VIRY.CZ

Zdravím,

poslední dny se mě dost zpomalil PC ( konkrétně se jedná o DELL XPS s W10 Pro) a moc netuším, čím by to mohlo být.Ještě před logem jsem provedl čištění přes ADWcleaner.
Děkuji za zkontrolování¨

Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2016-08-06 12:18:55
Microsoft Windows 10 Pro
System drive C: has 88 GB (36%) free of 243 GB
Total RAM: 8081 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:19:00, on 6. 8. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16412)
Boot mode: Normal

Running processes:
C:\WINDOWS\TEMP\DPTF\esif_assist.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [EasyHideIPVPN] C:\Program Files (x86)\Easy-Hide-IP VPN\easy.hide.ip.vpn.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Command | Power Manager Notify (dcpm-notify) - Dell Inc. - C:\Program Files\Dell\CommandPowerManager\NotifyService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\Windows\SysWOW64\esif_uf.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\WINDOWS\system32\HPSIsvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Wake on Voice Setup - Intel - C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\Intel(R)WakeonVoiceService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: RTK IIS Codec Service (RtkI2SCodec) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\IIS\RtkI2SAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: Waves System Service (WavesSysSvc) - Waves Audio Ltd. - C:\Program Files\Realtek\Audio\AP\WavesSysSvc64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11142 bytes

======Listing Processes======

winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f6b233b8-3499-4409-b3b1-b77cf8f9eb0b -SystemEventPortName:HostProcess-c696c669-4853-4695-9ba3-84e0ca5e5882 -IoCancelEventPortName:HostProcess-885ca303-3585-49a5-8a0d-c2ce67ba8ef5 -NonStateChangingEventPortName:HostProcess-195ed67d-acd5-47d1-84cc-d52a4eed82c5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:49fa9e1a-5035-4e7b-9e47-d061d1952d8a -DeviceGroupId:
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
"C:\Program Files\Realtek\Audio\AP\WavesSysSvc64.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e95970eb-11c9-4bfb-9341-b6d6aa5c0fc3 -SystemEventPortName:HostProcess-15d36941-65a0-4c38-8641-4dee0b5bf311 -IoCancelEventPortName:HostProcess-358ceab1-e7cc-44fd-9c19-e4974c75f496 -NonStateChangingEventPortName:HostProcess-8c9c4993-0bd3-44e1-9001-5429359f5266 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:2efaee5c-c9c5-4c0e-b39a-39ae82259a49 -DeviceGroupId:WpdFsGroup
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\esif_uf.exe
"C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\Intel(R)WakeonVoiceService.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
dashost.exe {99cec4ed-c39b-480d-a949f647af28eff3}
C:\WINDOWS\system32\HPSIsvc.exe
"C:\Program Files\Realtek\Audio\IIS\RtkI2SAudioService64.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Realtek\Audio\IIS\RtI2SBgProc64.exe" /SENDINPUT
C:\WINDOWS\system32\svchost.exe -k appmodel

"C:\WINDOWS\TEMP\DPTF\esif_assist.exe"
taskeng.exe {ACE16082-9F51-4483-A153-48D90F37059C}
sihost.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
igfxEM.exe
igfxHK.exe
igfxTray.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

"C:\Program Files\Realtek\Audio\AP\RtkNGui64.exe" /s
"C:\Program Files\Realtek\Audio\AP\RtI2SBgProc64.exe" /BOARDWELL_MA3
"C:\Program Files\Realtek\Audio\AP\WavesSvc64.exe"
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"

"C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=51.0.2704.103 --handshake-handle=0x1c0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-conservative/AutofillProfileOrderByFrecency/Enabled/AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20160627/EnableMediaRouter/Enabled/ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/Default/*QUIC/EnabledAckDecimation/ReportCertificateErrors/ShowAndPossiblySend/ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_03/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --type=gpu-process --channel="1972.0.922380243\1529020426" --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,13,25,46,54 --gpu-vendor-id=0x8086 --gpu-device-id=0x1616 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.15.4256 --mojo-platform-channel-handle=1236 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-conservative/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20160627/*EnableMediaRouter/Enabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/Default/*QUIC/EnabledAckDecimation/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_03/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=95C7ABA8B6F3CCA4550811A41F97F187 --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.5 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="1972.4.24276526\470539426" --mojo-platform-channel-handle=3224 /prefetch:1
"C:\Program Files\Windows Defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 920A0FB2-5023-E39C-229A-2D2D006CFCFC -Reinvoke
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,UsePasswordSeparatedSigninFlow<PasswordSeparatedSigninFlow,WebFontsIntervention<WebFontsIntervention,*WebRTC-EnableWebRtcEcdsa<WebRTC-EnableWebRtcEcdsa,brotli-encoding<BrotliEncoding --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,RenderingPipelineThrottling<RenderingPipelineThrottling,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-conservative/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/DirectWriteFontProxy/UseDirectWriteFontProxy/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20160627/*EnableMediaRouter/Enabled/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/*OutOfProcessPac/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PasswordSeparatedSigninFlow/Enabled/PasswordSmartBubble/Default/*QUIC/EnabledAckDecimation/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control25PermanentA/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SyncHttpContentCompression/Enabled/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_03/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*WebFontsIntervention/Enabled/WebRTC-EnableWebRtcEcdsa/Default/ --primordial-pipe-token=889367FA4AE51465418BB12B02E9C984 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.5 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="1972.16.288852560\1179197342" --mojo-platform-channel-handle=4848 /prefetch:1
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 220 500 628 8192 624
"C:\Users\Admin\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xg9kqvea.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.101.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.101.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29 219304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2015-09-15 2339032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29 153768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-05 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [2015-09-15 1733240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-05 186944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtkNGui"=C:\Program Files\Realtek\Audio\AP\RtkNGui64.exe [2015-08-04 9420544]
"RtI2SBgProc"=C:\Program Files\Realtek\Audio\AP\RtI2SBgProc64.exe [2015-08-04 2725120]
"WavesSvc"=C:\Program Files\Realtek\Audio\AP\WavesSvc64.exe [2015-08-04 579712]
"CxAgent"=C:\Program Files\Realtek\Audio\AP\CXAPOAgent64.exe [2015-08-04 760032]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2014-06-25 36352]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19 557768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-05-28 554184]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 4468056]
"EasyHideIPVPN"=C:\Program Files (x86)\Easy-Hide-IP VPN\easy.hide.ip.vpn.exe []
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [2015-07-12 563416]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2014-09-30 136992]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22 598552]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"PromptOnSecureDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-08-06 12:18:55 ----D---- C:\rsit
2016-08-06 12:18:55 ----D---- C:\Program Files\trend micro
2016-08-06 12:13:37 ----D---- C:\AdwCleaner
2016-08-05 18:34:57 ----SHD---- C:\Config.Msi
2016-08-05 12:47:05 ----D---- C:\ProgramData\Citrix
2016-08-05 12:46:48 ----D---- C:\Program Files (x86)\Citrix
2016-08-05 12:41:43 ----D---- C:\Users\Admin\AppData\Roaming\PCDr
2016-07-28 20:03:50 ----D---- C:\WINDOWS\system32\appmgmt
2016-07-28 20:01:15 ----D---- C:\ProgramData\ProductData
2016-07-28 20:01:02 ----D---- C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-07-28 20:00:35 ----D---- C:\Users\Admin\AppData\Roaming\IObit
2016-07-28 20:00:22 ----D---- C:\ProgramData\IObit
2016-07-28 20:00:22 ----D---- C:\Program Files (x86)\IObit
2016-07-12 10:31:57 ----D---- C:\Program Files\Mozilla Firefox
2016-07-10 11:54:22 ----D---- C:\Users\Admin\AppData\Roaming\Mozilla

======List of files/folders modified in the last 1 month======

2016-08-06 12:18:55 ----RD---- C:\Program Files
2016-08-06 12:18:43 ----D---- C:\WINDOWS\Temp
2016-08-06 12:18:03 ----D---- C:\WINDOWS\system32\sru
2016-08-06 12:16:43 ----D---- C:\WINDOWS\Prefetch
2016-08-06 12:16:03 ----D---- C:\WINDOWS\System32
2016-08-06 12:16:03 ----A---- C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-06 12:15:58 ----D---- C:\WINDOWS\system32\drivers
2016-08-06 12:14:10 ----D---- C:\WINDOWS\INF
2016-08-06 12:14:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-06 12:08:49 ----D---- C:\Program Files (x86)\Dropbox
2016-08-06 12:08:29 ----D---- C:\WINDOWS\system32\CatRoot
2016-08-06 12:05:20 ----D---- C:\WINDOWS\system32\SleepStudy
2016-08-05 19:41:43 ----D---- C:\WINDOWS\system32\config
2016-08-05 19:23:50 ----SHD---- C:\WINDOWS\Installer
2016-08-05 19:23:50 ----D---- C:\WINDOWS\Tasks
2016-08-05 19:23:50 ----D---- C:\WINDOWS\system32\Tasks
2016-08-05 19:06:05 ----D---- C:\WINDOWS\Microsoft.NET
2016-08-05 19:06:03 ----RSD---- C:\WINDOWS\assembly
2016-08-05 18:38:40 ----D---- C:\ProgramData\Oracle
2016-08-05 18:37:17 ----D---- C:\WINDOWS\SysWOW64
2016-08-05 18:37:17 ----D---- C:\Program Files (x86)\Java
2016-08-05 18:37:13 ----D---- C:\Program Files (x86)\Common Files
2016-08-05 18:37:04 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-32.dll
2016-08-05 18:35:31 ----D---- C:\Program Files\iTunes
2016-08-05 18:35:20 ----RD---- C:\Program Files (x86)
2016-08-05 18:35:20 ----D---- C:\Program Files\Common Files\Apple
2016-08-05 18:34:13 ----D---- C:\Users\Admin\AppData\Roaming\MiniLyrics
2016-08-05 18:34:13 ----D---- C:\Program Files (x86)\MiniLyrics
2016-08-05 18:32:45 ----D---- C:\Program Files (x86)\Adobe
2016-08-05 18:30:26 ----D---- C:\Windows
2016-08-05 18:30:25 ----D---- C:\WINDOWS\system32\catroot2
2016-08-05 18:28:35 ----RSD---- C:\WINDOWS\Fonts
2016-08-05 18:28:34 ----D---- C:\Users\Admin\AppData\Roaming\vlc
2016-08-05 18:28:31 ----D---- C:\Program Files\Microsoft Silverlight
2016-08-05 18:28:31 ----D---- C:\Program Files\Farming Simulator 15
2016-08-05 18:28:30 ----D---- C:\WINDOWS\WinSxS
2016-08-05 18:28:30 ----D---- C:\WINDOWS\system32\wbem
2016-08-05 18:28:30 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2016-08-05 18:28:02 ----D---- C:\WINDOWS\ShellNew
2016-08-05 18:28:02 ----D---- C:\Program Files\Windows Media Player
2016-08-05 18:28:02 ----D---- C:\Program Files\Windows Journal
2016-08-05 18:28:02 ----D---- C:\Program Files (x86)\Windows Media Player
2016-08-05 18:28:01 ----SD---- C:\WINDOWS\SYSWOW64\DiagSvcs
2016-08-05 18:28:01 ----SD---- C:\WINDOWS\system32\DiagSvcs
2016-08-05 18:28:01 ----D---- C:\WINDOWS\SYSWOW64\wbem
2016-08-05 18:28:01 ----D---- C:\WINDOWS\SYSWOW64\migration
2016-08-05 18:28:01 ----D---- C:\WINDOWS\SYSWOW64\en-US
2016-08-05 18:28:01 ----D---- C:\WINDOWS\system32\migration
2016-08-05 18:28:01 ----D---- C:\WINDOWS\system32\en-US
2016-08-05 18:28:01 ----D---- C:\WINDOWS\system32\Dism
2016-08-05 18:28:00 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2016-08-05 18:28:00 ----D---- C:\WINDOWS\AppPatch
2016-08-05 18:28:00 ----D---- C:\Program Files (x86)\Internet Explorer
2016-08-05 18:27:59 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2016-08-05 18:27:59 ----D---- C:\WINDOWS\system32\Sysprep
2016-08-05 18:27:59 ----D---- C:\WINDOWS\system32\Macromed
2016-08-05 18:27:59 ----D---- C:\WINDOWS\system32\CodeIntegrity
2016-08-05 18:27:57 ----D---- C:\Users\Admin\AppData\Roaming\IrfanView
2016-08-05 18:27:46 ----D---- C:\Program Files\Common Files\microsoft shared
2016-08-05 18:27:46 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-08-05 18:26:58 ----D---- C:\WINDOWS\registration
2016-08-05 18:26:53 ----D---- C:\WINDOWS\system32\DriverStore
2016-08-05 18:26:21 ----HD---- C:\ProgramData
2016-08-05 18:26:09 ----D---- C:\Program Files\Microsoft Office
2016-08-05 18:26:02 ----D---- C:\Program Files\Adobe
2016-08-05 18:25:57 ----RHD---- C:\MSOCache
2016-08-05 18:25:07 ----SHD---- C:\System Volume Information
2016-08-05 18:20:04 ----D---- C:\ProgramData\Microsoft Help
2016-08-05 13:51:19 ----D---- C:\WINDOWS\CbsTemp
2016-08-05 09:54:00 ----D---- C:\WINDOWS\Logs
2016-08-05 09:45:03 ----D---- C:\WINDOWS\AppReadiness
2016-08-05 09:45:01 ----D---- C:\WINDOWS\SoftwareDistribution
2016-07-28 20:09:57 ----D---- C:\WINDOWS\debug
2016-07-28 20:04:40 ----DC---- C:\WINDOWS\Panther
2016-07-28 20:03:25 ----D---- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
2016-07-26 11:31:10 ----D---- C:\WINDOWS\LiveKernelReports

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2014-06-25 670056]
R0 IntelHSWPcc;IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [2014-08-26 79016]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2015-07-10 83968]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-07-10 8192]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2015-07-10 48128]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2015-07-10 61952]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2015-07-10 105984]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2015-07-10 237568]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2015-07-10 128512]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2015-07-10 84992]
R3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-09-17 36352]
R3 dptf_acpi;dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [2014-09-19 41824]
R3 dptf_cpu;dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [2014-09-19 38720]
R3 dptf_pch;dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [2014-09-19 38208]
R3 dtlitescsibus;@oem40.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2015-09-15 30264]
R3 esif_lf;esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [2014-09-19 216360]
R3 HidEventFilter;@oem8.inf,%HidEventFilter%;Intel(R) HID Event Filter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [2015-06-06 52240]
R3 ibtusb;@oem25.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2015-07-15 266512]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2015-07-18 6389688]
R3 IntcADSP;@oem30.inf,%IntcADSP.SvcDesc%;Technologie Intel® Smart Sound; C:\WINDOWS\system32\DRIVERS\IntcADSP.sys [2015-08-04 756024]
R3 iwdbus;@oem0.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2014-10-17 30512]
R3 MEIx64;@oem19.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [2014-09-30 129312]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit; C:\WINDOWS\System32\drivers\Netwbw02.sys [2015-07-10 3496216]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2015-07-10 167936]
R3 RTKI2SAC;@oem31.inf,%RTKI2SAC.SvcDesc%;Realtek I2S HW Audio Codec Device Driver; C:\WINDOWS\system32\DRIVERS\RTKI2SAC.sys [2015-08-04 235264]
R3 RTSPER;@oem32.inf,%Rts5227PER%;Realtek PCIE Card Reader - PER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [2015-05-14 751632]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-07-10 104800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-07-10 99168]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2015-07-10 58208]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2015-07-10 58720]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2015-07-10 40288]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2015-09-17 929280]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2015-07-10 116736]
S3 fcvsc;fcvsc; C:\WINDOWS\System32\drivers\fcvsc.sys [2015-07-10 31232]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-07-10 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-07-10 50016]
S3 iaLPSS_GPIO;@oem33.inf,%iaLPSS_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Driver; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [2014-06-03 35832]
S3 iaLPSS_I2C;@oem21.inf,%iaLPSS_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver; C:\WINDOWS\System32\drivers\iaLPSS_I2C.sys [2014-06-10 120312]
S3 iaLPSS_SPI;@oem28.inf,%iaLPSS_SPI.SVCDESC%;Intel(R) Serial IO SPI Driver; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [2014-06-03 100856]
S3 iaLPSS_UART2;@oem27.inf,%iaLPSS_UART2.SVCDESC%;Intel(R) Serial IO UART Driver v2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [2014-06-03 143864]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2015-07-10 424800]
S3 IntcDAud;@oem22.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2014-11-24 455440]
S3 IoQos;@%SystemRoot%\system32\drivers\ioqos.sys,-100; C:\WINDOWS\system32\drivers\ioqos.sys [2015-07-10 26624]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-07-10 705376]
S3 mvusbews;@oem45.inf,%mvusbews.SvcDesc%;USB EWS Device; C:\WINDOWS\System32\Drivers\mvusbews.sys [2012-11-08 19968]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2015-07-10 76128]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2015-09-11 934752]
S3 tap0901;@oem44.inf,%DeviceDescription%;TAP-Windows Adapter V9; C:\WINDOWS\System32\drivers\tap0901.sys [2014-12-17 40664]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmCx.sys [2015-07-10 61952]
S3 UcmUcsi;@ucmucsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-09-11 46080]
S3 UdeCx;USB Device Emulation Support Library; C:\WINDOWS\system32\drivers\udecx.sys [2015-07-10 44032]
S3 Ufx01000;USB Function Class Extension; C:\WINDOWS\system32\drivers\ufx01000.sys [2015-07-10 245088]
S3 UfxChipidea;@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller; C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-07-10 94048]
S3 ufxsynopsys;@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller; C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-07-10 127840]
S3 UrsCx01000;USB Role-Switch Support Library; C:\WINDOWS\system32\drivers\urscx01000.sys [2015-07-10 57696]
S3 UrsChipidea;@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver; C:\WINDOWS\System32\drivers\urschipidea.sys [2015-07-10 28512]
S3 UrsSynopsys;@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver; C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-07-10 27488]
S3 USBAAPL64;@oem42.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl64.sys [2015-06-17 54784]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-09-02 77104]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
R2 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R2 esifsvc;ESIF Upper Framework Service; C:\Windows\SysWOW64\esif_uf.exe [2014-09-19 1037568]
R2 HPSIService;HP SI Service; C:\WINDOWS\system32\HPSIsvc.exe [2012-11-08 126856]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-06-25 16232]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2015-07-18 351120]
R2 Intel(R) Wake on Voice Setup;Intel(R) Wake on Voice Setup; C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\Intel(R)WakeonVoiceService.exe [2014-09-24 17920]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-09-30 158496]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2014-09-30 409376]
R2 OneSyncSvc_Session1;Hostitel synchronizace_Session1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R2 RtkI2SCodec;RTK IIS Codec Service; C:\Program Files\Realtek\Audio\IIS\RtkI2SAudioService64.exe [2015-08-04 167168]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1268568]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-06-17 43696]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04 107848]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S2 OneSyncSvc_Session11;Hostitel synchronizace_Session11; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-07-18 283024]
S3 dcpm-notify;Dell Command | Power Manager Notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [2015-06-10 85216]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 Dell.CommandPowerManager.Service;Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe [2015-07-10 18784]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-07-10 27136]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04 107848]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-05-13 887256]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\lsass.exe [2015-07-10 56344]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 PimIndexMaintenanceSvc_Session1;Data kontaktů_Session1; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 PimIndexMaintenanceSvc_Session11;Data kontaktů_Session11; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2015-09-11 1031680]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2015-07-10 39856]
S3 UnistoreSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-10003; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 UnistoreSvc_Session1;Úložiště uživatelských dat_Session1; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]
S3 UnistoreSvc_Session11;Úložiště uživatelských dat_Session11; C:\WINDOWS\System32\svchost.exe [2015-07-10 39856]

-----------------EOF-----------------

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Jak jsem psal výše, tohle jsem již jednou provedl předtím, bohužel jsem neuložil první log. Tohle je z toho druhého. Každopádně notebook nyní pracuje lépe.

# AdwCleaner v5.201 - Log vytvořen 06/08/2016 v 17:11:06
# Aktualizováno 30/06/2016 by ToolsLib
# Databáze : 2016-08-06.1 [Server]
# Operační system : Windows 10 Pro (X64)
# Uživatelské jméno : Admin - DELL
# Spuštěno z : C:\Users\Admin\Downloads\adwcleaner_5.201.exe
# Nastavení : Čištění
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****

***** [ Složky ] *****

***** [ Soubory ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

***** [ Prohlížeče ] *****

*************************

:: "Tracing" klíče smazány
:: Nastavení Winsock vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1751 bytů] - [06/08/2016 12:14:59]
C:\AdwCleaner\AdwCleaner[C2].txt - [831 bytů] - [06/08/2016 17:11:06]
C:\AdwCleaner\AdwCleaner[S1].txt - [1626 bytů] - [06/08/2016 12:13:44]
C:\AdwCleaner\AdwCleaner[S2].txt - [948 bytů] - [06/08/2016 17:10:27]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1048 bytů] ##########

Toto je OK a ani z mé strany to není vše. Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by Admin (administrator) on DELL (06-08-2016 17:22:50)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 10 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\AP\WavesSysSvc64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel) C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\Intel(R)WakeonVoiceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\IIS\RtkI2SAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\IIS\RtI2SBgProc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGui64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtI2SBgProc64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\AP\WavesSvc64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkNGui] => C:\Program Files\Realtek\Audio\AP\RtkNGui64.exe [9420544 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtI2SBgProc] => C:\Program Files\Realtek\Audio\AP\RtI2SBgProc64.exe [2725120 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\AP\WavesSvc64.exe [579712 2015-08-04] (Waves Audio Ltd.)
HKLM\...\Run: [CxAgent] => C:\Program Files\Realtek\Audio\AP\CXAPOAgent64.exe [760032 2015-08-04] (Conexant Systems, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1172256 2014-09-30] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-4191368967-4216378553-406102012-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-4191368967-4216378553-406102012-1001\...\Run: [EasyHideIPVPN] => C:\Program Files (x86)\Easy-Hide-IP VPN\easy.hide.ip.vpn.exe
HKU\S-1-5-21-4191368967-4216378553-406102012-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-21-4191368967-4216378553-406102012-1001\...\MountPoints2: {21e5087e-a0de-11e5-826c-340286cfdb35} - "D:\setup.exe"
HKU\S-1-5-21-4191368967-4216378553-406102012-1001\...\MountPoints2: {21e50962-a0de-11e5-826c-340286cfdb35} - "F:\setup.exe"
HKU\S-1-5-21-4191368967-4216378553-406102012-1001\...\MountPoints2: {5a1f91c4-9368-11e5-826c-340286cfdb35} - "D:\SISetup.exe"
HKU\S-1-5-21-4191368967-4216378553-406102012-1001\...\MountPoints2: {ca67fdf4-5b70-11e5-8260-340286cfdb35} - "D:\setup.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{80da292b-9d3d-486b-b427-256248b5f7fa}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-05] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-05] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xg9kqvea.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-30] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-30] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-08-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-08-12] (Microsoft Corporation)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.cz/ig","hxxp://www.istartsur ... oogle.com/"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-10]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Vyhledávání Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-10]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [85216 2015-06-10] (Dell Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-09-19] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 Intel(R) Wake on Voice Setup; C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\Intel(R)WakeonVoiceService.exe [17920 2014-09-24] (Intel) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-09-30] (Intel Corporation)
R2 RtkI2SCodec; C:\Program Files\Realtek\Audio\IIS\RtkI2SAudioService64.exe [167168 2015-08-04] (Realtek Semiconductor)
R2 WavesSysSvc; C:\Program Files\Realtek\Audio\AP\WavesSysSvc64.exe [515104 2015-08-04] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{50DED969-5C9C-4C8F-B087-B037B411E689}

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [41824 2014-09-19] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [38720 2014-09-19] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [38208 2014-09-19] (Intel Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-09-15] (Disc Soft Ltd)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [216360 2014-09-19] (Intel Corporation)
R3 HidEventFilter; C:\Windows\System32\drivers\HidEventFilter.sys [52240 2015-06-06] (Intel Corporation)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-03] (Intel Corporation)
S3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-10] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-03] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-03] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [266512 2015-07-15] (Intel Corporation)
R3 IntcADSP; C:\Windows\system32\DRIVERS\IntcADSP.sys [756024 2015-08-04] (Intel(R) Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79016 2014-08-26] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [19968 2012-11-08] (Marvell Semiconductor, Inc.)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-07-10] (Intel Corporation)
R3 RTKI2SAC; C:\Windows\system32\DRIVERS\RTKI2SAC.sys [235264 2015-08-04] (Realtek Semiconductor Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [31512 2014-08-25] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-06 17:22 - 2016-08-06 17:23 - 00016195 _____ C:\Users\Admin\Desktop\FRST.txt
2016-08-06 17:22 - 2016-08-06 17:22 - 00000000 ____D C:\FRST
2016-08-06 17:21 - 2016-08-06 17:21 - 00029696 _____ C:\Users\Admin\AppData\Local\MSGBOX.EXE
2016-08-06 17:21 - 2016-08-06 17:21 - 00015327 _____ C:\Users\Admin\Desktop\LM.bat
2016-08-06 17:20 - 2016-08-06 17:20 - 02393600 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2016-08-06 17:20 - 2016-08-06 17:20 - 00112640 _____ (forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe
2016-08-06 17:19 - 2016-08-06 17:19 - 00016148 _____ C:\WINDOWS\system32\DELL_Admin_HistoryPrediction.bin
2016-08-06 12:28 - 2016-08-06 12:28 - 00000000 ____D C:\Users\Admin\AppData\Local\Disc_Soft_Ltd
2016-08-06 12:18 - 2016-08-06 12:19 - 00000000 ____D C:\rsit
2016-08-06 12:18 - 2016-08-06 12:19 - 00000000 ____D C:\Program Files\trend micro
2016-08-06 12:18 - 2016-08-06 12:18 - 01222144 _____ C:\Users\Admin\Downloads\RSITx64.exe
2016-08-06 12:13 - 2016-08-06 17:11 - 00000000 ____D C:\AdwCleaner
2016-08-06 12:13 - 2016-08-06 12:13 - 03712064 _____ C:\Users\Admin\Downloads\adwcleaner_5.201.exe
2016-08-05 19:00 - 2016-08-05 19:07 - 221812904 _____ (Dell Inc.) C:\Users\Admin\Downloads\9343_Video_Driver_33X2V_WN32_20.19.15.4463_A03.EXE
2016-08-05 18:55 - 2016-08-05 18:55 - 00013560 _____ C:\Users\Admin\Downloads\DellSystemDetectLauncher.Application
2016-08-05 18:34 - 2016-08-05 18:34 - 00003520 _____ C:\WINDOWS\System32\Tasks\{2B548E31-72EF-4D8D-ABD0-324D9FEDDD40}
2016-08-05 12:47 - 2016-08-05 12:47 - 00000000 ____D C:\ProgramData\Citrix
2016-08-05 12:46 - 2016-08-05 12:46 - 00000000 ____D C:\Users\Admin\AppData\Local\Citrix
2016-08-05 12:46 - 2016-08-05 12:46 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-08-05 12:41 - 2016-08-05 12:41 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PCDr
2016-08-05 09:45 - 2016-08-05 18:56 - 00000000 ____D C:\Users\Admin\AppData\Local\Deployment
2016-08-05 09:45 - 2016-08-05 09:45 - 00013560 _____ C:\Users\Admin\Downloads\Nepotvrzeno 125782.crdownload
2016-07-28 20:09 - 2016-08-05 18:25 - 00036903 ____H C:\Users\Admin\AppData\Local\IconCache.db.backup
2016-07-28 20:08 - 2016-07-28 20:08 - 84914176 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2016-07-28 20:08 - 2016-07-28 20:08 - 00307200 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2016-07-28 20:08 - 2016-07-28 20:08 - 00069632 _____ C:\WINDOWS\system32\config\SAM.iobit
2016-07-28 20:08 - 2016-07-28 20:08 - 00024576 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2016-07-28 20:03 - 2016-08-05 18:37 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-07-28 20:01 - 2016-08-05 18:27 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\IObit
2016-07-28 20:01 - 2016-08-05 18:27 - 00000000 ____D C:\ProgramData\ProductData
2016-07-28 20:01 - 2016-07-28 20:01 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2016-07-28 20:01 - 2016-07-28 20:01 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-07-28 20:00 - 2016-08-05 18:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\IObit
2016-07-28 20:00 - 2016-08-05 18:27 - 00000000 ____D C:\ProgramData\IObit
2016-07-28 20:00 - 2016-08-05 13:21 - 00000000 ____D C:\Program Files (x86)\IObit
2016-07-22 09:36 - 2016-07-22 09:36 - 00348376 _____ (Spotify Ltd) C:\Users\Admin\Downloads\SpotifySetup(1).exe
2016-07-22 09:35 - 2016-07-22 09:35 - 00348376 _____ (Spotify Ltd) C:\Users\Admin\Downloads\SpotifySetup.exe
2016-07-18 15:38 - 2016-07-18 15:38 - 00117042 _____ C:\Users\Admin\Downloads\Klientské centrum _ MALL.pdf
2016-07-16 10:46 - 2016-07-16 10:46 - 00123754 _____ C:\Users\Admin\Downloads\Solen_lek-200702-0007.pdf
2016-07-13 09:41 - 2016-07-13 12:38 - 00000000 ____D C:\Users\Admin\Desktop\GALERIE
2016-07-13 09:12 - 2016-06-07 16:30 - 23174393 _____ C:\Users\Admin\Desktop\Jak na perfektní obočí - produkty-fiT5I4nOPnw.mp4
2016-07-13 09:12 - 2016-05-25 09:22 - 05334788 _____ C:\Users\Admin\Desktop\Kristina-Cechova-Top30-kucharka.PDF
2016-07-13 09:11 - 2016-06-18 08:44 - 141034754 _____ C:\Users\Admin\Desktop\Novinky a nákupy květen ode mě z postele --)-3BBEvFLCxhM.mp4
2016-07-13 09:11 - 2016-06-18 08:43 - 61085967 _____ C:\Users\Admin\Desktop\Budu točit česky Tipy jak se naučit anglicky a zadarmo!-IZSVpdqFKjw.mp4
2016-07-13 09:11 - 2016-06-14 09:50 - 166070658 _____ C:\Users\Admin\Desktop\Objevy a přešlapy z dekorativky-Fs6cb5G_8po.mp4
2016-07-13 09:10 - 2016-07-13 12:43 - 00000000 ____D C:\Users\Admin\Desktop\4!!!!
2016-07-13 09:07 - 2016-07-13 09:10 - 00000000 ____D C:\Users\Admin\Desktop\CVIČENÍ
2016-07-13 09:02 - 2016-08-05 18:28 - 00000000 ____D C:\Users\Admin\Desktop\Nová složka
2016-07-12 10:31 - 2016-08-05 18:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-10 11:54 - 2016-08-05 18:26 - 00000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2016-07-10 11:54 - 2016-07-10 11:55 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2016-07-10 11:50 - 2016-07-10 11:50 - 00001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-10 11:50 - 2016-07-10 11:50 - 00000993 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-06 17:15 - 2015-09-11 14:54 - 01765712 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-06 17:15 - 2015-07-10 18:02 - 00747686 _____ C:\WINDOWS\system32\perfh005.dat
2016-08-06 17:15 - 2015-07-10 18:02 - 00150086 _____ C:\WINDOWS\system32\perfc005.dat
2016-08-06 17:15 - 2015-07-10 13:02 - 00000000 ____D C:\WINDOWS\INF
2016-08-06 17:11 - 2015-09-11 14:50 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-06 17:11 - 2015-09-04 14:33 - 00000966 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-06 17:11 - 2015-09-04 10:53 - 00000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2016-08-06 17:11 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-06 17:11 - 2015-07-10 11:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-08-06 17:09 - 2015-09-11 14:48 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-06 17:09 - 2015-09-04 14:30 - 00004188 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6B3F3965-CD38-4CDF-A3AC-1D39D542479D}
2016-08-06 16:35 - 2015-09-04 14:33 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-06 12:28 - 2015-09-15 09:11 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
2016-08-06 12:08 - 2015-09-12 11:18 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-05 18:56 - 2015-09-23 16:05 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2016-08-05 18:38 - 2015-09-04 14:31 - 00000000 ____D C:\ProgramData\Oracle
2016-08-05 18:37 - 2015-09-04 14:31 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-08-05 18:37 - 2015-09-04 14:31 - 00000000 ____D C:\Users\Admin\.oracle_jre_usage
2016-08-05 18:37 - 2015-09-04 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-05 18:37 - 2015-09-04 14:31 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-05 18:35 - 2015-09-25 15:30 - 00000000 ____D C:\Program Files\iTunes
2016-08-05 18:35 - 2015-09-25 15:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-05 18:34 - 2016-02-05 17:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\MiniLyrics
2016-08-05 18:34 - 2016-02-05 17:03 - 00000000 ____D C:\Program Files (x86)\MiniLyrics
2016-08-05 18:33 - 2015-09-12 11:18 - 00000000 ____D C:\Users\Admin\AppData\Local\Dropbox
2016-08-05 18:32 - 2015-09-04 14:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-08-05 18:30 - 2015-09-04 14:33 - 00004028 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-05 18:30 - 2015-09-04 14:33 - 00003796 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-05 18:28 - 2015-12-15 15:27 - 00000000 ____D C:\Program Files\Farming Simulator 15
2016-08-05 18:28 - 2015-09-15 08:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-05 18:28 - 2015-09-11 14:51 - 00000000 ____D C:\Users\Admin
2016-08-05 18:28 - 2015-09-04 14:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2016-08-05 18:28 - 2015-09-04 12:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-05 18:28 - 2015-09-04 12:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-08-05 18:28 - 2015-09-04 12:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-08-05 18:28 - 2015-07-10 18:05 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-05 18:28 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-05 18:28 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-08-05 18:28 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-08-05 18:28 - 2015-07-10 13:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-05 18:28 - 2015-07-10 11:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-08-05 18:27 - 2015-09-17 18:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-05 18:27 - 2015-09-10 15:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\IrfanView
2016-08-05 18:27 - 2015-09-03 15:44 - 00000000 ____D C:\Users\Admin\AppData\Local\Packages
2016-08-05 18:27 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-08-05 18:27 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-08-05 18:27 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-05 18:27 - 2015-07-10 11:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-05 18:26 - 2015-12-12 16:40 - 00000000 ____D C:\Program Files\Adobe
2016-08-05 18:26 - 2015-09-15 08:05 - 00000000 ____D C:\Program Files\Microsoft Office
2016-08-05 18:26 - 2015-09-12 11:27 - 00000000 ___RD C:\Users\Admin\Dropbox
2016-08-05 18:26 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\registration
2016-08-05 18:25 - 2015-09-15 08:05 - 00000000 __RHD C:\MSOCache
2016-08-05 13:51 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-05 09:45 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-28 20:04 - 2015-09-11 15:47 - 00000000 ___DC C:\WINDOWS\Panther
2016-07-26 11:31 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======

2016-08-06 17:21 - 2016-08-06 17:21 - 0029696 _____ () C:\Users\Admin\AppData\Local\MSGBOX.EXE

Files to move or delete:
====================
C:\Users\Public\VOIP.dat

Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1t4hga.dll
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprrvkhp.dll
C:\Users\Admin\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Admin\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Admin\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Admin\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Admin\AppData\Local\Temp\libeay32.dll
C:\Users\Admin\AppData\Local\Temp\msvcr120.dll
C:\Users\Admin\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Admin\AppData\Local\Temp\sfareca00001.dll
C:\Users\Admin\AppData\Local\Temp\sfextra.dll
C:\Users\Admin\AppData\Local\Temp\siinst.exe
C:\Users\Admin\AppData\Local\Temp\SpOrder.dll
C:\Users\Admin\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Admin\AppData\Local\Temp\strings.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-08-05 19:05

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-4191368967-4216378553-406102012-1001\...\MountPoints2: {21e5087e-a0de-11e5-826c-340286cfdb35} - "D:\setup.exe"
HKU\S-1-5-21-4191368967-4216378553-406102012-1001\...\MountPoints2: {21e50962-a0de-11e5-826c-340286cfdb35} - "F:\setup.exe"
HKU\S-1-5-21-4191368967-4216378553-406102012-1001\...\MountPoints2: {5a1f91c4-9368-11e5-826c-340286cfdb35} - "D:\SISetup.exe"
HKU\S-1-5-21-4191368967-4216378553-406102012-1001\...\MountPoints2: {ca67fdf4-5b70-11e5-8260-340286cfdb35} - "D:\setup.exe"
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Public\VOIP.dat
C:\Users\Admin\AppData\Local\Temp
Task: {1522897A-4613-4050-B7B6-9BA732D6E4BE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {24EC1271-3F35-4B84-9CDE-92F73C623D8D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {393B6340-8A70-4F04-BDE4-B7831FDB6ED2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {43C42443-6A55-4BC5-88C5-205D4DD6BBC5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4D3B867B-D0FC-4D47-8B71-C97C8AE0A504} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {761A3F6A-4449-42F0-94CE-A7AE4D3E0A94} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {77E3092E-9D55-4A84-A1A7-E292CBDDCA8B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {91F70C68-9EE0-49B4-A63B-B823DDC30FA6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {97009559-EA58-410E-83AE-E6A958CAB312} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D75405F3-CFA0-4A09-87F5-362C30D2D035} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FAAE57E7-B7B2-4CA2-86CF-69A26E37BB1E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Doporučuji odinstalovat AdvancedSystemCare. Tento čistič vidí problémy i tam, kde nejsou a laik si jím snadno může poškodit systém.

Log níže, Advanced system care jsem odinstaloval již dříve, ale nejdřív jsem provedl obnovení systemu do data než to začalo dělat a nyní mě to asi někde visí, i přes to, že v programech(ovládacích panelech) ani v program files již tenhle program není.

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Admin (2016-08-06 20:22:03) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-4191368967-4216378553-406102012-1001\...\MountPoints2: {21e5087e-a0de-11e5-826c-340286cfdb35} - "D:\setup.exe"
HKU\S-1-5-21-4191368967-4216378553-406102012-1001\...\MountPoints2: {21e50962-a0de-11e5-826c-340286cfdb35} - "F:\setup.exe"
HKU\S-1-5-21-4191368967-4216378553-406102012-1001\...\MountPoints2: {5a1f91c4-9368-11e5-826c-340286cfdb35} - "D:\SISetup.exe"
HKU\S-1-5-21-4191368967-4216378553-406102012-1001\...\MountPoints2: {ca67fdf4-5b70-11e5-8260-340286cfdb35} - "D:\setup.exe"
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Public\VOIP.dat
C:\Users\Admin\AppData\Local\Temp
Task: {1522897A-4613-4050-B7B6-9BA732D6E4BE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {24EC1271-3F35-4B84-9CDE-92F73C623D8D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {393B6340-8A70-4F04-BDE4-B7831FDB6ED2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {43C42443-6A55-4BC5-88C5-205D4DD6BBC5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4D3B867B-D0FC-4D47-8B71-C97C8AE0A504} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {761A3F6A-4449-42F0-94CE-A7AE4D3E0A94} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {77E3092E-9D55-4A84-A1A7-E292CBDDCA8B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {91F70C68-9EE0-49B4-A63B-B823DDC30FA6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {97009559-EA58-410E-83AE-E6A958CAB312} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D75405F3-CFA0-4A09-87F5-362C30D2D035} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FAAE57E7-B7B2-4CA2-86CF-69A26E37BB1E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKU\S-1-5-21-4191368967-4216378553-406102012-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21e5087e-a0de-11e5-826c-340286cfdb35}" => key removed successfully
HKCR\CLSID\{21e5087e-a0de-11e5-826c-340286cfdb35} => key not found.
"HKU\S-1-5-21-4191368967-4216378553-406102012-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21e50962-a0de-11e5-826c-340286cfdb35}" => key removed successfully
HKCR\CLSID\{21e50962-a0de-11e5-826c-340286cfdb35} => key not found.
"HKU\S-1-5-21-4191368967-4216378553-406102012-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a1f91c4-9368-11e5-826c-340286cfdb35}" => key removed successfully
HKCR\CLSID\{5a1f91c4-9368-11e5-826c-340286cfdb35} => key not found.
"HKU\S-1-5-21-4191368967-4216378553-406102012-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca67fdf4-5b70-11e5-8260-340286cfdb35}" => key removed successfully
HKCR\CLSID\{ca67fdf4-5b70-11e5-8260-340286cfdb35} => key not found.
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Users\Public\VOIP.dat => moved successfully

"C:\Users\Admin\AppData\Local\Temp" folder move:

Could not move "C:\Users\Admin\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1522897A-4613-4050-B7B6-9BA732D6E4BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1522897A-4613-4050-B7B6-9BA732D6E4BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24EC1271-3F35-4B84-9CDE-92F73C623D8D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24EC1271-3F35-4B84-9CDE-92F73C623D8D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{393B6340-8A70-4F04-BDE4-B7831FDB6ED2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{393B6340-8A70-4F04-BDE4-B7831FDB6ED2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43C42443-6A55-4BC5-88C5-205D4DD6BBC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43C42443-6A55-4BC5-88C5-205D4DD6BBC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D3B867B-D0FC-4D47-8B71-C97C8AE0A504}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D3B867B-D0FC-4D47-8B71-C97C8AE0A504}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{761A3F6A-4449-42F0-94CE-A7AE4D3E0A94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{761A3F6A-4449-42F0-94CE-A7AE4D3E0A94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77E3092E-9D55-4A84-A1A7-E292CBDDCA8B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77E3092E-9D55-4A84-A1A7-E292CBDDCA8B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{91F70C68-9EE0-49B4-A63B-B823DDC30FA6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91F70C68-9EE0-49B4-A63B-B823DDC30FA6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97009559-EA58-410E-83AE-E6A958CAB312}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97009559-EA58-410E-83AE-E6A958CAB312}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D75405F3-CFA0-4A09-87F5-362C30D2D035}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D75405F3-CFA0-4A09-87F5-362C30D2D035}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAAE57E7-B7B2-4CA2-86CF-69A26E37BB1E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAAE57E7-B7B2-4CA2-86CF-69A26E37BB1E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-08-06 20:23:02)

C:\Users\Admin\AppData\Local\Temp => moved successfully

==== End of Fixlog 20:23:02 ====

Smazáno. Nastala nějaká změna?

Mě upřímně největší změna nastala po tom prvním fixu ADWcleaneru, ale nyní se to ještě asi doladilo.
Každopádně děkuji za pomoc. Pošlu 100,- na účet za tipy a vyřešení

Nemáte zač a za příspěvek děkujeme!

VIRY.CZ

Zpomalení PC

Zpomalení PC

Re: Zpomalení PC

Re: Zpomalení PC

Re: Zpomalení PC

Re: Zpomalení PC

Re: Zpomalení PC

Re: Zpomalení PC

Re: Zpomalení PC

Re: Zpomalení PC

Re: Zpomalení PC