Pomalý a zahřátý ntb

[lara]

Prosím o pomoc, opět se mi velmi zpomalil ntb a dost se zahřívá. Taky velmi dlouho trvají instalace programů.

[Rudy]

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[lara]

Bohužel nemohu nic spustit a nainstalovat, háže mi to "rozšířené atributy nejsou konzistentní"

[Rudy]

Zkuste v nouzovém režim. Bez kontroly systému a zjištění, co v něm běží, neuděláme nic.

[lara]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Ran by Liba (administrator) on LIBA-PC (26-06-2017 18:11:22)
Running from C:\Users\Liba\Downloads
Loaded Profiles: Liba (Available Profiles: Liba)
Platform: Windows 10 Pro Version 1607 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2176296 2010-06-10] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1626112 2012-07-25] (Intel® Corporation)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4367808 2009-12-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [HP LaserJet Professional M1530 MFP Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2014-04-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-884147705-2334425009-4275635490-1000\...\Run: [Google Update] => C:\Users\Liba\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-01] (Google Inc.)
HKU\S-1-5-21-884147705-2334425009-4275635490-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-884147705-2334425009-4275635490-1000\...\MountPoints2: {5af1a6e0-42e7-11e7-a943-1c75086490fa} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-884147705-2334425009-4275635490-1000\...\MountPoints2: {a4b12be5-2385-11e7-a93f-1c75086490fa} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-884147705-2334425009-4275635490-1000\...\MountPoints2: {d0bbe42d-0ef2-11e7-a93b-1c75086490fa} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-884147705-2334425009-4275635490-1000\...\MountPoints2: {d0bbe540-0ef2-11e7-a93b-1c75086490fa} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-884147705-2334425009-4275635490-1000\...\MountPoints2: {f647f532-300c-11e7-a941-1c75086490fa} - "G:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
Startup: C:\Users\Liba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wandoujia_helper.lnk [2016-10-20]
ShortcutTarget: wandoujia_helper.lnk -> C:\Program Files (x86)\WandouLabs\wandoujia_helper.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{b14de923-85b8-4bc7-94f6-d062decb5feb}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{c04ab265-21db-400f-9317-41525b47ffbc}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-06-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-06-18] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-31] (Oracle Corporation)
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-31] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-18] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-18] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-06-18] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2017-01-03] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-18] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-03] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-884147705-2334425009-4275635490-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Liba\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-884147705-2334425009-4275635490-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Liba\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-884147705-2334425009-4275635490-1000: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-884147705-2334425009-4275635490-1000: google.com/WidevineMediaOptimizer -> C:\Users\Liba\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll [2014-06-09] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-22] (Microsoft Corporation)

Chrome:
=======
CHR NewTab: Default -> Active:"chrome-extension://llaficoajjainaijghjlofdfmbjpebpa/newtab.html"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default [2017-06-26]
CHR Extension: (Prezentace Google) - C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-26]
CHR Extension: (Dokumenty Google) - C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-26]
CHR Extension: (Disk Google) - C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-26]
CHR Extension: (YouTube) - C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-26]
CHR Extension: (Tabulky Google) - C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-26]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2017-05-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
S2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [514048 2012-07-18] (Red Bend Ltd.) [File not signed]
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-12-03] (ESET)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
S2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] () [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2013-11-21] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [979456 2012-07-18] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [262792 2016-12-03] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-08-29] (ESET)
S1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [197248 2016-12-03] (ESET)
S2 epfwwfpr; C:\WINDOWS\System32\DRIVERS\epfwwfpr.sys [181384 2016-12-03] (ESET)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2017-04-11] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U4 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-26 18:11 - 2017-06-26 18:12 - 00015412 _____ C:\Users\Liba\Downloads\FRST.txt
2017-06-26 18:05 - 2017-06-26 18:05 - 02441216 _____ (Farbar) C:\Users\Liba\Downloads\FRST64 (2).exe
2017-06-26 17:38 - 2017-06-26 17:38 - 02441216 _____ (Farbar) C:\Users\Liba\Downloads\FRST64 (1).exe
2017-06-26 17:37 - 2017-06-26 17:38 - 02441216 _____ (Farbar) C:\Users\Liba\Downloads\FRST64.exe
2017-06-26 12:28 - 2017-06-26 12:30 - 00000000 ____D C:\Users\Liba\Desktop\Seco _ laser
2017-06-26 12:09 - 2017-06-26 14:15 - 07075640 _____ (Tim Kosse) C:\Users\Liba\Downloads\FileZilla_3.26.2_win64-setup.exe
2017-06-26 12:09 - 2017-06-26 12:09 - 07070840 _____ (Tim Kosse) C:\Users\Liba\Downloads\FileZilla_3.26.1_win64-setup.exe
2017-06-26 09:16 - 2017-06-26 09:16 - 00448512 _____ (OldTimer Tools) C:\Users\Liba\Downloads\TFC.exe
2017-06-26 09:09 - 2017-06-26 09:09 - 00050688 _____ (Atribune.org) C:\Users\Liba\Downloads\ATF-Cleaner.exe
2017-06-23 14:10 - 2017-06-23 14:10 - 00558327 _____ C:\Users\Liba\Downloads\FLB-FR1_e.pdf
2017-06-23 12:28 - 2017-06-23 12:28 - 00015327 _____ C:\Users\Liba\Desktop\LM.bat
2017-06-23 11:28 - 2017-06-23 11:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\Liba\Downloads\HijackThis.exe
2017-06-23 11:28 - 2017-06-23 11:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\Liba\Desktop\HijackThis.exe
2017-06-23 10:34 - 2017-06-23 10:49 - 00000000 ____D C:\Users\Liba\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]
2017-06-22 15:49 - 2017-06-22 15:49 - 00047160 _____ C:\Users\Liba\Downloads\0c5b2ab8-f368-473e-b77f-965f8aba8f72.pdf
2017-06-22 09:52 - 2017-06-22 09:52 - 02387422 _____ C:\Users\Liba\Downloads\Manualkzakladnimsystemum_CZ.pdf
2017-06-20 19:56 - 2017-06-20 20:02 - 1793675264 _____ C:\Users\Liba\Downloads\Světová válka Z World War Z (2013) CZdub.avi
2017-06-18 20:26 - 2017-06-18 20:26 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-06-15 08:18 - 2017-06-15 08:18 - 96591273 _____ C:\Users\Liba\Desktop\VID_20170614_210935.mp4
2017-06-14 16:06 - 2017-06-14 16:06 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-14 13:31 - 2017-06-14 14:00 - 00307200 _____ C:\Users\Liba\Desktop\ztracené 1_pol_2017.xls
2017-06-14 09:01 - 2017-06-03 11:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 09:01 - 2017-06-03 11:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 09:01 - 2017-06-03 11:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 09:00 - 2017-06-03 12:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 09:00 - 2017-06-03 12:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 09:00 - 2017-06-03 12:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 09:00 - 2017-06-03 12:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 09:00 - 2017-06-03 11:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 09:00 - 2017-06-03 11:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 09:00 - 2017-06-03 11:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 09:00 - 2017-06-03 11:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 09:00 - 2017-06-03 11:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 09:00 - 2017-06-03 11:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 09:00 - 2017-06-03 11:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 09:00 - 2017-06-03 11:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 09:00 - 2017-06-03 11:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 09:00 - 2017-06-03 11:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 09:00 - 2017-06-03 11:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 09:00 - 2017-06-03 11:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 09:00 - 2017-06-03 11:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 09:00 - 2017-06-03 11:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 09:00 - 2017-06-03 11:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 09:00 - 2017-06-03 11:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 09:00 - 2017-06-03 11:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 09:00 - 2017-06-03 11:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 09:00 - 2017-06-03 11:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 09:00 - 2017-06-03 11:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 09:00 - 2017-06-03 11:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 09:00 - 2017-06-03 11:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 09:00 - 2017-06-03 11:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 09:00 - 2017-06-03 11:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 09:00 - 2017-06-03 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 09:00 - 2017-06-03 11:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 09:00 - 2017-06-03 11:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 09:00 - 2017-06-03 11:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 09:00 - 2017-06-03 11:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 09:00 - 2017-06-03 11:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 09:00 - 2017-06-03 11:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 09:00 - 2017-06-03 11:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 09:00 - 2017-06-03 11:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 09:00 - 2017-06-03 11:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 09:00 - 2017-06-03 11:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 09:00 - 2017-06-03 11:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 09:00 - 2017-06-03 10:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 09:00 - 2017-03-04 08:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 09:00 - 2017-03-04 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 09:00 - 2017-03-04 08:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 09:00 - 2016-09-07 06:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-14 08:51 - 2017-06-03 11:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 08:51 - 2017-06-03 10:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 08:51 - 2017-06-03 10:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 08:51 - 2017-06-03 10:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 08:50 - 2017-06-03 12:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 08:50 - 2017-06-03 11:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 08:50 - 2017-06-03 11:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 08:50 - 2017-06-03 11:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 08:50 - 2017-06-03 11:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 08:50 - 2017-06-03 11:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 08:50 - 2017-06-03 11:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 08:50 - 2017-06-03 11:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 08:50 - 2017-06-03 11:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 08:50 - 2017-06-03 11:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 08:50 - 2017-06-03 11:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 08:50 - 2017-06-03 11:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 08:50 - 2017-06-03 11:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 08:50 - 2017-06-03 11:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 08:50 - 2017-06-03 11:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 08:50 - 2017-06-03 11:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 08:50 - 2017-06-03 11:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 08:50 - 2017-06-03 11:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 08:50 - 2017-06-03 10:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 08:50 - 2017-06-03 10:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 08:50 - 2017-06-03 10:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 08:50 - 2017-06-03 10:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 08:50 - 2017-06-03 10:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 08:50 - 2017-06-03 10:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 08:50 - 2017-06-03 10:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 08:50 - 2017-06-03 10:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 08:50 - 2017-06-03 10:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 08:49 - 2017-06-03 12:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 08:49 - 2017-06-03 12:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 08:49 - 2017-06-03 12:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 08:49 - 2017-06-03 12:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 08:49 - 2017-06-03 11:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 08:49 - 2017-06-03 11:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 08:49 - 2017-06-03 11:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 08:49 - 2017-06-03 11:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 08:49 - 2017-06-03 11:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 08:49 - 2017-06-03 11:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 08:49 - 2017-06-03 11:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 08:49 - 2017-06-03 11:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 08:49 - 2017-06-03 11:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 08:49 - 2017-06-03 11:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 08:49 - 2017-06-03 11:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 08:49 - 2017-06-03 11:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 08:49 - 2017-06-03 11:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 08:49 - 2017-06-03 11:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 08:49 - 2017-06-03 11:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 08:49 - 2017-06-03 11:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 08:49 - 2017-06-03 11:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 08:49 - 2017-06-03 11:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 08:49 - 2017-06-03 10:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 08:49 - 2017-06-03 10:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 08:49 - 2017-06-03 10:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 08:49 - 2017-06-03 10:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 08:49 - 2017-06-03 10:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 08:49 - 2017-06-03 10:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 08:49 - 2017-06-03 10:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 08:49 - 2017-06-03 10:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 08:49 - 2017-06-03 08:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-14 08:49 - 2017-05-25 07:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 08:49 - 2017-03-04 08:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-14 08:48 - 2017-06-03 12:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 08:48 - 2017-06-03 12:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 08:48 - 2017-06-03 12:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 08:48 - 2017-06-03 12:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 08:48 - 2017-06-03 12:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 08:48 - 2017-06-03 12:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 08:48 - 2017-06-03 12:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 08:48 - 2017-06-03 12:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 08:48 - 2017-06-03 12:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 08:48 - 2017-06-03 12:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 08:48 - 2017-06-03 12:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 08:48 - 2017-06-03 11:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 08:48 - 2017-06-03 11:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 08:48 - 2017-06-03 11:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 08:48 - 2017-06-03 11:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 08:48 - 2017-06-03 11:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 08:48 - 2017-06-03 11:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 08:48 - 2017-06-03 11:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 08:48 - 2017-06-03 11:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 08:48 - 2017-06-03 11:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 08:48 - 2017-06-03 11:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 08:48 - 2017-06-03 10:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 08:48 - 2017-06-03 10:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 08:48 - 2017-06-03 10:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 08:48 - 2017-06-03 10:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 08:47 - 2017-06-03 12:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 08:47 - 2017-06-03 11:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 08:47 - 2017-06-03 11:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 08:47 - 2017-06-03 11:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 08:47 - 2017-06-03 10:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 07:02 - 2017-06-14 07:02 - 00000000 ____D C:\Users\Liba\Downloads\Fast MP3 Cutter Joiner 3.2 Build 1628 CiN1
2017-06-07 20:27 - 2017-06-07 20:27 - 00000000 ____D C:\Users\Liba\Downloads\ll
2017-06-03 21:24 - 2017-06-03 22:45 - 00000000 ____D C:\Users\Liba\Downloads\Fargo.Season.1.720p.BluRay.x264.ShAaNiG
2017-06-03 21:22 - 2017-06-03 21:22 - 00000000 ____D C:\Users\Liba\Downloads\King Arthur Legend of the Sword 2017 HDCAM x264-P2P
2017-05-29 14:28 - 2017-05-29 14:28 - 00030973 _____ C:\Users\Liba\Downloads\Kontakty_ŹF_HK (2).xlsx
2017-05-28 22:41 - 2017-05-28 22:43 - 00000000 ____D C:\Users\Liba\AppData\Local\WMTools Downloaded Files
2017-05-28 22:38 - 2017-05-28 22:38 - 00003584 _____ C:\Users\Liba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-28 22:28 - 2017-05-28 22:28 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
2017-05-28 22:28 - 2017-05-28 22:28 - 00000000 ____D C:\Program Files (x86)\Movie Maker 2.6

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-26 18:11 - 2016-08-14 18:52 - 00000000 ____D C:\FRST
2017-06-26 18:10 - 2016-08-18 20:50 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-26 18:09 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-26 18:08 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-26 18:07 - 2016-09-22 05:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-26 17:58 - 2015-11-28 16:22 - 00000000 ____D C:\Users\Liba\AppData\Roaming\uTorrent
2017-06-26 17:09 - 2015-11-28 16:40 - 00000000 ____D C:\Users\Liba\AppData\Local\Adobe
2017-06-26 16:28 - 2016-07-21 05:09 - 00000000 ____D C:\Users\Liba\AppData\Local\Packages
2017-06-26 16:06 - 2016-09-22 04:34 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-26 14:16 - 2015-11-27 16:14 - 00000000 ____D C:\Users\Liba\AppData\Roaming\FileZilla
2017-06-26 14:05 - 2016-12-12 14:59 - 00004192 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5A5134D7-7C90-4D41-953D-1B4CEC771636}
2017-06-26 12:22 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-06-26 11:24 - 2016-09-22 05:01 - 00005194 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Liba-PC-Liba Liba-PC
2017-06-26 11:17 - 2015-11-26 23:19 - 00002304 ____H C:\Users\Liba\Documents\Default.rdp
2017-06-26 11:12 - 2017-04-13 16:23 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-26 11:12 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ModemLogs
2017-06-26 11:12 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-26 11:12 - 2016-02-15 12:21 - 00000000 ____D C:\Users\Liba\AppData\Local\CrashDumps
2017-06-26 10:09 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\registration
2017-06-26 09:03 - 2015-08-04 13:04 - 00000000 ____D C:\Users\Liba\Desktop\čištění
2017-06-26 08:44 - 2017-05-03 12:25 - 00117760 ___SH C:\Users\Liba\Downloads\Thumbs.db
2017-06-26 07:52 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-23 13:18 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-23 10:38 - 2015-11-28 16:34 - 00000000 ____D C:\Install
2017-06-20 15:50 - 2015-12-07 09:57 - 00000000 ____D C:\Program Files\Microsoft Office
2017-06-18 21:12 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-18 20:27 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-18 20:26 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-16 22:30 - 2016-09-22 04:43 - 00000000 ____D C:\Users\Liba
2017-06-16 14:20 - 2017-04-28 15:45 - 00000000 ____D C:\Users\Liba\Desktop\NMS
2017-06-15 08:53 - 2016-09-22 14:17 - 00999168 _____ C:\WINDOWS\system32\perfh005.dat
2017-06-15 08:53 - 2016-09-22 14:17 - 00254886 _____ C:\WINDOWS\system32\perfc005.dat
2017-06-15 08:53 - 2016-07-20 23:30 - 02576158 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-15 08:11 - 2016-04-27 08:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-14 16:08 - 2016-09-22 04:34 - 00345528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-14 16:06 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-14 16:06 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 16:06 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 15:33 - 2011-07-20 10:34 - 00000000 ____D C:\Users\Liba\Documents\Líba
2017-06-14 09:45 - 2016-07-24 21:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 09:39 - 2016-07-24 21:17 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 09:39 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 07:22 - 2016-10-17 22:43 - 00000000 ____D C:\ProgramData\KMSAutoS
2017-06-12 10:01 - 2016-01-18 11:52 - 00000000 ____D C:\Users\Liba\Desktop\movie
2017-06-12 09:19 - 2015-08-04 13:07 - 00000000 ____D C:\Users\Liba\Desktop\fotky
2017-06-12 09:07 - 2016-10-20 14:10 - 00000000 ____D C:\Users\Liba\AppData\Roaming\Wandoujia2
2017-06-11 12:47 - 2016-01-07 11:56 - 00000000 ____D C:\Users\Liba\Desktop\sukně a střihy
2017-06-09 10:08 - 2017-05-17 13:06 - 00051712 ___SH C:\Users\Liba\Desktop\Thumbs.db
2017-06-03 08:36 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 08:36 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-02 11:10 - 2015-01-19 12:44 - 00000000 ___RD C:\Users\Liba\Desktop\AJP TECH
2017-05-29 20:21 - 2017-05-12 09:46 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2017-05-29 20:21 - 2015-12-16 15:46 - 00000000 ____D C:\Users\Liba\AppData\Roaming\Seznam.cz

==================== Files in the root of some directories =======

2015-12-14 15:33 - 2015-06-30 13:58 - 0462848 _____ () C:\Program Files (x86)\1038.mst
2015-12-14 15:33 - 2015-06-30 13:58 - 0331776 _____ () C:\Program Files (x86)\1040.mst
2015-12-14 15:33 - 2015-06-30 13:58 - 2068480 _____ () C:\Program Files (x86)\1042.mst
2015-12-14 15:33 - 2015-06-30 13:58 - 0319488 _____ () C:\Program Files (x86)\1043.mst
2015-12-14 15:33 - 2015-06-30 13:58 - 0323584 _____ () C:\Program Files (x86)\1045.mst
2015-12-14 15:33 - 2015-06-30 13:58 - 0364544 _____ () C:\Program Files (x86)\1046.mst
2015-12-14 15:33 - 2015-06-30 13:58 - 0581632 _____ () C:\Program Files (x86)\1049.mst
2015-12-14 15:33 - 2015-06-30 13:58 - 0319488 _____ () C:\Program Files (x86)\1055.mst
2015-12-14 15:33 - 2015-06-30 13:58 - 0856064 _____ () C:\Program Files (x86)\2052.mst
2015-12-14 15:33 - 2015-06-30 13:57 - 8062464 _____ () C:\Program Files (x86)\ABBYY PDF Transformer+ x64.msi
2015-12-14 15:33 - 2015-06-30 13:57 - 7953920 _____ () C:\Program Files (x86)\ABBYY PDF Transformer+.msi
2016-01-04 17:13 - 2016-01-04 17:13 - 2106893 _____ () C:\Users\Liba\AppData\Roaming\langInstall.exe
2017-05-28 22:38 - 2017-05-28 22:38 - 0003584 _____ () C:\Users\Liba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-26 10:31

==================== End of FRST.txt ============================

[Rudy]

Teď spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[lara]

opět z nouzového režimu

# AdwCleaner v6.047 - Log vytvořen 26/06/2017 v 19:34:40
# Aktualizováno dne 19/05/2017 z Malwarebytes
# Databáze : 2016-08-15.2 [Místní]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Liba - LIBA-PC
# Spuštěno z : C:\Users\Liba\Desktop\adwcleaner_6.047.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKU\S-1-5-21-884147705-2334425009-4275635490-1000\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-884147705-2334425009-4275635490-1000\Software\INSTALLPATH\STATUS
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\INSTALLPATH\STATUS
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[#] Klíč smazán po restartu: [x64] HKCU\Software\Conduit
[#] Klíč smazán po restartu: [x64] HKCU\Software\INSTALLPATH\STATUS


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1587 Bajty] - [09/02/2016 18:58:48]
C:\AdwCleaner\AdwCleaner[C4].txt - [4024 Bajty] - [16/11/2015 15:28:56]
C:\AdwCleaner\AdwCleaner[C5].txt - [755 Bajty] - [18/11/2015 19:38:21]
C:\AdwCleaner\AdwCleaner[C6].txt - [3583 Bajty] - [18/08/2016 20:53:08]
C:\AdwCleaner\AdwCleaner[C7].txt - [1557 Bajty] - [26/06/2017 19:34:40]
C:\AdwCleaner\AdwCleaner[R0].txt - [25392 Bajty] - [18/05/2015 20:25:52]
C:\AdwCleaner\AdwCleaner[R1].txt - [8935 Bajty] - [04/08/2015 09:19:18]
C:\AdwCleaner\AdwCleaner[R2].txt - [1022 Bajty] - [04/08/2015 13:02:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [21971 Bajty] - [18/05/2015 20:27:24]
C:\AdwCleaner\AdwCleaner[S10].txt - [3503 Bajty] - [18/08/2016 20:52:47]
C:\AdwCleaner\AdwCleaner[S11].txt - [2957 Bajty] - [26/06/2017 19:33:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [7370 Bajty] - [04/08/2015 09:26:28]
C:\AdwCleaner\AdwCleaner[S2].txt - [1085 Bajty] - [04/08/2015 13:08:08]
C:\AdwCleaner\AdwCleaner[S4].txt - [3710 Bajty] - [16/11/2015 15:26:11]
C:\AdwCleaner\AdwCleaner[S5].txt - [663 Bajty] - [18/11/2015 19:11:50]
C:\AdwCleaner\AdwCleaner[S6].txt - [3168 Bajty] - [16/08/2016 10:42:06]
C:\AdwCleaner\AdwCleaner[S7].txt - [3280 Bajty] - [16/08/2016 10:50:13]
C:\AdwCleaner\AdwCleaner[S8].txt - [3354 Bajty] - [16/08/2016 11:04:50]
C:\AdwCleaner\AdwCleaner[S9].txt - [3428 Bajty] - [16/08/2016 13:33:03]

########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [2655 Bajty] ##########

[Rudy]

OK. Teď se pokuste spustit FRST v normálním režimu. Pokud to nepůjde, udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte. MBAM můžete spustit v nouz. režimu.

[lara]

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 27.06.17
Čas skenování: 17:14
Logovací soubor: gg.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.1.2.1733
Verze komponentů: 1.0.141
Aktualizovat verzi balíku komponent: 1.0.2240
Licence: Zkušební

-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: Liba-PC\Liba

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 396577
Zjištěné hrozby: 1
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 4 min, 10 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 1
HackTool.AutoKMS, C:\PROGRAMDATA\KMSAUTOS\BIN\KMSSS.EXE, Žádná uživatelská akce, [2130], [370307],1.0.2240

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[Rudy]

Nalezenou položku smažte.

[lara]

smazáno + restart

[Rudy]

Změnilo se něco?

[lara]

Nezměnilo, při spuštění čehokoliv např. FRST - stále "rozšířené atributy nejsou konzistentní"

[Rudy]

Zkuste udělat checkdisk (kontrolu disku).

[lara]

udělám zítra, musím odejít.