05-01 13:42 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-01 13:42 - 2017-05-01 13:42 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-01 13:42 - 2017-05-01 13:42 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-01 13:42 - 2017-05-01 13:42 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-01 13:42 - 2017-05-01 13:42 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-01 13:42 - 2017-05-01 13:42 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-01 13:42 - 2017-05-01 13:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-01 13:42 - 2017-05-01 13:42 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-05-01 13:42 - 2017-05-01 13:42 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-05-01 13:37 - 2017-05-01 13:37 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-01 13:37 - 2017-05-01 12:48 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-01 13:35 - 2017-05-20 20:10 - 00000000 ____D C:\Program Files\MSBuild
2017-05-01 13:35 - 2017-05-01 13:35 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-05-01 13:35 - 2017-05-01 13:35 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-05-01 13:35 - 2017-05-01 13:35 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-05-01 13:35 - 2017-05-01 13:35 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-01 13:35 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-05-01 13:35 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-05-01 13:35 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-05-01 13:35 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-05-01 13:35 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-05-01 13:35 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-05-01 13:17 - 2017-05-01 13:17 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-05-01 13:14 - 2017-05-01 13:14 - 00000020 ___SH C:\Users\Pavel\ntuser.ini
2017-05-01 13:10 - 2017-05-01 13:12 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-05-01 13:10 - 2017-05-01 13:12 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-05-01 13:07 - 2017-05-23 19:31 - 02105994 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-01 13:05 - 2017-05-23 19:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-01 13:05 - 2017-05-02 17:19 - 00004052 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C25D6FB6-1E7D-4945-B59E-51B8AB958B50}
2017-05-01 13:05 - 2017-05-01 13:21 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-01 13:05 - 2017-05-01 13:06 - 00003398 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-01 13:05 - 2017-05-01 13:06 - 00002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2184864857-1076823462-3011522754-1001
2017-05-01 13:05 - 2017-05-01 13:06 - 00002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2017-05-01 13:05 - 2017-05-01 13:06 - 00002318 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2017-05-01 13:05 - 2017-05-01 13:05 - 00003174 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-01 13:05 - 2017-05-01 13:05 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-05-01 12:59 - 2017-05-01 12:59 - 00000000 ____D C:\ProgramData\USOShared
2017-05-01 12:58 - 2017-05-01 12:58 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-01 12:54 - 2017-05-01 12:59 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-05-01 12:52 - 2017-05-21 18:24 - 00000000 ____D C:\Users\Pavel
2017-05-01 12:52 - 2017-05-01 12:52 - 00000000 _SHDL C:\Users\Pavel\Šablony
2017-05-01 12:52 - 2017-05-01 12:52 - 00000000 _SHDL C:\Users\Pavel\Soubory cookie
2017-05-01 12:52 - 2017-05-01 12:52 - 00000000 _SHDL C:\Users\Pavel\Poslední
2017-05-01 12:52 - 2017-05-01 12:52 - 00000000 _SHDL C:\Users\Pavel\Okolní tiskárny
2017-05-01 12:52 - 2017-05-01 12:52 - 00000000 _SHDL C:\Users\Pavel\Okolní síť
2017-05-01 12:52 - 2017-05-01 12:52 - 00000000 _SHDL C:\Users\Pavel\Nabídka Start
2017-05-01 12:52 - 2017-05-01 12:52 - 00000000 _SHDL C:\Users\Pavel\Dokumenty
2017-05-01 12:52 - 2017-05-01 12:52 - 00000000 _SHDL C:\Users\Pavel\Documents\Obrázky
2017-05-01 12:52 - 2017-05-01 12:52 - 00000000 _SHDL C:\Users\Pavel\Documents\Hudba
2017-05-01 12:52 - 2017-05-01 12:52 - 00000000 _SHDL C:\Users\Pavel\Documents\Filmy
2017-05-01 12:52 - 2017-05-01 12:52 - 00000000 _SHDL C:\Users\Pavel\Data aplikací
2017-05-01 12:52 - 2017-05-01 12:52 - 00000000 _SHDL C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-05-01 12:52 - 2017-05-01 12:52 - 00000000 _SHDL C:\Users\Pavel\AppData\Local\Data aplikací
2017-05-01 12:51 - 2017-03-18 22:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-01 12:51 - 2016-12-29 14:44 - 06386232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-01 12:51 - 2016-12-29 14:44 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-01 12:51 - 2016-12-29 14:44 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-01 12:51 - 2016-12-29 14:44 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-01 12:51 - 2016-12-29 14:44 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-01 12:51 - 2016-12-29 14:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-01 12:51 - 2016-12-29 14:44 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-01 12:51 - 2016-12-19 09:26 - 07651057 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-05-01 12:50 - 2017-05-01 12:55 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-01 12:50 - 2017-05-01 12:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-01 12:50 - 2017-05-01 12:55 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-01 12:50 - 2017-05-01 12:50 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-05-01 12:48 - 2017-05-19 21:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-01 12:48 - 2017-05-17 18:56 - 00291856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-30 11:02 - 2017-05-21 20:00 - 00000000 ___DC C:\WINDOWS\Panther
2017-04-29 12:27 - 2017-04-29 12:27 - 00001256 _____ C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aktualizace a nastavení ochrany osobních údajů.lnk
2017-04-29 12:27 - 2017-04-29 12:27 - 00000000 ____D C:\Users\Pavel\AppData\Local\UNP
2017-04-28 18:43 - 2017-05-01 12:59 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-04-28 18:43 - 2017-04-28 18:44 - 00000000 ____D C:\Program Files\UNP
2017-04-27 17:44 - 2017-04-27 17:44 - 00000000 ____D C:\Users\Pavel\AppData\Local\GOG.com

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-23 19:31 - 2017-03-20 06:43 - 00918758 _____ C:\WINDOWS\system32\perfh005.dat
2017-05-23 19:31 - 2017-03-20 06:43 - 00201710 _____ C:\WINDOWS\system32\perfc005.dat
2017-05-23 19:27 - 2015-10-30 17:28 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\Skype
2017-05-23 19:27 - 2015-05-15 21:17 - 00000000 __RDO C:\Users\Pavel\OneDrive
2017-05-23 15:41 - 2014-07-11 00:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 15:38 - 2014-07-11 00:24 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-23 15:36 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-23 15:36 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-22 21:00 - 2015-03-25 17:37 - 00000000 ____D C:\Users\Pavel\Desktop\Pavlovo
2017-05-22 20:34 - 2017-03-23 17:15 - 00001281 _____ C:\Users\Pavel\Desktop\Facebook Gameroom.lnk
2017-05-22 20:34 - 2017-03-23 17:15 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2017-05-22 20:33 - 2017-03-23 17:15 - 00000000 ____D C:\Users\Pavel\AppData\Local\Facebook
2017-05-22 20:32 - 2014-12-30 20:02 - 00000000 ____D C:\ProgramData\Origin
2017-05-22 19:05 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-21 20:51 - 2014-07-12 09:46 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-21 20:10 - 2017-03-10 17:59 - 00000000 ____D C:\Users\Pavel\Desktop\Trash
2017-05-21 20:00 - 2014-09-27 20:01 - 00000000 ____D C:\Users\Pavel\AppData\Local\CrashDumps
2017-05-21 19:36 - 2016-04-18 19:13 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MobiKin
2017-05-21 19:36 - 2016-04-18 19:13 - 00000000 ____D C:\Program Files (x86)\MobiKin
2017-05-21 19:33 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-21 18:44 - 2014-07-12 10:31 - 00000000 ____D C:\Program Files (x86)\IObit
2017-05-21 18:43 - 2014-07-12 10:31 - 00000000 ____D C:\ProgramData\IObit
2017-05-21 18:40 - 2015-12-14 19:49 - 00000000 ____D C:\Users\Pavel\AppData\Local\Ubisoft Game Launcher
2017-05-21 18:08 - 2017-03-18 13:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-21 09:35 - 2017-02-01 20:55 - 00000988 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2017-05-21 09:34 - 2017-02-01 20:55 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2017-05-20 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\vpnplugins
2017-05-20 20:44 - 2014-12-30 20:08 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\Origin
2017-05-20 20:10 - 2014-10-29 22:11 - 00000000 ____D C:\Program Files\Bandizip
2017-05-20 19:37 - 2014-12-31 10:05 - 00000000 ____D C:\Program Files (x86)\Origin
2017-05-20 15:44 - 2014-08-16 07:38 - 00000000 ___RD C:\Users\Pavel\Documents\Scanned Documents
2017-05-19 19:53 - 2015-10-12 10:18 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2017-05-17 19:34 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-17 19:06 - 2016-10-15 11:16 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-17 19:06 - 2016-10-15 11:16 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-17 18:57 - 2016-04-27 08:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-16 08:38 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-16 08:38 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-16 08:38 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-16 08:38 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-16 08:22 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-04 20:28 - 2016-07-10 18:13 - 00620072 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-05-03 18:53 - 2014-07-10 21:41 - 00000000 ____D C:\Users\Pavel\AppData\Local\Packages
2017-05-02 19:40 - 2017-02-01 18:15 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\TS3Client
2017-05-02 17:18 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-05-01 13:47 - 2017-03-18 23:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-01 13:44 - 2017-03-18 23:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-01 13:43 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-01 13:43 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-01 13:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-01 13:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-01 13:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-01 13:43 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-01 13:35 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-05-01 13:35 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-05-01 13:21 - 2016-06-28 16:29 - 00002429 _____ C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-01 13:16 - 2016-11-09 18:33 - 00000000 ____D C:\Users\Pavel\AppData\Local\ConnectedDevicesPlatform
2017-05-01 13:15 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-01 13:14 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows NT
2017-05-01 13:13 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-01 13:13 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-01 13:13 - 2017-03-18 13:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-05-01 13:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-05-01 13:06 - 2017-03-20 06:46 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-01 13:06 - 2014-07-11 17:47 - 00023020 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-05-01 13:05 - 2017-03-18 23:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-01 12:59 - 2017-04-01 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-05-01 12:59 - 2017-03-23 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher Enhanced Edition [GOG.com]
2017-05-01 12:59 - 2017-03-23 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2 [GOG.com]
2017-05-01 12:59 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-05-01 12:59 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-01 12:59 - 2017-02-01 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2017-05-01 12:59 - 2016-04-18 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2017-05-01 12:59 - 2016-03-19 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
2017-05-01 12:59 - 2015-12-29 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Papers, Please [GOG.com]
2017-05-01 12:59 - 2015-11-11 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlast [GOG.com]
2017-05-01 12:59 - 2015-10-31 00:25 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2017-05-01 12:59 - 2015-10-31 00:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2017-05-01 12:59 - 2015-05-02 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed™ Most Wanted
2017-05-01 12:59 - 2014-12-31 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15
2017-05-01 12:59 - 2014-12-30 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-05-01 12:59 - 2014-10-29 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandizip
2017-05-01 12:59 - 2014-10-02 21:19 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-01 12:59 - 2014-09-27 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 16
2017-05-01 12:59 - 2014-07-20 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-01 12:59 - 2014-07-12 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-01 12:59 - 2014-07-12 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-01 12:56 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2017-05-01 12:56 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2017-05-01 12:56 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-05-01 12:56 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2017-05-01 12:56 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-05-01 12:56 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-01 12:56 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-05-01 12:56 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-01 12:56 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2017-05-01 12:56 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2017-05-01 12:56 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-05-01 12:56 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\IME
2017-05-01 12:56 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\et-EE
2017-05-01 12:56 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-05-01 12:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-05-01 12:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-05-01 12:55 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\InputMethod
2017-05-01 12:55 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-01 12:55 - 2016-04-18 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit
2017-05-01 12:55 - 2016-01-08 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-01 12:55 - 2015-10-31 00:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters
2017-05-01 12:55 - 2015-10-12 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-05-01 12:55 - 2014-10-09 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos Interactive
2017-05-01 12:55 - 2014-10-09 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
2017-05-01 12:54 - 2015-12-14 19:49 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-05-01 12:51 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-01 12:51 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-04-29 15:30 - 2016-09-17 14:12 - 00000000 ____D C:\Users\Pavel\AppData\Local\GeometryDash
2017-04-29 03:05 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-29 03:05 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-07-12 10:33 - 2014-07-15 17:34 - 0007614 _____ () C:\Users\Pavel\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-05-21 18:44 - 2017-05-21 18:38 - 15721672 _____ (IObit ) C:\Users\Pavel\AppData\Local\Temp\driver_booster_setup.42876,7810244444.exe
2017-05-20 20:10 - 2017-05-20 20:10 - 3020288 _____ (isMiner worker and updater for windows of isMiner inc ) C:\Users\Pavel\AppData\Local\Temp\isminer.exe
2017-05-20 20:09 - 2017-05-20 20:09 - 0755695 _____ ( ) C:\Users\Pavel\AppData\Local\Temp\Setup.exe
2017-05-20 20:10 - 2017-05-20 20:10 - 1199825 _____ () C:\Users\Pavel\AppData\Local\Temp\unins000.exe
2017-05-20 20:10 - 2017-05-20 20:10 - 0596541 _____ (VideoBox ) C:\Users\Pavel\AppData\Local\Temp\vbsetup.exe
2017-05-20 20:10 - 2017-05-20 20:10 - 3053319 _____ ( ) C:\Users\Pavel\AppData\Local\Temp\yeadesktop.exe
2017-05-23 15:35 - 2017-05-23 15:35 - 0534528 _____ () C:\Users\Pavel\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.

LastRegBack: 2017-05-22 18:58

==================== End of FRST.txt ============================
Přílohy
Addition.zip
2. log v .zip
(47.36 KiB) Staženo 99 x
Nahoru
Kodlz
Přítel fóra
Přítel fóra
Příspěvky: 780
Registrován: 30 kvě 2008 12:11

Re: Pomalý PC, reklamy...Maoha? (Win10)

#4 Příspěvek od Kodlz »

soubor Addition.zip mi nejde otevrit. zkus prosim vlozit vypis toho logu sem na vlakno.
Nahoru
JUSTpavelF
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 23 kvě 2017 14:40

Re: Pomalý PC, reklamy...Maoha? (Win10)

#5 Příspěvek od JUSTpavelF »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by Pavel (23-05-2017 19:49:44)
Running from C:\Users\Pavel\Desktop
Windows 10 Home Version 1703 (X64) (2017-05-01 11:14:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2184864857-1076823462-3011522754-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2184864857-1076823462-3011522754-503 - Limited - Disabled)
Guest (S-1-5-21-2184864857-1076823462-3011522754-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2184864857-1076823462-3011522754-1005 - Limited - Enabled)
Pavel (S-1-5-21-2184864857-1076823462-3011522754-1001 - Administrator - Enabled) => C:\Users\Pavel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1.0.0.1 (HKLM-x32\...\YeaDesktop) (Version: 1.0.0.1 - )
Aktualizace NVIDIA 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Assassin's Creed III (HKLM-x32\...\Uplay Install 54) (Version: - Ubisoft)
Balíček ovladače systému Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Balíček ovladače systému Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.4.0.1227 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Bandizip (HKLM\...\Bandizip) (Version: 5.03 - Bandisoft.com)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts)
Elevated Installer (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)
Facebook Gameroom 1.4.1.0 (HKLM-x32\...\{BF83FC65-8072-4850-A4CE-969A5F3570DA}) (Version: 1.4.1.0 - Facebook)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Geometry Dash (HKLM\...\Steam App 322170) (Version: - RobTop Games)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GoUnzip Internet Explorer Homepage and New Tab (HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\GoUnzipTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Gwent (HKLM-x32\...\1853006981_is1) (Version: 2.0.0.1 - GOG.com)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Hitman - Codename 47 (HKLM-x32\...\Hitman - Codename 47) (Version: - )
Hitman 2: Silent Assassin (HKLM-x32\...\Hitman 2: Silent Assassin) (Version: - Eidos Interactive)
Hitman Blood Money (HKLM-x32\...\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}) (Version: 1.00.0000 - Eidos)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive)
Hitman: Contracts (HKLM-x32\...\Hitman: Contracts) (Version: - Eidos)
Isminer 19 (HKLM-x32\...\isMiner) (Version: 19 - isMiner inc ) <==== ATTENTION
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
LibreOffice 5.0.5.2 (HKLM-x32\...\{43D862C3-739D-4FF6-91C0-25612368CC81}) (Version: 5.0.5.2 - The Document Foundation)
Malwarebytes Anti-Malware verze 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MobiKin Assistant for Android (HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\MobiKin Assistant for Android) (Version: 1.6.53 - MobiKin)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
One System Care (HKLM-x32\...\OneSystemCare) (Version: 4.4.0.3 - OneSystemCare) <==== ATTENTION
OnlineMapFinder Internet Explorer Toolbar (HKLM-x32\...\OnlineMapFinder_9pbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Origin (HKLM-x32\...\Origin) (Version: 10.4.10.46586 - Electronic Arts, Inc.)
Outlast - Whistleblower (HKLM-x32\...\Outlast: Whistleblower_is1) (Version: 2.1.0.8 - GOG.com)
Outlast (HKLM-x32\...\1207660064_is1) (Version: 2.1.0.8 - GOG.com)
Ovládací panel NVIDIA 376.53 (Version: 376.53 - NVIDIA Corporation) Hidden
Papers, Please (HKLM-x32\...\1207659209_is1) (Version: 2.5.0.11 - GOG.com)
PC Clean Plus (HKLM-x32\...\PC Clean Plus_is1) (Version: 3.6 - pccleanplus.com) <==== ATTENTION
pccleanplus (HKLM\...\pccleanplus) (Version: 6.2 - pccleanplus) <==== ATTENTION
Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Steam App 286940) (Version: - )
Seznam Software (HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\SeznamInstall) (Version: - Seznam.cz)
Shakes and Fidget (HKLM\...\Steam App 438040) (Version: - Playa Games GmbH)
SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.4.152 - SHAREit Technologies Co.Ltd)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Sid Meier's Civilization VI (HKLM\...\Steam App 289070) (Version: - Firaxis)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{16A6A6CB-6959-4C8B-82FC-57F87332B4A2}) (Version: 7.29.0.72 - Skype Technologies S.A.)
Skype Web Plugin (HKLM-x32\...\{2D886DF5-A285-4C69-A78E-4A441B261381}) (Version: 7.30.0.98 - Skype Technologies S.A.)
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
System Healer (HKLM-x32\...\SystemHealer) (Version: 4.4.0.3 - SystemHealer) <==== ATTENTION
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.0 - TeamSpeak Systems GmbH)
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\1207658930_is1) (Version: 3.5.0.26 - GOG.com)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.31.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Blood and Wine (HKLM-x32\...\Blood and Wine_is1) (Version: 1.24.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.24.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.24.0.0 - GOG.com)
The Witcher Enhanced Edition Director's Cut (HKLM-x32\...\1207658924_is1) (Version: 2.1.0.15 - GOG.com)
ToCA Race Driver 3 (HKLM-x32\...\{0297C87B-CC40-446F-865A-031B4FC0CF22}) (Version: 1.00.0000 - Codemasters)
TomTom MyDrive Connect 4.1.5.3181 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.5.3181 - TomTom)
Total War Battles: KINGDOM (HKLM-x32\...\Steam App 300080) (Version: - Creative Assembly)
Total War: Arena (HKLM-x32\...\Steam App 227520) (Version: - Creative Assembly)
Total War: ATTILA (HKLM-x32\...\Steam App 325610) (Version: - Creative Assembly)
Total War™: WARHAMMER® (HKLM\...\Steam App 364360) (Version: - Creative Assembly)
Undertale (HKLM\...\Steam App 391540) (Version: - tobyfox)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version: - Smartly Dressed Games)
Uplay (HKLM-x32\...\Uplay) (Version: 14.0 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM-x32\...\Vegas Pro 13.0 (64-bit)) (Version: 13.0 (64-bit) - Exµs ™)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Who's Your Daddy (HKLM\...\Steam App 427730) (Version: - Joe Williams)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WindowsTM (HKLM-x32\...\WindowsTM) (Version: 1,3,702,1314 - )
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_CZ_is1) (Version: - ZONER software)
�速压缩 (HKLM-x32\...\JiSuZip) (Version: 1.1.18.30 - 深圳市猫�网络科技发展有�公司)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001_Classes\CLSID\{0284FA1D-248C-45D4-9AD0-DAF9D6F409DD}\localserver32 -> C:\Users\Pavel\AppData\Local\SkypePlugin\7.29.0.72\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001_Classes\CLSID\{33B83118-4021-4BBD-A18B-230B03CFADEB}\localserver32 -> C:\Users\Pavel\AppData\Local\SkypePlugin\7.30.0.98\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001_Classes\CLSID\{542D7DEF-9319-488A-AF69-9FD2ED9D48A2}\InprocServer32 -> C:\Users\Pavel\AppData\Local\SkypePlugin\7.29.0.72\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Pavel\AppData\Local\SkypePlugin\7.30.0.98\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001_Classes\CLSID\{E9FC7154-DC9D-43C6-ACF5-168E64B86DE9}\InprocServer32 -> C:\Users\Pavel\AppData\Local\SkypePlugin\7.30.0.98\GatewayActiveX-x64.dll (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08EC59E1-F47E-4DA6-B276-5B1A52D40A3F} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION
Task: {0DBE08A4-CC9B-4BD5-A841-B0A45B60E82B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {16EED193-16B6-4F7E-81B2-31C0BF298ECB} - \RunAtStartup -> No File <==== ATTENTION
Task: {3139C6C8-7E4F-430D-898C-A57959E06DFA} - System32\Tasks\PC Clean Plus_DEFAULT => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {35885A9D-2436-47D3-BD35-F3C995EA9D11} - \PC Clean Plus -> No File <==== ATTENTION
Task: {4239784A-6B68-470A-B075-EC6015C9BDB5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {570D8820-D185-4BC4-BB7E-A9C41E6B6633} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-05-23] (Microsoft Corporation)
Task: {5E2F4832-7FDC-437B-9059-3C84EFECFF84} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {604F523B-E513-4D6B-800D-A8B884831FAF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6783B7E7-30D7-41E6-B2FE-29CDCF36D287} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {68F19590-9478-4009-BB97-F3493ADD0FB6} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {6E08FB15-319B-47D7-8316-C6EF20CB1897} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7010EB55-528E-40E1-85E2-04FC76672E4E} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: {73C725C5-DF28-48F8-9737-044018CACB8F} - \{7E780F47-0C0B-790D-0E11-7D7D0B0E1178} -> No File <==== ATTENTION
Task: {78534202-D5C2-4BAE-BBDC-B68E1751211B} - \One System Care Monitor -> No File <==== ATTENTION
Task: {816A8347-26CF-4ACA-AE80-592267CD8DFB} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {8DCA7D9D-A543-4BA3-A386-93393B3149C2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {8E1E9C78-3FDD-4C7B-9908-A489CE57DB81} - \One System Care Run Delay -> No File <==== ATTENTION
Task: {9162F1DE-BC70-4E58-B957-1BA4F1FAF091} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-15] (Google Inc.)
Task: {9302B2CE-4447-4226-9740-074C49924D52} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: {99D1E9BF-9E9A-4B34-A5EA-5903904FECD5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9B18C722-700A-4E3B-8D5A-4F91A69E3B99} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9DF76244-F977-4266-83A6-54830F7B7211} - \System Healer Task -> No File <==== ATTENTION
Task: {B3F69D97-CFD1-4BA9-B3B6-95D20B687C44} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B4E15CF8-96CF-437C-9EE2-B000CB899860} - \One System Care Task -> No File <==== ATTENTION
Task: {B7D92F1E-82C1-4397-9867-3B766E737F26} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BCC218A0-3849-43DA-9B7D-E2F00D48BC4C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CA6BA4C1-D720-49F0-8FCD-3B49B48ECCDE} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {D3F6237C-B8D1-41FD-9003-1FBEBDFB177D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {DB8AD26C-49BE-4A44-A431-CA8A640702A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-15] (Google Inc.)
Task: {DD251B60-EE13-4DE6-9F8D-C0EFB3E1B76F} - System32\Tasks\PC Clean Plus_UPDATES => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== ATTENTION
Task: {DFB7D4D7-584B-4EA0-B06E-9BA88197D4B9} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {E39CA088-D769-4BE2-AC28-CCAA754770BE} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\VideoMemoryDiagnostic => C:\\ProgramData\\VideoMemoryDiagnostic\\vmdiag.exe
Task: {E9494801-53E4-40B5-B581-2E94D561A8E7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F6EA2AE2-C3BB-42CB-BC47-83D1F7378CF5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F7E928CB-4732-4655-8EE2-3250E4400DE5} - System32\Tasks\Pritc => C:\Users\Pavel\AppData\Local\Temp\is-FP2DB.tmp\Setup.exe <==== ATTENTION
Task: {FDF31C18-3216-40A9-9FD8-46DC6AB23B6C} - \WPD\SqmUpload_S-1-5-21-2184864857-1076823462-3011522754-1001 -> No File <==== ATTENTION
Task: {FF0C7AA7-C9E6-4268-B13C-5806A5978674} - System32\Tasks\Magia Virtual Basic => Rundll32.exe "C:\Program Files\Magia Virtual Basic\Magia Virtual Basic.dll",XEkbAWCZwG

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-05-20 20:10 - 2015-06-01 04:23 - 02699264 _____ () C:\Program Files\Magia Virtual Basic\Magia Virtual Basic.dll
2014-08-05 18:45 - 2011-03-31 07:47 - 00023040 _____ () C:\WINDOWS\System32\xrhr3aLM.DLL
2017-05-20 20:56 - 2017-05-23 19:24 - 02793264 _____ () C:\Windows\netboostmasterHelp.dll
2016-04-18 19:04 - 2016-02-16 11:04 - 00192304 _____ () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
2017-05-22 18:32 - 2017-05-23 19:25 - 00335872 _____ () C:\WINDOWS\TEMP\gC67A.tmp.exe
2017-05-23 15:29 - 2017-05-23 19:25 - 00479744 _____ () C:\WINDOWS\TEMP\g877B.tmp.exe
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-05-20 20:13 - 2017-02-08 13:38 - 00079872 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\12004libfoxloader-x64.dll
2017-03-18 22:59 - 2017-03-20 06:45 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-09 06:36 - 2017-05-10 19:07 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-09 06:36 - 2017-05-10 19:07 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-09 06:36 - 2017-05-10 19:08 - 43195904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-09 06:36 - 2017-05-10 19:07 - 02457088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-20 20:13 - 2017-05-04 17:58 - 00454144 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2017-05-20 20:13 - 2017-02-08 13:39 - 00080576 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2017-03-18 22:58 - 2017-03-18 22:58 - 00047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 02328576 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 02836480 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2017-05-20 20:13 - 2017-02-17 11:31 - 00237080 ____N () c:\program files (x86)\maoha\jisuzip\tipsdll.dll
2017-02-14 09:42 - 2017-02-14 09:42 - 00326144 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-03-28 15:32 - 2017-03-28 15:32 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2017-05-20 20:13 - 2015-05-26 13:37 - 00078504 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\12004libfoxloader.dll
2017-05-02 18:50 - 2017-05-02 18:50 - 01162752 _____ () C:\Users\Pavel\AppData\Local\Facebook\Games\CefSharp.Core.dll
2017-05-02 18:50 - 2017-05-02 18:50 - 67197440 _____ () C:\Users\Pavel\AppData\Local\Facebook\Games\libcef.dll
2017-05-20 20:13 - 2015-05-26 13:38 - 00862888 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2017-05-20 20:13 - 2012-10-24 16:42 - 00247352 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\unlockInstance.dll
2017-05-20 20:13 - 2017-02-08 12:39 - 01847040 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\libfoxcub.dll
2017-05-02 18:50 - 2017-05-02 18:50 - 00752640 _____ () C:\Users\Pavel\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2017-05-02 18:50 - 2017-05-02 18:50 - 01886208 _____ () C:\Users\Pavel\AppData\Local\Facebook\Games\libglesv2.dll
2017-05-02 18:50 - 2017-05-02 18:50 - 00078848 _____ () C:\Users\Pavel\AppData\Local\Facebook\Games\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Pavel\Documents\CZC.jpeg:#3or4kl4x13tuuug3Byamue2s4b [85]
AlternateDataStreams: C:\Users\Pavel\Documents\CZC.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2017-05-20 20:10 - 00001155 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pavel\Desktop\Pavlovo\IMGP4453-bianconerri.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\StartupApproved\Run: => "MyDriveConnect.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FDE4559E-1895-410C-A878-5D3985E9D96C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{527B41AF-5825-430E-A8A0-2F5E41D0AC2F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{313384E6-98C4-4312-B2E5-88646C6A66B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{E6344EF8-FCF9-4695-AE5E-14B33706E74C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [UDP Query User{78F6D010-BEF5-422C-A59F-4B00BE38A4B9}C:\gog games\outlast\binaries\win64\olgame.exe] => (Allow) C:\gog games\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{0B37FE7C-38B4-4905-93C9-B5F28250AF24}C:\gog games\outlast\binaries\win64\olgame.exe] => (Allow) C:\gog games\outlast\binaries\win64\olgame.exe
FirewallRules: [{D4A09E69-786E-40BC-BA86-58D3EC8ED3FB}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{E158D726-96BF-4981-8288-8D376EB52600}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [UDP Query User{CB860384-E2F8-4E7E-AA11-00CD60879F9F}C:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iii\ac3sp.exe] => (Block) C:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iii\ac3sp.exe
FirewallRules: [TCP Query User{F13181F4-9B9B-4408-A90B-EFE1B674A2B8}C:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iii\ac3sp.exe] => (Block) C:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iii\ac3sp.exe
FirewallRules: [{7DA8B7F1-56C9-4FEB-85D4-1B6C879321E3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9FEBF4A2-3966-4597-A2C0-AC809AFD0286}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E7AA6CB9-0493-4339-ADB3-0E1AF1AA257F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{6BAA3844-2AEA-4A67-A6E9-0DF882803FA3}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{792E7F6B-9F7C-4DAE-8F2D-41AB99A8184D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{9A708858-D7EE-4CD8-BF75-71EEE4208363}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{6C0C1A51-CE44-441B-8EE9-10596C141CBE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{99EF248F-2661-4E5D-A664-166C896957DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{BA92281D-5567-4B93-9BA1-DE7807E48906}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned_BE.exe
FirewallRules: [{DF51DF8F-7F60-4DDF-90AE-7FD6682A8DBD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned_BE.exe
FirewallRules: [{00DEA308-A4A0-4CC4-BE1B-B5A27F0D5EC3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [{A3CD9A12-A659-4B42-9E65-CE310766B972}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Attila\launcher\launcher.exe
FirewallRules: [UDP Query User{1D972F70-1381-4C3F-8090-9F71F8203BBB}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [TCP Query User{C159A301-08C0-4563-A72D-F216569EA15D}C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [UDP Query User{6405640E-D50B-4541-A0B3-C37F0FE35C3C}C:\gog games\the witcher 2\bin\witcher2.exe] => (Allow) C:\gog games\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{C6511A3A-4C92-4B5B-9F1E-F44C1B42A425}C:\gog games\the witcher 2\bin\witcher2.exe] => (Allow) C:\gog games\the witcher 2\bin\witcher2.exe
FirewallRules: [{0ED9BF22-4947-4CDA-8DB9-2E53DCA33185}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{82CCC4A6-4589-44F3-902C-9166590DAE85}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [UDP Query User{0014EA8C-5CA1-4DD4-BB13-F718F2493E6E}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D74EBD43-5F61-4F4E-91B7-D9E449E743F0}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F5316677-F195-4F37-B0A0-3654C45810EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Whos Your Daddy\WhosYourDaddy.exe
FirewallRules: [{3190CF49-5A84-4995-9478-A39795C7C92F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Whos Your Daddy\WhosYourDaddy.exe
FirewallRules: [{B72A852F-B8FB-4C2C-B449-609362AF2E01}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{F6E478F2-88B9-45EC-8629-DD34FD4FBD66}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{870238B0-68DB-401B-8FB0-31543EB52DA5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [{C5326311-6D7D-44A9-A6BE-DCAD3A7DE207}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [UDP Query User{4A603D11-168F-4FDD-BDCF-4E795308A453}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{627D03FA-C4B0-4860-B710-5A4858981045}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{5967509E-AC01-4718-B889-35CF0CAE653F}C:\users\pavel\appdata\local\skypeplugin\7.9.0.56\pluginhost.exe] => (Allow) C:\users\pavel\appdata\local\skypeplugin\7.9.0.56\pluginhost.exe
FirewallRules: [TCP Query User{3DE7F340-772E-45B6-98F2-C420669BC301}C:\users\pavel\appdata\local\skypeplugin\7.9.0.56\pluginhost.exe] => (Allow) C:\users\pavel\appdata\local\skypeplugin\7.9.0.56\pluginhost.exe
FirewallRules: [{3978EC49-F89E-4167-A9A1-2EF92412664F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{4F8E142B-6A26-4CFA-B1C7-C579AAA823F8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{F6D3C6B4-4578-4116-A724-BA2EDCC92A78}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{994A6440-43A3-40A5-84FF-3F8D37822AD5}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{4DB1AB88-F4D3-4340-9990-E949D9512828}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{1C79C7BB-B5D6-44CD-8F94-3A741C98F888}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{1979D0B3-2B9B-41FB-AC45-AD3715208B78}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SKILL\DFUBG.exe
FirewallRules: [{B0AFD199-585E-4E07-927E-06252AD98913}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SKILL\DFUBG.exe
FirewallRules: [UDP Query User{D0E11D73-D162-47E1-8513-FC3BA1DABA57}C:\program files (x86)\steam\steamapps\common\total war arena\arena.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war arena\arena.exe
FirewallRules: [TCP Query User{5B89DF9B-2EBD-4492-8199-5E766E78847B}C:\program files (x86)\steam\steamapps\common\total war arena\arena.exe] => (Block) C:\program files (x86)\steam\steamapps\common\total war arena\arena.exe
FirewallRules: [{5B30F4B0-E359-4D55-BA67-C4E42D253EE3}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{10E2E1AE-DAC7-45ED-9196-76BE20BE7020}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{D5492220-43F6-4253-A0B4-2DD46A0B75AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [{09CDBCEB-1C58-43DB-8D46-262FC5C7C647}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [UDP Query User{021368B2-1D6D-4442-AF87-92638FDAA2EC}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [TCP Query User{0FD55F91-EA65-4AD2-98E0-B398F26CB3BF}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe
FirewallRules: [{270B7440-B329-429D-8FB5-E6A62F93BE1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Battles KINGDOM\TWB_Kingdom.exe
FirewallRules: [{4DAE92CA-3A70-4B12-8806-8A6FE9E84105}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Battles KINGDOM\TWB_Kingdom.exe
FirewallRules: [UDP Query User{A41C25AD-1425-42EA-B240-062507BAEBF8}C:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Block) C:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [TCP Query User{5404B3F8-5400-45C2-8595-8F8455511DE7}C:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Block) C:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [UDP Query User{F71081F1-254F-45F1-8FF6-E6146ACFDB37}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{F2B3DAEB-8F9E-4DFB-ADAE-D1E9DC3E16EA}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{4907AC1A-A4B6-4091-AC88-A6762927D92D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman Absolution\HMA.exe
FirewallRules: [{F8B0BAD3-B438-46C1-8A9D-6874FED2B2B5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hitman Absolution\HMA.exe
FirewallRules: [{AF2308F4-912B-4F30-900C-9F1FAFF2CB2D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FB1A6596-7CD5-49C4-8229-BF026DC47045}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [UDP Query User{AD91E084-E6B5-467C-BEC1-524E926BDBC1}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{63162FB4-39F0-40FC-A679-923806774661}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E21B4C0E-35ED-42F4-A554-67FBFB2CD69F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C5DEF70D-4D88-4A91-BF81-903B9329D79A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2542AEE1-27EC-4F34-AE9A-A546EA5FD18A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{98B73FDB-97D3-4923-A714-BA42262B2FE4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EBF424F7-A041-4AC8-A650-FBD938F969B1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CEDC22FF-A90A-4806-B11C-B60D32858648}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{059EC418-42E8-4C92-8462-758BD7ED9AE2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0101DD53-90E4-43EB-9ED6-248E981D5828}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{198DFFAA-C97B-4BB1-9029-06F74F7E34BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{B18030FA-9A18-474C-986B-62BBC8FA5CC8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [TCP Query User{2A27C8EF-FD6A-44CA-89F4-FA83E083854B}C:\users\pavel\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\pavel\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{0642DFCA-E551-4E62-9E9E-90B7C101A406}C:\users\pavel\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\pavel\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{FCFE0F2D-CD2F-431A-8E34-8994887D088E}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{35CF083B-2128-4856-B1C2-7469F0D2D8AF}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{6D494131-EBC1-4BCE-A551-E2DC5C12D386}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{C09B1E0D-37E5-4E4C-9D9A-1F5F682371C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{05A55A93-FB1C-41A6-B4C7-BDCFD5C90FF5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shakes & Fidget\Shakes and Fidget.exe
FirewallRules: [{BAB0F4FA-D8F1-4D92-AC55-8FCEEEC3F798}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shakes & Fidget\Shakes and Fidget.exe
FirewallRules: [TCP Query User{F155653D-D609-4615-B1F9-84182B5A69DF}C:\gog games\gwent (kts)\gwent.exe] => (Allow) C:\gog games\gwent (kts)\gwent.exe
FirewallRules: [UDP Query User{6F9917C4-8FD8-453C-BF6E-8C8CCEAFEDD3}C:\gog games\gwent (kts)\gwent.exe] => (Allow) C:\gog games\gwent (kts)\gwent.exe
FirewallRules: [{5FA2CA3B-6F32-4BB6-9618-688679399D06}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{63E73F05-D43B-4D37-8E93-ACA947B97B4E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{C138A0CD-E376-472D-95DA-80F00A11BB8D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{00362A9E-ACCD-498B-BEBF-77CDF720A02D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{71CE3095-769E-4CE3-B228-E67E94D7C878}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F9F9DD3E-6649-46FD-B78E-95D411ABD671}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{04B77E29-AC60-45D2-9A5D-E0C5F1AF3E1A}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{566E2B27-4321-40A2-A0F2-ECC9E6F616A1}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{EEEF2857-3E73-4679-A4F1-3BE92FBB5282}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{E6953FD1-3A21-412E-A176-CBBFA4A73AC9}] => (Allow) C:\Windows\System32\rundll32.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2017 07:49:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Pavel-pc)
Description: Balíček Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{00061401-0001-0000-e466-040000000000} se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error: (05/23/2017 07:49:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MicrosoftEdge.exe, verze: 11.0.15063.250, časové razítko: 0x58f6ff5f
Název chybujícího modulu: EMODEL.dll, verze: 11.0.15063.296, časové razítko: 0xa50b1267
Kód výjimky: 0xc0000409
Posun chyby: 0x00000000000ea93c
ID chybujĂ­cĂ­ho procesu: 0x2b64
Čas spuštění chybující aplikace: 0x01d2d3ea1a1299ea
Cesta k chybujĂ­cĂ­ aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Cesta k chybujĂ­cĂ­mu modulu: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
ID zprávy: d1233af5-84e7-400a-86d6-6ded4667377d
Úplný název chybujícího balíčku: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
ID aplikace souvisejĂ­cĂ­ s chybujĂ­cĂ­m balĂ­ÄŤkem: MicrosoftEdge

Error: (05/23/2017 07:41:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Pavel-pc)
Description: Balíček Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{00051402-0001-0000-e466-040000000000} se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error: (05/23/2017 07:25:02 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1

Error: (05/23/2017 07:25:02 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1

Error: (05/23/2017 07:25:02 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1

Error: (05/23/2017 04:09:51 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: Pavel-pc)
Description: Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy5

Error: (05/23/2017 04:09:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Pavel-pc)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2147023170. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (05/23/2017 04:09:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchUI.exe, verze: 10.0.15063.0, časové razítko: 0x58ccbc95
Název chybujícího modulu: SearchUI.exe, verze: 10.0.15063.0, časové razítko: 0x58ccbc95
Kód výjimky: 0xc000027b
Posun chyby: 0x00000000001ae2e5
ID chybujĂ­cĂ­ho procesu: 0x2fc4
Čas spuštění chybující aplikace: 0x01d2d3ce2affa070
Cesta k chybujĂ­cĂ­ aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Cesta k chybujĂ­cĂ­mu modulu: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
ID zprávy: 046db914-c923-41c1-89f8-8944a11733fc
Úplný název chybujícího balíčku: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
ID aplikace souvisejĂ­cĂ­ s chybujĂ­cĂ­m balĂ­ÄŤkem: CortanaUI

Error: (05/23/2017 04:09:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Pavel-pc)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2147023170. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.


System errors:
=============
Error: (05/23/2017 07:25:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Origin Web Helper Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (05/23/2017 07:25:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Origin Web Helper Service bylo dosaženo časového limitu (60000 ms).

Error: (05/23/2017 07:24:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Recover neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (05/23/2017 07:24:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba CldFlt neuspěla při spuštění v důsledku následující chyby:
Požadavek není podporován.

Error: (05/23/2017 07:24:38 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Funkce řízení spotřeby pro výkon jsou u logického procesoru technologie Hyper-V 7 zakázány z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.

Error: (05/23/2017 07:24:38 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Funkce řízení spotřeby pro výkon jsou u logického procesoru technologie Hyper-V 6 zakázány z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.

Error: (05/23/2017 07:24:38 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Funkce řízení spotřeby pro výkon jsou u logického procesoru technologie Hyper-V 5 zakázány z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.

Error: (05/23/2017 07:24:38 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Funkce řízení spotřeby pro výkon jsou u logického procesoru technologie Hyper-V 4 zakázány z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.

Error: (05/23/2017 07:24:38 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Funkce řízení spotřeby pro výkon jsou u logického procesoru technologie Hyper-V 3 zakázány z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.

Error: (05/23/2017 07:24:38 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Funkce řízení spotřeby pro výkon jsou u logického procesoru technologie Hyper-V 2 zakázány z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.


==================== Memory info ===========================

Processor: AMD FX(tm)-8120 Eight-Core Processor
Percentage of memory in use: 33%
Total physical RAM: 8173.53 MB
Available physical RAM: 5395.76 MB
Total Virtual: 9453.53 MB
Available Virtual: 6511.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.73 GB) (Free:584.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5884AD94)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)

==================== End of Addition.txt ============================
Nahoru
Kodlz
Přítel fóra
Přítel fóra
Příspěvky: 780
Registrován: 30 kvě 2008 12:11

Re: Pomalý PC, reklamy...Maoha? (Win10)

#6 Příspěvek od Kodlz »

Prvne odinstaluj nasledne aplikace:

YeaDesktop (1.0.0.1 (HKLM-x32\...\YeaDesktop) (Version: 1.0.0.1 - ))
GoUnzip
Isminer
One System Care
OnlineMapFinder
PC Clean Plus
pccleanplus
Seznam Listicku
System Healer



Doporucuji aktualizovat JAVU

Potom Na plose, tam kde mas umisteny FRST vytvor TXT soubor, ktery pojmenujes fixlist.txt a do nej vloz nasledujici text:

( Spusť znovu FRST a klikni na >Fix<. Po skončení akce se objeví log, který sem zkopíruj).

start
CreateRestorePoint:

CloseProcesses:

Hosts:

EmptyTemp:



C:\Program Files (x86)\Maoha\
C:\Windows\Temp\
HKLM\...\Run: [gplyra] => C:\Users\Pavel\AppData\Roaming\gplyra\gplyra.exe <===== ATTENTION
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [isMiner V 1.9] => "C:\Users\Pavel\AppData\Roaming\isMiner\isMiner.exe" -checkforupdates <===== ATTENTION
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [msiql] => C:\Users\Pavel\AppData\Local\Temp\is-9OMOF.tmp\PopWnd.exe /RUNNING <===== ATTENTION
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [-36evSZXiV.exe] => C:\Program Files\Bandizip\TH9DJ\-36evSZXiV.exe -r1_5 -r2_1
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe /autostart <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [JzShlobj] -> {9A0700D2-920A-4E52-8697-9B5230C92612} => C:\Program Files (x86)\Maoha\JiSuZip\JZipExt.dll -> No File
Startup: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-05-22]
URLSearchHook: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No File
SearchScopes: HKLM-x32 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm007^YYA^cz&si=CL6X8ovl4cECFbDLtAodRj0AIg&ptb=5477A9B7-1432-44C8-9262-C8076807290D&ind=2014110415&n=780ce2cf&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm007^YYA^cz&si=CL6X8ovl4cECFbDLtAodRj0AIg&ptb=5477A9B7-1432-44C8-9262-C8076807290D&ind=2014110415&n=780ce2cf&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> {5A73B9ED-3C3D-475D-8A5F-6E8047A8B61C} URL = hxxp://www.search.ask.com/web?tpid=ORJ- ... trgb=IE&q={searchTerms}&psv=&pt=tb
BHO-x32: No Name -> {6a79cdac-f710-4996-842b-fdc33b785a35} -> No File
BHO-x32: No Name -> {d9f16d8b-81b5-4667-af4d-25365bbf7fc9} -> No File
Toolbar: HKLM - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} - No File
Toolbar: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> No Name - {F41A56D2-7B52-4D16-812C-A63C6CA9D4C5} - No File
FF Plugin-x32: @OnlineMapFinder_9p.com/Plugin -> C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\NP9pStub.dll [No File]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2017-05-20]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2017-05-20]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2017-05-20]
R2 Auhardwaregl; C:\Windows\SysWow64\Auhardwaregl.dll [454440 2017-05-20] ()
C:\Windows\SysWow64\Auhardwaregl.dll
R2 JszipService; C:\Program Files (x86)\Maoha\JiSuZip\JszipSvc.exe [130072 2017-02-16] (深圳市猫哈网络科技发展有限公司)
S2 Recover; C:\Program Files\Windows Media Player\ORYPS6G2SKIT9NTIP5Q\8'N&MA_hUv.exe [X]
R1 JszipProtect; C:\Program Files (x86)\Maoha\JiSuZip\JsZipProtect64.sys [39256 2016-12-27] ()
R1 netboostmaster; C:\WINDOWS\system32\drivers\netboostmaster.sys [2911592 2017-05-22] () [File not signed]
R2 Uefochubsrv; C:\WINDOWS\system32\drivers\Uefochubsrv.sys [196640 2017-05-20] ()
2017-05-20 20:56 - 2017-05-23 19:24 - 02793264 _____ C:\WINDOWS\netboostmasterHelp.dll
2017-05-20 20:56 - 2017-05-22 20:46 - 02911592 _____ C:\WINDOWS\system32\Drivers\netboostmaster.sys
2017-05-20 20:56 - 2017-05-20 20:56 - 02941800 _____ C:\WINDOWS\system32\Drivers\F785D4AC4C7B.dat
2017-05-20 20:14 - 2017-05-20 20:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-05-20 20:14 - 2017-05-20 20:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-05-20 20:13 - 2017-05-20 20:13 - 00454440 _____ C:\WINDOWS\SysWOW64\Auhardwaregl.dll
2017-05-20 20:13 - 2017-05-20 20:13 - 00196640 _____ C:\WINDOWS\system32\Drivers\Uefochubsrv.sys
2017-05-20 20:13 - 2017-05-20 20:13 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
2017-05-20 20:13 - 2017-05-20 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\WindowsTM
2017-05-20 20:13 - 2017-05-20 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\极速压缩
2017-05-20 20:13 - 2017-05-20 20:13 - 00000000 ____D C:\Program Files (x86)\Maoha
2017-05-20 20:13 - 2016-12-27 04:34 - 00025432 _____ C:\WINDOWS\system32\Drivers\vcdrom.sys
2017-05-20 20:12 - 2017-05-23 19:32 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\Seznam.cz
2017-05-20 20:12 - 2017-05-20 20:12 - 00002914 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
2017-05-20 20:12 - 2017-05-20 20:12 - 00002620 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
2017-05-20 20:11 - 2017-05-22 20:26 - 00000198 _____ C:\ServiceLog.txt
2017-05-20 20:11 - 2017-05-20 20:11 - 00003278 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_DEFAULT
2017-05-20 20:11 - 2017-05-20 20:11 - 00003104 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_UPDATES
2017-05-20 20:10 - 2017-05-20 21:05 - 00000000 ____D C:\ProgramData\VideoMemoryDiagnostic
2017-05-20 20:10 - 2017-05-20 20:10 - 00016852 _____ C:\WINDOWS\System32\Tasks\Magia Virtual Basic
2017-05-20 20:10 - 2017-05-20 20:10 - 00003044 _____ C:\WINDOWS\System32\Tasks\Pritc
2017-05-20 20:08 - 2017-05-20 20:08 - 00002922 _____ C:\WINDOWS\System32\Tasks\One System CarePeriod
017-05-01 13:05 - 2017-05-01 13:06 - 00003398 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-01 13:05 - 2017-05-01 13:05 - 00003174 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

Task: {08EC59E1-F47E-4DA6-B276-5B1A52D40A3F} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION
Task: {0DBE08A4-CC9B-4BD5-A841-B0A45B60E82B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {16EED193-16B6-4F7E-81B2-31C0BF298ECB} - \RunAtStartup -> No File <==== ATTENTION
Task: {3139C6C8-7E4F-430D-898C-A57959E06DFA} - System32\Tasks\PC Clean Plus_DEFAULT => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== ATTENTION
Task: {35885A9D-2436-47D3-BD35-F3C995EA9D11} - \PC Clean Plus -> No File <==== ATTENTION
Task: {4239784A-6B68-470A-B075-EC6015C9BDB5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5E2F4832-7FDC-437B-9059-3C84EFECFF84} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {604F523B-E513-4D6B-800D-A8B884831FAF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6783B7E7-30D7-41E6-B2FE-29CDCF36D287} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {6E08FB15-319B-47D7-8316-C6EF20CB1897} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7010EB55-528E-40E1-85E2-04FC76672E4E} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: {73C725C5-DF28-48F8-9737-044018CACB8F} - \{7E780F47-0C0B-790D-0E11-7D7D0B0E1178} -> No File <==== ATTENTION
Task: {78534202-D5C2-4BAE-BBDC-B68E1751211B} - \One System Care Monitor -> No File <==== ATTENTION
Task: {816A8347-26CF-4ACA-AE80-592267CD8DFB} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {8DCA7D9D-A543-4BA3-A386-93393B3149C2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {8E1E9C78-3FDD-4C7B-9908-A489CE57DB81} - \One System Care Run Delay -> No File <==== ATTENTION
Task: {9162F1DE-BC70-4E58-B957-1BA4F1FAF091} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-15] (Google Inc.)
Task: {9302B2CE-4447-4226-9740-074C49924D52} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: {99D1E9BF-9E9A-4B34-A5EA-5903904FECD5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9B18C722-700A-4E3B-8D5A-4F91A69E3B99} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9DF76244-F977-4266-83A6-54830F7B7211} - \System Healer Task -> No File <==== ATTENTION
Task: {B3F69D97-CFD1-4BA9-B3B6-95D20B687C44} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B4E15CF8-96CF-437C-9EE2-B000CB899860} - \One System Care Task -> No File <==== ATTENTION
Task: {B7D92F1E-82C1-4397-9867-3B766E737F26} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BCC218A0-3849-43DA-9B7D-E2F00D48BC4C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CA6BA4C1-D720-49F0-8FCD-3B49B48ECCDE} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {DB8AD26C-49BE-4A44-A431-CA8A640702A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-15] (Google Inc.)
Task: {DD251B60-EE13-4DE6-9F8D-C0EFB3E1B76F} - System32\Tasks\PC Clean Plus_UPDATES => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== ATTENTION
Task: {DFB7D4D7-584B-4EA0-B06E-9BA88197D4B9} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {E9494801-53E4-40B5-B581-2E94D561A8E7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F6EA2AE2-C3BB-42CB-BC47-83D1F7378CF5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F7E928CB-4732-4655-8EE2-3250E4400DE5} - System32\Tasks\Pritc => C:\Users\Pavel\AppData\Local\Temp\is-FP2DB.tmp\Setup.exe <==== ATTENTION
Task: {FDF31C18-3216-40A9-9FD8-46DC6AB23B6C} - \WPD\SqmUpload_S-1-5-21-2184864857-1076823462-3011522754-1001 -> No File <==== ATTENTION
Task: {FF0C7AA7-C9E6-4268-B13C-5806A5978674} - System32\Tasks\Magia Virtual Basic => Rundll32.exe "C:\Program Files\Magia Virtual Basic\Magia Virtual Basic.dll",XEkbAWCZwG
2017-05-20 20:10 - 2015-06-01 04:23 - 02699264 _____ () C:\Program Files\Magia Virtual Basic\Magia Virtual Basic.dll
2017-05-20 20:56 - 2017-05-23 19:24 - 02793264 _____ () C:\Windows\netboostmasterHelp.dll
2017-05-20 20:13 - 2017-02-08 13:38 - 00079872 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\12004libfoxloader-x64.dll
2017-05-20 20:13 - 2017-05-04 17:58 - 00454144 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2017-05-20 20:13 - 2017-02-08 13:39 - 00080576 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2017-05-20 20:13 - 2017-02-17 11:31 - 00237080 ____N () c:\program files (x86)\maoha\jisuzip\tipsdll.dll
2017-05-20 20:13 - 2015-05-26 13:37 - 00078504 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\12004libfoxloader.dll
2017-05-20 20:13 - 2015-05-26 13:38 - 00862888 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2017-05-20 20:13 - 2012-10-24 16:42 - 00247352 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\unlockInstance.dll
2017-05-20 20:13 - 2017-02-08 12:39 - 01847040 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\libfoxcub.dll

AlternateDataStreams: C:\Users\Pavel\Documents\CZC.jpeg:#3or4kl4x13tuuug3Byamue2s4b [85]
AlternateDataStreams: C:\Users\Pavel\Documents\CZC.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

end
Nahoru
JUSTpavelF
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 23 kvě 2017 14:40

Re: Pomalý PC, reklamy...Maoha? (Win10)

#7 Příspěvek od JUSTpavelF »

Kvuli tomuto jsem nepodnikl krok, nejsem si 100procent jistý, zda-li by to mělo nějaký následek
YeaDesktop jsem v pruzkumníku nenašel vůbec
Odinstaloval jsem listicku seznam
Zbytek pruzkumnik nasel, ale po kliknuti na odinstalovat ohlásilo chybu, že to neexistuje v PC) ukazalo cestu např. C:Program file (x86)/pc clean plus/unins000.exe a takove cesty a skutecne to tam ani v program files x86 nevidim. stále to však naskakuje, jako by to existovalo. Chystam se aktualizovat javu. Mam to projet nejakym cleanerem? uz jsem skulil nedavno CCleaner a Adwcleaner. mam tedy a nebo nemam vytvořit txt fixlits ted?
V příloze je screenshot
Přílohy
2017-05-25.zip
(386.78 KiB) Staženo 81 x
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15794
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Pomalý PC, reklamy...Maoha? (Win10)

#8 Příspěvek od JaRon »

zaskocim:
ano vytvor fixlist a po akcii pockaj na instrukcie kolegu :)
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
JUSTpavelF
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 23 kvě 2017 14:40

Re: Pomalý PC, reklamy...Maoha? (Win10)

#9 Příspěvek od JUSTpavelF »

ok, posilam fix log:
Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by Pavel (25-05-2017 15:07:45) Run:1
Running from C:\Users\Pavel\Desktop
Loaded Profiles: Pavel (Available Profiles: Pavel)
Boot Mode: Normal
==============================================

fixlist content:
*****************

start
CreateRestorePoint:

CloseProcesses:

Hosts:

EmptyTemp:



C:\Program Files (x86)\Maoha\
C:\Windows\Temp\
HKLM\...\Run: [gplyra] => C:\Users\Pavel\AppData\Roaming\gplyra\gplyra.exe <===== ATTENTION
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [isMiner V 1.9] => "C:\Users\Pavel\AppData\Roaming\isMiner\isMiner.exe" -checkforupdates <===== ATTENTION
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [msiql] => C:\Users\Pavel\AppData\Local\Temp\is-9OMOF.tmp\PopWnd.exe /RUNNING <===== ATTENTION
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [-36evSZXiV.exe] => C:\Program Files\Bandizip\TH9DJ\-36evSZXiV.exe -r1_5 -r2_1
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe /autostart <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [JzShlobj] -> {9A0700D2-920A-4E52-8697-9B5230C92612} => C:\Program Files (x86)\Maoha\JiSuZip\JZipExt.dll -> No File
Startup: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-05-22]
URLSearchHook: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 - (No Name) - {6d010537-9e99-400b-b652-b0d5a5757e5d} - C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\9pSrcAs.dll No File
SearchScopes: HKLM-x32 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm007^YYA^cz&si=CL6X8ovl4cECFbDLtAodRj0AIg&ptb=5477A9B7-1432-44C8-9262-C8076807290D&ind=2014110415&n=780ce2cf&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> {41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BA5^xdm007^YYA^cz&si=CL6X8ovl4cECFbDLtAodRj0AIg&ptb=5477A9B7-1432-44C8-9262-C8076807290D&ind=2014110415&n=780ce2cf&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> {5A73B9ED-3C3D-475D-8A5F-6E8047A8B61C} URL = hxxp://www.search.ask.com/web?tpid=ORJ- ... trgb=IE&q={searchTerms}&psv=&pt=tb
BHO-x32: No Name -> {6a79cdac-f710-4996-842b-fdc33b785a35} -> No File
BHO-x32: No Name -> {d9f16d8b-81b5-4667-af4d-25365bbf7fc9} -> No File
Toolbar: HKLM - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} - No File
Toolbar: HKU\S-1-5-21-2184864857-1076823462-3011522754-1001 -> No Name - {F41A56D2-7B52-4D16-812C-A63C6CA9D4C5} - No File
FF Plugin-x32: @OnlineMapFinder_9p.com/Plugin -> C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\NP9pStub.dll [No File]
CHR Extension: (Seznam Li�ti�ka - Rychl� volba) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2017-05-20]
CHR Extension: (Seznam Li�ti�ka - Slovn�k) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2017-05-20]
CHR Extension: (Seznam Li�ti�ka - Email) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2017-05-20]
R2 Auhardwaregl; C:\Windows\SysWow64\Auhardwaregl.dll [454440 2017-05-20] ()
C:\Windows\SysWow64\Auhardwaregl.dll
R2 JszipService; C:\Program Files (x86)\Maoha\JiSuZip\JszipSvc.exe [130072 2017-02-16] (???????????????)
S2 Recover; C:\Program Files\Windows Media Player\ORYPS6G2SKIT9NTIP5Q\8'N&MA_hUv.exe [X]
R1 JszipProtect; C:\Program Files (x86)\Maoha\JiSuZip\JsZipProtect64.sys [39256 2016-12-27] ()
R1 netboostmaster; C:\WINDOWS\system32\drivers\netboostmaster.sys [2911592 2017-05-22] () [File not signed]
R2 Uefochubsrv; C:\WINDOWS\system32\drivers\Uefochubsrv.sys [196640 2017-05-20] ()
2017-05-20 20:56 - 2017-05-23 19:24 - 02793264 _____ C:\WINDOWS\netboostmasterHelp.dll
2017-05-20 20:56 - 2017-05-22 20:46 - 02911592 _____ C:\WINDOWS\system32\Drivers\netboostmaster.sys
2017-05-20 20:56 - 2017-05-20 20:56 - 02941800 _____ C:\WINDOWS\system32\Drivers\F785D4AC4C7B.dat
2017-05-20 20:14 - 2017-05-20 20:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-05-20 20:14 - 2017-05-20 20:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-05-20 20:13 - 2017-05-20 20:13 - 00454440 _____ C:\WINDOWS\SysWOW64\Auhardwaregl.dll
2017-05-20 20:13 - 2017-05-20 20:13 - 00196640 _____ C:\WINDOWS\system32\Drivers\Uefochubsrv.sys
2017-05-20 20:13 - 2017-05-20 20:13 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
2017-05-20 20:13 - 2017-05-20 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\WindowsTM
2017-05-20 20:13 - 2017-05-20 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????
2017-05-20 20:13 - 2017-05-20 20:13 - 00000000 ____D C:\Program Files (x86)\Maoha
2017-05-20 20:13 - 2016-12-27 04:34 - 00025432 _____ C:\WINDOWS\system32\Drivers\vcdrom.sys
2017-05-20 20:12 - 2017-05-23 19:32 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\Seznam.cz
2017-05-20 20:12 - 2017-05-20 20:12 - 00002914 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
2017-05-20 20:12 - 2017-05-20 20:12 - 00002620 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
2017-05-20 20:11 - 2017-05-22 20:26 - 00000198 _____ C:\ServiceLog.txt
2017-05-20 20:11 - 2017-05-20 20:11 - 00003278 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_DEFAULT
2017-05-20 20:11 - 2017-05-20 20:11 - 00003104 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_UPDATES
2017-05-20 20:10 - 2017-05-20 21:05 - 00000000 ____D C:\ProgramData\VideoMemoryDiagnostic
2017-05-20 20:10 - 2017-05-20 20:10 - 00016852 _____ C:\WINDOWS\System32\Tasks\Magia Virtual Basic
2017-05-20 20:10 - 2017-05-20 20:10 - 00003044 _____ C:\WINDOWS\System32\Tasks\Pritc
2017-05-20 20:08 - 2017-05-20 20:08 - 00002922 _____ C:\WINDOWS\System32\Tasks\One System CarePeriod
017-05-01 13:05 - 2017-05-01 13:06 - 00003398 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-01 13:05 - 2017-05-01 13:05 - 00003174 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

Task: {08EC59E1-F47E-4DA6-B276-5B1A52D40A3F} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION
Task: {0DBE08A4-CC9B-4BD5-A841-B0A45B60E82B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {16EED193-16B6-4F7E-81B2-31C0BF298ECB} - \RunAtStartup -> No File <==== ATTENTION
Task: {3139C6C8-7E4F-430D-898C-A57959E06DFA} - System32\Tasks\PC Clean Plus_DEFAULT => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== ATTENTION
Task: {35885A9D-2436-47D3-BD35-F3C995EA9D11} - \PC Clean Plus -> No File <==== ATTENTION
Task: {4239784A-6B68-470A-B075-EC6015C9BDB5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5E2F4832-7FDC-437B-9059-3C84EFECFF84} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {604F523B-E513-4D6B-800D-A8B884831FAF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6783B7E7-30D7-41E6-B2FE-29CDCF36D287} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {6E08FB15-319B-47D7-8316-C6EF20CB1897} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7010EB55-528E-40E1-85E2-04FC76672E4E} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: {73C725C5-DF28-48F8-9737-044018CACB8F} - \{7E780F47-0C0B-790D-0E11-7D7D0B0E1178} -> No File <==== ATTENTION
Task: {78534202-D5C2-4BAE-BBDC-B68E1751211B} - \One System Care Monitor -> No File <==== ATTENTION
Task: {816A8347-26CF-4ACA-AE80-592267CD8DFB} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {8DCA7D9D-A543-4BA3-A386-93393B3149C2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {8E1E9C78-3FDD-4C7B-9908-A489CE57DB81} - \One System Care Run Delay -> No File <==== ATTENTION
Task: {9162F1DE-BC70-4E58-B957-1BA4F1FAF091} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-15] (Google Inc.)
Task: {9302B2CE-4447-4226-9740-074C49924D52} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: {99D1E9BF-9E9A-4B34-A5EA-5903904FECD5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9B18C722-700A-4E3B-8D5A-4F91A69E3B99} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9DF76244-F977-4266-83A6-54830F7B7211} - \System Healer Task -> No File <==== ATTENTION
Task: {B3F69D97-CFD1-4BA9-B3B6-95D20B687C44} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B4E15CF8-96CF-437C-9EE2-B000CB899860} - \One System Care Task -> No File <==== ATTENTION
Task: {B7D92F1E-82C1-4397-9867-3B766E737F26} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BCC218A0-3849-43DA-9B7D-E2F00D48BC4C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CA6BA4C1-D720-49F0-8FCD-3B49B48ECCDE} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {DB8AD26C-49BE-4A44-A431-CA8A640702A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-15] (Google Inc.)
Task: {DD251B60-EE13-4DE6-9F8D-C0EFB3E1B76F} - System32\Tasks\PC Clean Plus_UPDATES => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== ATTENTION
Task: {DFB7D4D7-584B-4EA0-B06E-9BA88197D4B9} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {E9494801-53E4-40B5-B581-2E94D561A8E7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F6EA2AE2-C3BB-42CB-BC47-83D1F7378CF5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F7E928CB-4732-4655-8EE2-3250E4400DE5} - System32\Tasks\Pritc => C:\Users\Pavel\AppData\Local\Temp\is-FP2DB.tmp\Setup.exe <==== ATTENTION
Task: {FDF31C18-3216-40A9-9FD8-46DC6AB23B6C} - \WPD\SqmUpload_S-1-5-21-2184864857-1076823462-3011522754-1001 -> No File <==== ATTENTION
Task: {FF0C7AA7-C9E6-4268-B13C-5806A5978674} - System32\Tasks\Magia Virtual Basic => Rundll32.exe "C:\Program Files\Magia Virtual Basic\Magia Virtual Basic.dll",XEkbAWCZwG
2017-05-20 20:10 - 2015-06-01 04:23 - 02699264 _____ () C:\Program Files\Magia Virtual Basic\Magia Virtual Basic.dll
2017-05-20 20:56 - 2017-05-23 19:24 - 02793264 _____ () C:\Windows\netboostmasterHelp.dll
2017-05-20 20:13 - 2017-02-08 13:38 - 00079872 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\12004libfoxloader-x64.dll
2017-05-20 20:13 - 2017-05-04 17:58 - 00454144 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2017-05-20 20:13 - 2017-02-08 13:39 - 00080576 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2017-05-20 20:13 - 2017-02-17 11:31 - 00237080 ____N () c:\program files (x86)\maoha\jisuzip\tipsdll.dll
2017-05-20 20:13 - 2015-05-26 13:37 - 00078504 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\12004libfoxloader.dll
2017-05-20 20:13 - 2015-05-26 13:38 - 00862888 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2017-05-20 20:13 - 2012-10-24 16:42 - 00247352 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\unlockInstance.dll
2017-05-20 20:13 - 2017-02-08 12:39 - 01847040 _____ () C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\libfoxcub.dll

AlternateDataStreams: C:\Users\Pavel\Documents\CZC.jpeg:#3or4kl4x13tuuug3Byamue2s4b [85]
AlternateDataStreams: C:\Users\Pavel\Documents\CZC.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

end



*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
C:\Program Files (x86)\Maoha => moved successfully

"C:\Windows\Temp" folder move:

Could not move "C:\Windows\Temp" => Scheduled to move on reboot.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gplyra => value removed successfully
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\Software\Microsoft\Windows\CurrentVersion\Run\\isMiner V 1.9 => value removed successfully
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\Software\Microsoft\Windows\CurrentVersion\Run\\msiql => value removed successfully
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\Software\Microsoft\Windows\CurrentVersion\Run\\-36evSZXiV.exe => value removed successfully
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YeaDesktop => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\JzShlobj => key removed successfully
HKCR\CLSID\{9A0700D2-920A-4E52-8697-9B5230C92612} => key not found.
C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk => moved successfully
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6d010537-9e99-400b-b652-b0d5a5757e5d} => value removed successfully
HKCR\Wow6432Node\CLSID\{6d010537-9e99-400b-b652-b0d5a5757e5d} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} => key removed successfully
HKCR\Wow6432Node\CLSID\{41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} => key not found.
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} => key removed successfully
HKCR\CLSID\{41226cbe-8f41-4df3-8d72-1cfbcffcfd0b} => key not found.
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5A73B9ED-3C3D-475D-8A5F-6E8047A8B61C} => key removed successfully
HKCR\CLSID\{5A73B9ED-3C3D-475D-8A5F-6E8047A8B61C} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a79cdac-f710-4996-842b-fdc33b785a35} => key removed successfully
HKCR\Wow6432Node\CLSID\{6a79cdac-f710-4996-842b-fdc33b785a35} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9f16d8b-81b5-4667-af4d-25365bbf7fc9} => key removed successfully
HKCR\Wow6432Node\CLSID\{d9f16d8b-81b5-4667-af4d-25365bbf7fc9} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value removed successfully
HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value removed successfully
HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} => value removed successfully
HKCR\Wow6432Node\CLSID\{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} => key not found.
HKU\S-1-5-21-2184864857-1076823462-3011522754-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F41A56D2-7B52-4D16-812C-A63C6CA9D4C5} => value removed successfully
HKCR\CLSID\{F41A56D2-7B52-4D16-812C-A63C6CA9D4C5} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@OnlineMapFinder_9p.com/Plugin => key removed successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak => moved successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd => moved successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig => moved successfully
Auhardwaregl => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Auhardwaregl => key removed successfully
Auhardwaregl => service removed successfully
Could not move "C:\Windows\SysWow64\Auhardwaregl.dll" => Scheduled to move on reboot.
HKLM\System\CurrentControlSet\Services\JszipService => key removed successfully
JszipService => service removed successfully
HKLM\System\CurrentControlSet\Services\Recover => key removed successfully
Recover => service removed successfully
JszipProtect => Unable to stop service.
HKLM\System\CurrentControlSet\Services\JszipProtect => key removed successfully
JszipProtect => service removed successfully
netboostmaster => Unable to stop service.
HKLM\System\CurrentControlSet\Services\netboostmaster => key removed successfully
netboostmaster => service removed successfully
Uefochubsrv => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Uefochubsrv => key could not remove, key could be protected
C:\WINDOWS\netboostmasterHelp.dll => moved successfully
C:\WINDOWS\system32\Drivers\netboostmaster.sys => moved successfully
C:\WINDOWS\system32\Drivers\F785D4AC4C7B.dat => moved successfully
C:\Users\Default\AppData\Local\Google => moved successfully
"C:\Users\Default User\AppData\Local\Google" => not found.
Could not move "C:\WINDOWS\SysWOW64\Auhardwaregl.dll" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\Uefochubsrv.sys" => Scheduled to move on reboot.
C:\Users\Public\Documents\XMUpdate => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\WindowsTM => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????" => not found.
"C:\Program Files (x86)\Maoha" => not found.
C:\WINDOWS\system32\Drivers\vcdrom.sys => moved successfully
C:\Users\Pavel\AppData\Roaming\Seznam.cz => moved successfully
C:\WINDOWS\System32\Tasks\System HealerPeriod => moved successfully
C:\WINDOWS\System32\Tasks\System HealerStartUp => moved successfully
C:\ServiceLog.txt => moved successfully
C:\WINDOWS\System32\Tasks\PC Clean Plus_DEFAULT => moved successfully
C:\WINDOWS\System32\Tasks\PC Clean Plus_UPDATES => moved successfully
C:\ProgramData\VideoMemoryDiagnostic => moved successfully
C:\WINDOWS\System32\Tasks\Magia Virtual Basic => moved successfully
C:\WINDOWS\System32\Tasks\Pritc => moved successfully
C:\WINDOWS\System32\Tasks\One System CarePeriod => moved successfully
017-05-01 13:05 - 2017-05-01 13:06 - 00003398 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => Error: No automatic fix found for this entry.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08EC59E1-F47E-4DA6-B276-5B1A52D40A3F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08EC59E1-F47E-4DA6-B276-5B1A52D40A3F} => key removed successfully
C:\WINDOWS\System32\Tasks\One System CarePeriod => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DBE08A4-CC9B-4BD5-A841-B0A45B60E82B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DBE08A4-CC9B-4BD5-A841-B0A45B60E82B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{16EED193-16B6-4F7E-81B2-31C0BF298ECB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16EED193-16B6-4F7E-81B2-31C0BF298ECB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAtStartup => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3139C6C8-7E4F-430D-898C-A57959E06DFA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3139C6C8-7E4F-430D-898C-A57959E06DFA} => key removed successfully
C:\WINDOWS\System32\Tasks\PC Clean Plus_DEFAULT => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Clean Plus_DEFAULT => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35885A9D-2436-47D3-BD35-F3C995EA9D11} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35885A9D-2436-47D3-BD35-F3C995EA9D11} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Clean Plus => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4239784A-6B68-470A-B075-EC6015C9BDB5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4239784A-6B68-470A-B075-EC6015C9BDB5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E2F4832-7FDC-437B-9059-3C84EFECFF84} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E2F4832-7FDC-437B-9059-3C84EFECFF84} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{604F523B-E513-4D6B-800D-A8B884831FAF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{604F523B-E513-4D6B-800D-A8B884831FAF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6783B7E7-30D7-41E6-B2FE-29CDCF36D287} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6783B7E7-30D7-41E6-B2FE-29CDCF36D287} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E08FB15-319B-47D7-8316-C6EF20CB1897} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E08FB15-319B-47D7-8316-C6EF20CB1897} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7010EB55-528E-40E1-85E2-04FC76672E4E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7010EB55-528E-40E1-85E2-04FC76672E4E} => key removed successfully
C:\WINDOWS\System32\Tasks\System HealerStartUp => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerStartUp => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73C725C5-DF28-48F8-9737-044018CACB8F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73C725C5-DF28-48F8-9737-044018CACB8F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E780F47-0C0B-790D-0E11-7D7D0B0E1178} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{78534202-D5C2-4BAE-BBDC-B68E1751211B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78534202-D5C2-4BAE-BBDC-B68E1751211B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{816A8347-26CF-4ACA-AE80-592267CD8DFB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{816A8347-26CF-4ACA-AE80-592267CD8DFB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DCA7D9D-A543-4BA3-A386-93393B3149C2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DCA7D9D-A543-4BA3-A386-93393B3149C2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E1E9C78-3FDD-4C7B-9908-A489CE57DB81} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E1E9C78-3FDD-4C7B-9908-A489CE57DB81} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Run Delay => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9162F1DE-BC70-4E58-B957-1BA4F1FAF091} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9162F1DE-BC70-4E58-B957-1BA4F1FAF091} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9302B2CE-4447-4226-9740-074C49924D52} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9302B2CE-4447-4226-9740-074C49924D52} => key removed successfully
C:\WINDOWS\System32\Tasks\System HealerPeriod => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerPeriod => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99D1E9BF-9E9A-4B34-A5EA-5903904FECD5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99D1E9BF-9E9A-4B34-A5EA-5903904FECD5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B18C722-700A-4E3B-8D5A-4F91A69E3B99} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B18C722-700A-4E3B-8D5A-4F91A69E3B99} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DF76244-F977-4266-83A6-54830F7B7211} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DF76244-F977-4266-83A6-54830F7B7211} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3F69D97-CFD1-4BA9-B3B6-95D20B687C44} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3F69D97-CFD1-4BA9-B3B6-95D20B687C44} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4E15CF8-96CF-437C-9EE2-B000CB899860} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4E15CF8-96CF-437C-9EE2-B000CB899860} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B7D92F1E-82C1-4397-9867-3B766E737F26} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7D92F1E-82C1-4397-9867-3B766E737F26} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BCC218A0-3849-43DA-9B7D-E2F00D48BC4C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCC218A0-3849-43DA-9B7D-E2F00D48BC4C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA6BA4C1-D720-49F0-8FCD-3B49B48ECCDE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA6BA4C1-D720-49F0-8FCD-3B49B48ECCDE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB8AD26C-49BE-4A44-A431-CA8A640702A6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB8AD26C-49BE-4A44-A431-CA8A640702A6} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD251B60-EE13-4DE6-9F8D-C0EFB3E1B76F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD251B60-EE13-4DE6-9F8D-C0EFB3E1B76F} => key removed successfully
C:\WINDOWS\System32\Tasks\PC Clean Plus_UPDATES => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Clean Plus_UPDATES => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFB7D4D7-584B-4EA0-B06E-9BA88197D4B9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFB7D4D7-584B-4EA0-B06E-9BA88197D4B9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Run Delay => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9494801-53E4-40B5-B581-2E94D561A8E7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9494801-53E4-40B5-B581-2E94D561A8E7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6EA2AE2-C3BB-42CB-BC47-83D1F7378CF5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6EA2AE2-C3BB-42CB-BC47-83D1F7378CF5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7E928CB-4732-4655-8EE2-3250E4400DE5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7E928CB-4732-4655-8EE2-3250E4400DE5} => key removed successfully
C:\WINDOWS\System32\Tasks\Pritc => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pritc => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDF31C18-3216-40A9-9FD8-46DC6AB23B6C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDF31C18-3216-40A9-9FD8-46DC6AB23B6C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2184864857-1076823462-3011522754-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{FF0C7AA7-C9E6-4268-B13C-5806A5978674} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF0C7AA7-C9E6-4268-B13C-5806A5978674} => key removed successfully
C:\WINDOWS\System32\Tasks\Magia Virtual Basic => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Magia Virtual Basic => key removed successfully
C:\Program Files\Magia Virtual Basic\Magia Virtual Basic.dll => moved successfully
"C:\Windows\netboostmasterHelp.dll" => not found.
"C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\12004libfoxloader-x64.dll" => not found.
"C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\szndesktop.exe" => not found.
"C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe" => not found.
"c:\program files (x86)\maoha\jisuzip\tipsdll.dll" => not found.
"C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\12004libfoxloader.dll" => not found.
"C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\lightspeed.dll" => not found.
"C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\unlockInstance.dll" => not found.
"C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\libfoxcub.dll" => not found.
C:\Users\Pavel\Documents\CZC.jpeg => ":#3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Pavel\Documents\CZC.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12960059 B
Java, Flash, Steam htmlcache => 610874067 B
Windows/system/drivers => 27881428 B
Edge => 127447765 B
Chrome => 59617669 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7048 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 6032 B
NetworkService => 21300496 B
Pavel => 122183242 B

RecycleBin => 9438925 B
EmptyTemp: => 953.5 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-05-2017 15:11:54)

C:\Windows\Temp => moved successfully
"C:\Windows\SysWow64\Auhardwaregl.dll" => Could not move
"C:\WINDOWS\SysWOW64\Auhardwaregl.dll" => Could not move
"C:\WINDOWS\system32\Drivers\Uefochubsrv.sys" => Could not move

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\Uefochubsrv => key could not remove, key could be protected

==== End of Fixlog 15:11:58 ====
Nahoru
Kodlz
Přítel fóra
Přítel fóra
Příspěvky: 780
Registrován: 30 kvě 2008 12:11

Re: Pomalý PC, reklamy...Maoha? (Win10)

#10 Příspěvek od Kodlz »

:arrow: Stáhni AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Ulož na plochu
Ukonči všechny programy
Klikni nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vlož.


potom

:arrow: nasledne tento tool MBAM: http://forum.viry.cz/viewtopic.php?f=29&t=144868
-Nainstaluj,dej úplný sken

-Log zkopíruj sem.
Nahoru
JUSTpavelF
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 23 kvě 2017 14:40

Re: Pomalý PC, reklamy...Maoha? (Win10)

#11 Příspěvek od JUSTpavelF »

Adwcleaner nejde nainstalovat- nejaky vadny podpis a nelze spustit
MBAM uz mam. Musim stahovat? mozna mam trochu starsi verzi 2.1.4.1018 z roku 2015.
Takze: jak stahnout to adw?
Nahoru
Kodlz
Přítel fóra
Přítel fóra
Příspěvky: 780
Registrován: 30 kvě 2008 12:11

Re: Pomalý PC, reklamy...Maoha? (Win10)

#12 Příspěvek od Kodlz »

adw ti nejde stahnout nebo nainstalovat? pokud nejde nainstalovat, zkus jestli ti nepujde nainstalovat z nouzoveho rezimu.
poprosim te stahnout posledni verzi MBAM
Nahoru
Kodlz
Přítel fóra
Přítel fóra
Příspěvky: 780
Registrován: 30 kvě 2008 12:11

Re: Pomalý PC, reklamy...Maoha? (Win10)

#13 Příspěvek od Kodlz »

:closed:
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“