Preventivní kontrola - notebook chvilkama nereaguje.

[paolov]

Logfile of random's system information tool 1.10 (written by random/random)
Run by Marcelka a Pavlíček at 2017-03-13 00:53:13
Microsoft Windows 10 Home
System drive C: has 584 GB (87%) free of 670 GB
Total RAM: 4040 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:53:16, on 13.03.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe
C:\Program Files\trend micro\Marcelka a Pavlíček.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8007 bytes

======Listing Processes======








C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
winlogon.exe
"dwm.exe"
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-211e93a4-59fa-4f98-a4a1-05dff1a57940 -SystemEventPortName:HostProcess-13ba5e9d-ddda-414e-b81e-ec5c849bcb37 -IoCancelEventPortName:HostProcess-1fd23091-ebb1-405f-b226-f50702965fb7 -NonStateChangingEventPortName:HostProcess-2d6a2120-6765-42c8-8d21-710585d6a92d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:581f6778-6cfa-4d71-a1f7-212fb09315ec -DeviceGroupId:
C:\Windows\system32\atiesrxx.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-9d266adc-fc1b-45df-b53e-c19ff4778b74 -SystemEventPortName:HostProcess-5eefdcf2-99a5-4264-a198-d2c6d2d4208b -IoCancelEventPortName:HostProcess-c3e017c1-6995-420a-a163-bf1c363f10eb -NonStateChangingEventPortName:HostProcess-6ff595a3-c766-474b-9f59-0f53fb5f82d4 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:ff7b7b76-066f-4380-97d0-24303b0f45ba -DeviceGroupId:WpdFsGroup
atieclxx
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\Antivirus\sched.exe"
"C:\Program Files (x86)\Avira\Antivirus\avguard.exe"
dashost.exe {a4f6ba8c-05e8-4559-b903eff7c467ce86}
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Windows\system32\svchost.exe -k appmodel
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Avira\Antivirus\avshadow.exe" avshadowcontrol0_000008e0
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e1f3bac9-3ba7-4bee-bf1c-c0f37896747e -SystemEventPortName:HostProcess-f0ee4752-6e82-4f58-b7ed-863e94f5b11c -IoCancelEventPortName:HostProcess-9c7686f5-05e8-4c87-b733-95cb3a883a5d -NonStateChangingEventPortName:HostProcess-0261a62f-0020-480a-b6d0-7e2c76a7b770 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:23321313-7ef4-4c01-8993-d55e6849173d -DeviceGroupId:WudfDefaultDevicePool
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
sihost.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
"C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe" /connectToHost
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="6036.0.352740813\212838247" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 6036 "\\.\pipe\gecko-crash-server-pipe.6036" tab
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
"fontdrvhost.exe"
C:\Windows\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca
"C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe" -ServerName:App.AppX2m6wj6jceb8yq7ppx1b3drf7yy51ha6f.mca
taskhostw.exe
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17012.10311.0_x64__8wekyb3d8bbwe\Music.UI.exe" -ServerName:Microsoft.ZuneMusic.AppX48dcrcgzqqdshm3kf61t0cm5e9pyd6h6.mca
C:\Windows\system32\AUDIODG.EXE 0x474
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="6036.11.1114502163\1603269793" "C:\Windows\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 6036 "\\.\pipe\gecko-crash-server-pipe.6036" plugin
"C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe" --proxy-stub-channel=Flash5328.6ACB11C0.22562 --host-broker-channel=Flash5328.6ACB11C0.21017 --host-pid=5328 --host-npapi-version=29 --plugin-path="C:\Windows\System32\Macromed\Flash\NPSWF32_24_0_0_221.dll"
"C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe" --channel=7360.00ECF70C.2106913828 --proxy-stub-channel=Flash5328.6ACB11C0.22562 --plugin-path="C:\Windows\System32\Macromed\Flash\NPSWF32_24_0_0_221.dll" --host-npapi-version=29 --type=renderer
C:\Windows\System32\svchost.exe -k WerSvcGroup
explorer.exe
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
"C:\Users\Marcelka a Pavlíček\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Marcelka a Pavlíček\AppData\Roaming\Mozilla\Firefox\Profiles\1702ipeu.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.221 Plugin
"Path"=C:\Windows\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.121.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.121.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.221 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19 186944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-01-07 3951280]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2017-03-09 193112]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2017-03-09 420960]
"Persistence"=C:\Windows\system32\igfxpers.exe [2017-03-09 463960]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-11-04 767176]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"Avira SystrayStartTrigger"=C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [2016-11-25 60120]
"avgnt"=C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2017-03-02 909744]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2017-03-09 460936]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-03-12 22:31:02 ----D---- C:\Program Files (x86)\Google
2017-03-12 21:56:59 ----D---- C:\Users\Marcelka a Pavlíček\AppData\Roaming\Opera Software
2017-03-12 21:55:25 ----D---- C:\Program Files\Opera
2017-03-10 22:06:40 ----AD---- C:\Program Files (x86)\Kingo ROOT
2017-03-09 10:50:58 ----D---- C:\Windows\LastGood.Tmp
2017-03-09 01:17:08 ----A---- C:\Windows\SYSWOW64\igdumd32.dll
2017-03-09 01:17:06 ----A---- C:\Windows\SYSWOW64\iglhsip32.dll
2017-03-09 01:17:06 ----A---- C:\Windows\SYSWOW64\iglhcp32.dll
2017-03-09 01:17:06 ----A---- C:\Windows\SYSWOW64\igfxcmrt32.dll
2017-03-09 01:17:06 ----A---- C:\Windows\system32\iglhsip64.dll
2017-03-09 01:17:06 ----A---- C:\Windows\system32\iglhcp64.dll
2017-03-09 01:17:06 ----A---- C:\Windows\system32\igfxexps.dll
2017-03-09 01:17:06 ----A---- C:\Windows\system32\igfxcmrt64.dll
2017-03-09 01:16:10 ----A---- C:\Windows\SYSWOW64\IntelCpHeciSvc.exe
2017-03-09 01:16:10 ----A---- C:\Windows\system32\igfxTMM.dll
2017-03-09 01:16:10 ----A---- C:\Windows\system32\igfxsrvc.exe
2017-03-09 01:16:10 ----A---- C:\Windows\system32\igfxCoIn_v4459.dll
2017-03-09 01:16:08 ----A---- C:\Windows\SYSWOW64\igfxexps32.dll
2017-03-09 01:16:08 ----A---- C:\Windows\SYSWOW64\igfxdv32.dll
2017-03-09 01:16:08 ----A---- C:\Windows\SYSWOW64\igfxcmjit32.dll
2017-03-09 01:16:08 ----A---- C:\Windows\system32\igfxpph.dll
2017-03-09 01:16:08 ----A---- C:\Windows\system32\igfxext.exe
2017-03-09 01:16:08 ----A---- C:\Windows\system32\igfxdo.dll
2017-03-09 01:16:08 ----A---- C:\Windows\system32\IGFXDEVLib.dll
2017-03-09 01:16:08 ----A---- C:\Windows\system32\igfxdev.dll
2017-03-09 01:16:08 ----A---- C:\Windows\system32\igfxcmjit64.dll
2017-03-09 01:16:06 ----A---- C:\Windows\SYSWOW64\igfx11cmrt32.dll
2017-03-09 01:16:06 ----A---- C:\Windows\SYSWOW64\igdde32.dll
2017-03-09 01:16:06 ----A---- C:\Windows\SYSWOW64\ig4icd32.dll
2017-03-09 01:16:06 ----A---- C:\Windows\system32\igfx11cmrt64.dll
2017-03-09 01:16:06 ----A---- C:\Windows\system32\igdde64.dll
2017-03-09 01:16:06 ----A---- C:\Windows\system32\ig4icd64.dll
2017-03-09 01:16:06 ----A---- C:\Windows\system32\GfxUI.exe
2017-03-09 01:16:04 ----A---- C:\Windows\system32\gfxSrvc.dll
2017-03-09 01:16:04 ----A---- C:\Windows\system32\difx64.exe
2017-03-06 22:23:55 ----D---- C:\Users\Marcelka a Pavlíček\AppData\Roaming\Foxit Software
2017-03-06 22:23:46 ----D---- C:\ProgramData\Foxit Software
2017-03-06 22:23:44 ----D---- C:\Users\Marcelka a Pavlíček\AppData\Roaming\Foxit AgentInformation
2017-03-06 22:23:44 ----D---- C:\ProgramData\Foxit ContentPlatform
2017-03-06 22:17:29 ----D---- C:\Users\Marcelka a Pavlíček\AppData\Roaming\IrfanView
2017-03-06 22:17:29 ----AD---- C:\Program Files (x86)\IrfanView
2017-03-06 21:49:56 ----D---- C:\Users\Marcelka a Pavlíček\AppData\Roaming\Digiarty
2017-03-06 21:49:47 ----D---- C:\Program Files (x86)\Digiarty
2017-03-06 21:39:16 ----D---- C:\Users\Marcelka a Pavlíček\AppData\Roaming\Ashampoo
2017-03-06 21:38:23 ----D---- C:\ProgramData\Ashampoo
2017-03-06 20:57:16 ----D---- C:\ProgramData\Paragon
2017-03-06 20:57:12 ----D---- C:\ProgramData\advlauncher
2017-03-06 20:52:07 ----D---- C:\ProgramData\Paragon Software
2017-03-06 20:47:13 ----D---- C:\Program Files\Paragon Software
2017-03-01 21:31:15 ----D---- C:\ProgramData\Tracker Software
2017-03-01 21:29:09 ----D---- C:\Users\Marcelka a Pavlíček\AppData\Roaming\Tracker Software
2017-03-01 21:28:44 ----D---- C:\Program Files\Tracker Software
2017-02-22 12:32:35 ----D---- C:\Users\Marcelka a Pavlíček\AppData\Roaming\TeamViewer
2017-02-22 12:32:24 ----AD---- C:\Program Files (x86)\TeamViewer
2017-02-18 08:04:30 ----AD---- C:\Program Files\Defraggler

======List of files/folders modified in the last 1 month======

2017-03-13 00:53:15 ----D---- C:\Program Files\trend micro
2017-03-13 00:53:08 ----D---- C:\Windows\Temp
2017-03-13 00:53:08 ----D---- C:\Windows\Prefetch
2017-03-13 00:01:00 ----D---- C:\Windows\system32\sru
2017-03-12 23:52:57 ----D---- C:\Windows\system32\SleepStudy
2017-03-12 22:36:07 ----SHD---- C:\Windows\Installer
2017-03-12 22:32:04 ----RD---- C:\Program Files (x86)
2017-03-12 22:31:04 ----D---- C:\Windows\system32\Tasks
2017-03-12 21:55:25 ----RD---- C:\Program Files
2017-03-12 11:56:03 ----RD---- C:\Windows\Microsoft.NET
2017-03-12 08:21:58 ----D---- C:\Windows\system32\NDF
2017-03-11 08:09:20 ----D---- C:\Windows\AppReadiness
2017-03-10 22:06:48 ----RD---- C:\Users
2017-03-10 21:59:01 ----SHD---- C:\System Volume Information
2017-03-10 07:44:25 ----HD---- C:\Program Files\WindowsApps
2017-03-10 07:38:41 ----D---- C:\Windows\SysWOW64
2017-03-10 07:38:41 ----D---- C:\Windows\system32\drivers
2017-03-10 07:38:41 ----D---- C:\Windows\System32
2017-03-10 07:38:33 ----D---- C:\Windows
2017-03-09 21:08:25 ----D---- C:\Windows\system32\catroot2
2017-03-09 10:50:53 ----D---- C:\Windows\INF
2017-03-09 10:50:50 ----D---- C:\Windows\system32\DriverStore
2017-03-09 08:38:14 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-09 08:38:14 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2017-03-09 01:17:08 ----A---- C:\Windows\SYSWOW64\igd10umd32.dll
2017-03-09 01:17:08 ----A---- C:\Windows\system32\igdumd64.dll
2017-03-09 01:17:08 ----A---- C:\Windows\system32\igd10umd64.dll
2017-03-09 01:16:10 ----A---- C:\Windows\system32\igfxtray.exe
2017-03-09 01:16:10 ----A---- C:\Windows\system32\igfxsrvc.dll
2017-03-09 01:16:10 ----A---- C:\Windows\system32\igfxress.dll
2017-03-09 01:16:08 ----A---- C:\Windows\system32\igfxpers.exe
2017-03-09 01:16:04 ----A---- C:\Windows\system32\IccLibDll_x64.dll
2017-03-09 01:16:04 ----A---- C:\Windows\system32\hkcmd.exe
2017-03-09 01:16:04 ----A---- C:\Windows\system32\hccutils.dll
2017-03-07 09:02:20 ----D---- C:\Windows\SoftwareDistribution
2017-03-06 23:58:10 ----D---- C:\Program Files (x86)\Steam
2017-03-06 22:23:46 ----HD---- C:\ProgramData
2017-03-06 20:56:29 ----D---- C:\Windows\system32\drivers\UMDF
2017-03-06 20:56:22 ----RSD---- C:\Windows\Fonts
2017-03-06 20:47:35 ----D---- C:\Windows\Logs
2017-03-03 11:32:17 ----D---- C:\Windows\system32\config
2017-03-01 21:59:33 ----D---- C:\ProgramData\Package Cache
2017-02-24 18:52:49 ----D---- C:\Windows\debug
2017-02-23 17:40:42 ----D---- C:\Windows\WinSxS
2017-02-23 08:54:16 ----D---- C:\Windows\CbsTemp
2017-02-23 08:54:03 ----D---- C:\Windows\system32\MRT
2017-02-23 08:51:35 ----AC---- C:\Windows\system32\MRT.exe
2017-02-16 21:49:58 ----D---- C:\Windows\system32\Macromed
2017-02-16 21:49:56 ----D---- C:\Windows\SYSWOW64\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;@oem9.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\Windows\System32\drivers\amdkmpfd.sys [2015-12-16 82664]
R0 avusbflt;avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [2017-03-02 48584]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\Windows\system32\drivers\iorate.sys [2016-11-02 48992]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2017-03-02 163976]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2017-03-02 44488]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2014-12-20 40344]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\Windows\system32\drivers\filecrypt.sys [2016-07-16 88576]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\Windows\System32\drivers\gpuenergydrv.sys [2016-07-16 8192]
R1 Uim_DEVIM;@oem18.inf,%UIMDeviceDesc%;UIM Direct Device Image Plugin; C:\Windows\System32\drivers\uim_devim.sys [2016-10-06 26800]
R1 Uim_IM;@oem17.inf,%UIMDeviceDesc%;UIM Drive Backup Image Plugin; C:\Windows\System32\drivers\uim_im.sys [2016-10-06 484528]
R1 UimBus;@oem16.inf,%UIMDeviceDesc%;Universal Image Mounter Controller; C:\Windows\System32\drivers\UimBus.sys [2016-10-06 92848]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2016-11-22 310728]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2017-03-02 161824]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2017-03-02 88488]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\Windows\System32\drivers\registry.sys [2016-07-16 70144]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2016-11-22 42696]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\Windows\system32\drivers\mmcss.sys [2016-07-16 48128]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\Windows\system32\drivers\storqosflt.sys [2016-07-16 78336]
R3 ACPIVPC;@oem6.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\Windows\System32\drivers\AcpiVpc.sys [2015-06-04 42328]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-12-16 21648880]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-12-16 674288]
R3 BCM43XX;@netbc64.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 – ovladač síťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl63a.sys [2016-07-16 7585280]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2017-03-09 5382856]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\System32\drivers\L1C63x64.sys [2016-07-16 121344]
R3 MEIx64;@oem4.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\TeeDriverW8x64.sys [2016-02-10 194624]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2016-01-07 42664]
R3 SynTP;@oem2.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2016-01-07 629424]
S0 LSI_SAS2i;LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [2016-07-16 105824]
S0 LSI_SAS3i;LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [2016-07-16 101216]
S0 megasas2i;megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 percsas2i;percsas2i; C:\Windows\System32\drivers\percsas2i.sys [2016-07-16 58720]
S0 percsas3i;percsas3i; C:\Windows\System32\drivers\percsas3i.sys [2016-07-16 61792]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\Windows\System32\drivers\scmbus.sys [2016-07-16 88416]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\Windows\System32\drivers\storufs.sys [2016-07-16 32096]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\Windows\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\Windows\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\Windows\System32\drivers\bcmfn.sys [2016-07-16 9728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\Windows\System32\drivers\buttonconverter.sys [2016-07-16 38912]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\Windows\System32\drivers\capimg.sys [2016-09-10 118272]
S3 dtlitescsibus;@oem11.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\System32\drivers\dtlitescsibus.sys [2016-11-22 30264]
S3 dtliteusbbus;@oem12.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus; C:\Windows\System32\drivers\dtliteusbbus.sys [2016-11-22 47672]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\Windows\System32\drivers\genericusbfn.sys [2016-07-16 20480]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\Windows\System32\drivers\hidinterrupt.sys [2016-07-16 50016]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\Windows\system32\drivers\hvservice.sys [2016-08-06 73568]
S3 cht4iscsi;cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\Windows\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\Windows\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\Windows\System32\drivers\iai2c.sys [2016-07-16 81408]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2016-07-16 176384]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\Windows\System32\drivers\ibbus.sys [2016-07-16 526176]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\Windows\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\Windows\system32\drivers\irda.sys [2016-07-16 120320]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\Windows\System32\drivers\mlx4_bus.sys [2016-07-16 842584]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\Windows\System32\drivers\ndfltr.sys [2016-07-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\Windows\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 ReFSv1;ReFSv1; C:\Windows\system32\drivers\ReFSv1.sys [2016-07-16 928608]
S3 RSUSBVSTOR;@oem14.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2012-06-15 315536]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\Windows\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 tap0901;@oem13.inf,%DeviceDescription%;TAP-Windows Adapter V9; C:\Windows\System32\drivers\tap0901.sys [2016-11-16 35784]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\Windows\System32\Drivers\UcmCx.sys [2016-07-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\Windows\System32\Drivers\UcmTcpciCx.sys [2016-07-16 108544]
S3 UcmUcsi;@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\Windows\System32\drivers\UcmUcsi.sys [2016-07-16 50688]
S3 UdeCx;USB Device Emulation Support Library; C:\Windows\system32\drivers\udecx.sys [2016-07-16 45568]
S3 Ufx01000;USB Function Class Extension; C:\Windows\system32\drivers\ufx01000.sys [2016-07-16 263008]
S3 UfxChipidea;@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller; C:\Windows\System32\drivers\UfxChipidea.sys [2016-07-16 96608]
S3 ufxsynopsys;@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller; C:\Windows\System32\drivers\ufxsynopsys.sys [2016-07-16 137056]
S3 UrsCx01000;USB Role-Switch Support Library; C:\Windows\system32\drivers\urscx01000.sys [2016-07-16 57696]
S3 UrsChipidea;@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver; C:\Windows\System32\drivers\urschipidea.sys [2016-07-16 28512]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-12-16 255472]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2017-03-02 487424]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\Antivirus\sched.exe [2017-03-02 487424]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2016-12-29 372272]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\Windows\system32\svchost.exe [2016-07-16 44496]
R2 OneSyncSvc_45d18;Hostitel synchronizace_45d18; C:\Windows\system32\svchost.exe [2016-07-16 44496]
R2 SynTPEnhService;SynTPEnh Caller Service; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-01-07 246448]
R2 TeamViewer;TeamViewer 12; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-12-15 10351856]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\Windows\system32\svchost.exe [2016-07-16 44496]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\Windows\System32\svchost.exe [2016-07-16 44496]
R3 PimIndexMaintenanceSvc_45d18;Data kontaktů_45d18; C:\Windows\system32\svchost.exe [2016-07-16 44496]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\Windows\system32\svchost.exe [2016-07-16 44496]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; C:\Windows\system32\svchost.exe [2016-07-16 44496]
R3 UnistoreSvc_45d18;Úložiště uživatelských dat_45d18; C:\Windows\System32\svchost.exe [2016-07-16 44496]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2017-03-02 1115552]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2017-03-02 1519144]
S2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S2 CDPUserSvc_45d18;CDPUserSvc_45d18; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-12 153752]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\Windows\System32\svchost.exe [2016-07-16 44496]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-16 270936]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2016-07-16 44496]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\Windows\System32\svchost.exe [2016-07-16 44496]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2017-03-09 300128]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\Windows\System32\svchost.exe [2016-07-16 44496]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\Windows\System32\svchost.exe [2016-07-16 44496]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\Windows\System32\svchost.exe [2016-07-16 44496]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\Windows\System32\svchost.exe [2016-07-16 44496]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-12 153752]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S3 MessagingService_45d18;Služba zasílání zpráv_45d18; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-03-08 172488]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\Windows\System32\svchost.exe [2016-07-16 44496]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\Windows\System32\svchost.exe [2016-07-16 44496]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\Windows\System32\svchost.exe [2016-07-16 44496]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\Windows\System32\SensorDataService.exe [2016-09-07 1312768]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2017-01-19 1464096]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\Windows\system32\TieringEngineService.exe [2016-07-16 287744]
S3 UnistoreSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-10003; C:\Windows\System32\svchost.exe [2016-07-16 44496]
S4 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-07-16 93184]
S4 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\Windows\system32\svchost.exe [2016-07-16 44496]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\Windows\System32\svchost.exe [2016-07-16 44496]
S4 tzautoupdate;@%SystemRoot%\system32\tzautoupdate.dll,-200; C:\Windows\system32\svchost.exe [2016-07-16 44496]

-----------------EOF-----------------

[Márty84]

Zdravim

Stahnete crystal disk info http://www.slunecnice.cz/sw/crystaldiskinfo/
Nainstalujte (pozor na pripadne doplnky, ty odmitnete zrusenim zatrzitka) a spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

[paolov]

----------------------------------------------------------------------------
CrystalDiskInfo 7.0.5 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 10 [10.0 Build 14393] (x64)
Date : 2017/03/13 15:53:40

-- Controller Map ----------------------------------------------------------
+ Standardní řadič SATA AHCI [ATA]
- WDC WD7500BPVT-24HXZT3
- Slimtype DVD A DS8A5SH
- Řadič prostorů úložišť [SCSI]
+ Virtual CloneDrive [SCSI]
- ELBY CLONEDRIVE SCSI CdRom Device

-- Disk List ---------------------------------------------------------------
(1) WDC WD7500BPVT-24HXZT3 : 750,1 GB [0/0/0, pd1] - wd
(2) FUJITSU MJA2320BH G2 : 320,0 GB [1/0/0, sa1]

----------------------------------------------------------------------------
(1) WDC WD7500BPVT-24HXZT3
----------------------------------------------------------------------------
Model : WDC WD7500BPVT-24HXZT3
Firmware : 03.01A03
Serial Number : WD-WX51A91P9816
Disk Size : 750,1 GB (8,4/137,4/750,1/750,1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 1465149168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300 | SATA/300
Power On Hours : 11922 hod.
Power On Count : 9697 krát
Temperature : 46 C (114 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : ----
Drive Letter : C: D:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 187 174 _21 000000000659 Čas na roztočení ploten
04 _72 _72 __0 000000006F15 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 __0 000000000000 Počet chybných hledání
09 _84 _84 __0 000000002E92 Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C _91 _91 __0 0000000025E1 Počet cyklů zapnutí zařízení
C0 200 200 __0 000000000074 Počet vypnutí disku
C1 _85 _85 __0 000000054BE3 Počet cyklů načítání/vymazání
C2 101 _83 __0 00000000002E Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 100 253 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 200 200 __0 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5758 3531 4139 3150 3938 3136
020: 0000 4000 0032 3033 2E30 3141 3033 5744 4320 5744
030: 3735 3030 4250 5654 2D32 3448 585A 5433 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 0010 003F FC10 00FB 0100
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1F06 0004 004C 0040
080: 01FE 0000 746B 7D09 6123 7469 BC09 6123 407F 0051
090: 0051 0080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 66F0 5754 0000 0000 0000 0000 6003 0000 5001 4EE2
110: B10E E3B3 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 16FE 012D 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 7035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 C1A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 00 00 00 00 00 00 00 03 27
010: 00 BB AE 59 06 00 00 00 00 00 04 32 00 48 48 15
020: 6F 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2E 00 C8 C8 00 00 00 00 00 00 00 09 32
040: 00 54 54 92 2E 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 5B 5B E1 25 00 00 00 00 00 C0 32
070: 00 C8 C8 74 00 00 00 00 00 00 C1 32 00 55 55 E3
080: 4B 05 00 00 00 00 C2 22 00 65 53 2E 00 00 00 00
090: 00 00 C4 32 00 C8 C8 00 00 00 00 00 00 00 C5 32
0A0: 00 C8 C8 00 00 00 00 00 00 00 C6 30 00 64 FD 00
0B0: 00 00 00 00 00 00 C7 32 00 C8 C8 00 00 00 00 00
0C0: 00 00 C8 08 00 C8 C8 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 58 3E 01 7B
170: 03 00 01 00 02 9D 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 04 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 25

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 C8 C8 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 00 C8 C8 C8 C8 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 C0 00
070: 00 00 00 00 00 00 00 00 00 00 C1 00 00 00 00 00
080: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
090: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
0A0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0B0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0C0: 00 00 C8 00 C8 C8 C8 C8 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5D

----------------------------------------------------------------------------
(2) FUJITSU MJA2320BH G2
----------------------------------------------------------------------------
Enclosure : Apacer Technology Inc. USB Device (V=1005, P=A102, sa1)
Model : FUJITSU MJA2320BH G2
Firmware : 00000018
Serial Number : K90AT982C8M0
Disk Size : 320,0 GB (8,4/137,4/320,0/320,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 625142448
Rotation Rate : Neznámy údaj
Interface : USB (Serial ATA)
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 3f
Transfer Mode : ---- | SATA/300
Power On Hours : 2000 hod.
Power On Count : 1993 krát
Temperature : 35 C (95 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 4080h [ON]
AAM Level : FEFEh [ON]
Drive Letter : H: I:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _46 000000021F2B Počet chyb čtení
02 100 100 _30 000002D10000 Průchodnost disku
03 100 100 _25 000000000001 Čas na roztočení ploten
04 _99 _99 __0 000000001094 Počet spuštění/zastavení
05 100 100 _24 083400000000 Počet přemapovaných sektorů
07 100 100 _47 000000000A0C Počet chybných hledání
08 100 100 _19 000000000000 Čas potřebný na vyhledání
09 _97 _97 __0 0000000007D0 Hodin v činnosti
0A 100 100 _20 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 __0 0000000007C9 Počet cyklů zapnutí zařízení
C0 _98 _98 __0 00000000028B Počet vypnutí disku
C1 100 100 __0 000000002957 Počet cyklů načítání/vymazání
C2 100 100 __0 002D000D0023 Teplota
C3 100 100 __0 000000001715 Počet oprav chybného čtení
C4 100 100 __0 00003D340000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 253 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 100 _60 000000000F75 Počet chyb při zápisu sektorů
CB _80 _40 __0 0150C6570BDD Počet chyb v kódech na opravu chyb
F0 200 200 __0 000000000000 Čas nastavování hlaviček - v hodinách

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 045A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 4B39 3041 5439 3832 4338 4D30
020: 0003 4000 0000 3030 3030 3030 3138 4655 4A49 5453
030: 5520 4D4A 4132 3332 3042 4820 4732 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0040
080: 01F8 0042 346B 7F09 6163 3069 BE09 6163 103F 00A0
090: 0000 4080 FFFE 0000 FEFE 0000 0000 0000 0000 0000
100: EAB0 2542 0000 0000 0000 0000 4000 0000 5000 00E0
110: 43E6 0514 0000 0000 0000 0000 0000 0000 0000 401D
120: 401C 0000 0000 0000 0000 0000 0000 0000 0001 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 4E8A 0000 0000 0000 4004 4000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003D 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0C00 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 94A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 0F 00 64 64 2B 1F 02 00 00 00 00 02 05
010: 00 64 64 00 00 D1 02 00 00 00 03 03 00 64 64 01
020: 00 00 00 00 00 00 04 32 00 63 63 94 10 00 00 00
030: 00 00 05 33 00 64 64 00 00 00 00 34 08 00 07 0F
040: 00 64 64 0C 0A 00 00 00 00 00 08 05 00 64 64 00
050: 00 00 00 00 00 00 09 32 00 61 61 D0 07 00 00 00
060: 00 00 0A 13 00 64 64 00 00 00 00 00 00 00 0C 32
070: 00 64 64 C9 07 00 00 00 00 00 C0 32 00 62 62 8B
080: 02 00 00 00 00 00 C1 32 00 64 64 57 29 00 00 00
090: 00 00 C2 22 00 64 64 23 00 0D 00 2D 00 00 C3 1A
0A0: 00 64 64 15 17 00 00 00 00 00 C4 32 00 64 64 00
0B0: 00 34 3D 00 00 00 C5 12 00 64 64 00 00 00 00 00
0C0: 00 00 C6 10 00 64 64 00 00 00 00 00 00 00 C7 3E
0D0: 00 C8 FD 00 00 00 00 00 00 00 C8 0F 00 64 64 75
0E0: 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CB 02
100: 00 50 28 DD 0B 57 C6 50 01 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F0 3E
130: 00 C8 C8 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 F1 03 00 7B
170: 03 00 01 00 02 8F 02 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 D8 05 00 00 1E 00 1E 00 4A 13 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 0F 09 00 00
1F0: 00 00 00 00 00 00 C1 39 8A 31 40 06 7D 00 1E F3

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2E 00 00 00 00 00 00 00 00 00 00 02 1E
010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 18 00 00 00 00 00 00 00 00 00 00 07 2F
040: 00 00 00 00 00 00 00 00 00 00 08 13 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 14 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
080: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
090: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C3 00
0A0: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00
0B0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
0C0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00
0D0: 00 00 00 00 00 00 00 00 00 00 C8 3C 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CB 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F0 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05

[paolov]

# AdwCleaner v6.044 - Logfile created 13/03/2017 at 16:01:56
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-12.1 [Local]
# Operating System : Windows 10 Home (X64)
# Username : Marcelka a Pavlíček - DESKTOP-PLDHHMP
# Running from : C:\Users\Marcelka a Pavlíček\Desktop\adwcleaner_6.044.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Marcelka a Pavlíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp


***** [ Files ] *****

[-] File deleted: C:\Users\Marcelka a Pavlíček\AppData\Roaming\Mozilla\Firefox\Profiles\1702ipeu.default\extensions\safesearchplus2@avira.com.xpi
[-] File deleted: C:\Users\Marcelka a Pavlíček\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipmkfpcnmccejididiaagpgchgjfajgp_0.localstorage
[-] File deleted: C:\Users\Marcelka a Pavlíček\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipmkfpcnmccejididiaagpgchgjfajgp_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp


***** [ Web browsers ] *****

[-] [C:\Users\Marcelka a Pavlíček\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ipmkfpcnmccejididiaagpgchgjfajgp


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1757 Bytes] - [13/03/2017 16:01:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [2174 Bytes] - [13/03/2017 15:55:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [2069 Bytes] - [13/03/2017 15:58:42]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1976 Bytes] ##########

[Márty84]

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[paolov]

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 13.03.17
Čas skenování: 20:15
Logovací soubor:
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1492
Licence: Zkušební

-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-PLDHHMP\Marcelka a Pavl\u00c3\u00ad\u00c4\u008dek

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 278255
Uplynulý čas: 2 hod, 30 min, 29 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 1
PUP.Optional.AshampooRegistryCleaner, C:\PROGRAMDATA\ASHAMPOO\ICO_ASHAMPOO_MARKETPLACE.ICO, Žádná uživatelská akce, [2970], [355157],1.0.1492

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[Márty84]

Nalez nechte odstranit, pak MBAM odinstalujte.

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach
(Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)

[paolov]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2017
Ran by Marcelka a Pavlíček (14-03-2017 16:27:06)
Running from C:\Users\Marcelka a Pavlíček\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-24 09:33:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1924853894-3384431554-226884380-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1924853894-3384431554-226884380-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1924853894-3384431554-226884380-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1924853894-3384431554-226884380-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1924853894-3384431554-226884380-1004 - Limited - Enabled)
Marcelka a Pavlíček (S-1-5-21-1924853894-3384431554-226884380-1001 - Administrator - Enabled) => C:\Users\Marcelka a Pavlíček

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Disabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.154 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Diablo II CZ verze 1.13c (HKLM-x32\...\{F380060E-D8AC-4823-91B8-71B9054C8DD2}_is1) (Version: 1.13c - )
Far Cry (Patch 1.4) (x32 Version: 1.00.0000 - Název společnosti:) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.98 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Malwarebytes verze 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1924853894-3384431554-226884380-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017201534278\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017202542142\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 cs)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.0.6270 - Mozilla)
OpenOffice 4.1.3 (HKLM-x32\...\{7308600A-5231-459C-A3E2-A637F842CACA}) (Version: 4.13.9783 - Apache Software Foundation)
Paragon Backup and Recovery™ 16 (HKLM\...\{DADAA9CF-36B6-11E6-B0B5-005056C00008}) (Version: 10.1.28.224 - Paragon Software)
Readon TV Movie Radio Player 7.6.0.0 (HKLM-x32\...\{80074966-5231-428D-9AE7-B7D5D2DC3246}) (Version: 7.6.0 - Readon Technology)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Skype Web Plugin (HKLM-x32\...\{E8A70371-2C4D-4B12-831D-6A4BB9AC7AEF}) (Version: 7.29.0.73 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
Zaklínač - Rozšířená edice (HKLM-x32\...\{86ACE727-A4F2-4B28-A37D-254D9CC03156}) (Version: 1.5 - CD Projekt Red)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1924853894-3384431554-226884380-1001_Classes\CLSID\{A03A51A2-5B59-4ECE-96D1-037F7F2A0D8F}\localserver32 -> C:\Users\Marcelka a Pavlíček\AppData\Local\SkypePlugin\7.29.0.73\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1924853894-3384431554-226884380-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Marcelka a Pavlíček\AppData\Local\SkypePlugin\7.29.0.73\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1924853894-3384431554-226884380-1001_Classes\CLSID\{FE0A3EA9-4DDA-4B0A-9981-5ABE8F0186CD}\InprocServer32 -> C:\Users\Marcelka a Pavlíček\AppData\Local\SkypePlugin\7.29.0.73\GatewayActiveX-x64.dll (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3F2124B4-13E7-46BB-935B-2DBB31F188B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-12] (Google Inc.)
Task: {A412C6B7-4338-4090-A972-B3B1DD1F1880} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {C4BC9F2F-AB04-4702-9828-20BE9DAC4144} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-12] (Google Inc.)
Task: {E3BE1CEA-D1F1-4F8F-BF8A-4AFD1D9D98BB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-16] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-15 07:48 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-15 07:48 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-09-24 11:25 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 20:14 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 20:14 - 2016-12-21 08:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-10 20:13 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 20:13 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 20:13 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 20:13 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 20:13 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-13 08:44 - 2017-03-13 08:44 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-13 08:44 - 2017-03-13 08:44 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-13 08:44 - 2017-03-13 08:44 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-13 08:44 - 2017-03-13 08:44 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2015-06-01 20:00 - 2017-03-09 01:16 - 00112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-03-14 08:56 - 2017-03-14 08:56 - 03879424 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-12-16 08:44 - 2016-12-16 08:45 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2017-02-28 11:30 - 2017-02-28 11:31 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-02-28 11:30 - 2017-02-28 11:31 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-02-28 11:30 - 2017-02-28 11:31 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2016-09-24 12:00 - 2016-09-24 12:00 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-02-28 11:30 - 2017-02-28 11:31 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-02-28 11:30 - 2017-02-28 11:31 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-07-16 23:33 - 2016-07-16 23:33 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-12-16 08:44 - 2016-12-16 08:45 - 12163072 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2016-12-16 08:43 - 2016-12-16 08:43 - 00958464 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2016-07-16 23:31 - 2016-07-16 23:31 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-09-24 10:57 - 2016-09-24 10:58 - 03312024 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1924853894-3384431554-226884380-1001\...\facebook.com -> hxxps://staticxx.facebook.com
IE trusted site: HKU\S-1-5-21-1924853894-3384431554-226884380-1001\...\facebook.net -> hxxps://connect.facebook.net
IE trusted site: HKU\S-1-5-21-1924853894-3384431554-226884380-1001\...\fbcdn.net -> hxxps://static.xx.fbcdn.net
IE trusted site: HKU\S-1-5-21-1924853894-3384431554-226884380-1001\...\google-analytics.com -> hxxps://www.google-analytics.com
IE trusted site: HKU\S-1-5-21-1924853894-3384431554-226884380-1001\...\paragon-software.com -> hxxps://bo4-fe.paragon-software.com
IE trusted site: HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017201534278\...\facebook.com -> hxxps://staticxx.facebook.com
IE trusted site: HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017201534278\...\facebook.net -> hxxps://connect.facebook.net
IE trusted site: HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017201534278\...\fbcdn.net -> hxxps://static.xx.fbcdn.net
IE trusted site: HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017201534278\...\google-analytics.com -> hxxps://www.google-analytics.com
IE trusted site: HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017201534278\...\paragon-software.com -> hxxps://bo4-fe.paragon-software.com
IE trusted site: HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017202542142\...\facebook.com -> hxxps://staticxx.facebook.com
IE trusted site: HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017202542142\...\facebook.net -> hxxps://connect.facebook.net
IE trusted site: HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017202542142\...\fbcdn.net -> hxxps://static.xx.fbcdn.net
IE trusted site: HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017202542142\...\google-analytics.com -> hxxps://www.google-analytics.com
IE trusted site: HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017202542142\...\paragon-software.com -> hxxps://bo4-fe.paragon-software.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-11-25 16:15 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017201534007\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017202541582\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017201534153\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017202541720\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1924853894-3384431554-226884380-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03132017201243190\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1924853894-3384431554-226884380-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcelka a Pavlíček\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{be1acd7b-b59a-4470-9fd4-23ba87b530bb}.JPG
HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017201534278\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcelka a Pavlíček\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{be1acd7b-b59a-4470-9fd4-23ba87b530bb}.JPG
HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017202542142\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcelka a Pavlíček\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{be1acd7b-b59a-4470-9fd4-23ba87b530bb}.JPG
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKU\S-1-5-21-1924853894-3384431554-226884380-1001\...\StartupApproved\Run: => "Uninstall 17.3.6743.1212\amd64"
HKU\S-1-5-21-1924853894-3384431554-226884380-1001\...\StartupApproved\Run: => "Uninstall 17.3.6743.1212"
HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017201534278\...\StartupApproved\Run: => "Uninstall 17.3.6743.1212\amd64"
HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017201534278\...\StartupApproved\Run: => "Uninstall 17.3.6743.1212"
HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017202542142\...\StartupApproved\Run: => "Uninstall 17.3.6743.1212\amd64"
HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017202542142\...\StartupApproved\Run: => "Uninstall 17.3.6743.1212"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{58137060-6234-4704-B3EF-0501E583F89E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0018DB54-2B24-4ED8-A4A5-B51BBAB221AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B758EF21-D666-404B-8E50-67854A426457}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6A1ED33F-1D25-4179-A080-C1F24E2EB3C7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E7EE16DC-9985-4DA5-A437-C0972509058A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{BF92A422-C1CA-48BC-A16B-FA733C1DA947}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FAB96442-EF0A-4184-A0E4-BADFC01FA68D}] => (Allow) C:\Program Files (x86)\Zaklínač - Rozšířená edice\launcher.exe
FirewallRules: [{DB1696C1-7CBC-4FCC-A9C7-E066EFCF7B74}] => (Allow) C:\Program Files (x86)\Zaklínač - Rozšířená edice\launcher.exe
FirewallRules: [{F1BC2D2A-C623-4AFD-A9DF-935731EB0EA5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9E432403-A437-4F5C-8A31-AF8ACC1B4162}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{38C81F35-CAEA-490D-B972-EFBDA4F62740}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{2E199837-5D76-4C36-937F-55A7885686B4}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{06FEDEDF-708F-40E0-A7FB-C01AE3E62A08}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C5D5E22A-CCC3-4534-8CE5-A93345F0C0BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{27C25A55-C427-466D-A433-EAB0D5A1951C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0C92D1CE-3525-407C-B46C-F5F7C10B3A1C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{2D6C81A2-1C50-4E83-A383-497C7942C76A}] => (Block) C:\Windows\explorer.exe
FirewallRules: [{42A3BE4F-F68A-4200-99F1-C7C12F80B0FD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

06-03-2017 20:46:43 Installed Paragon Backup and Recovery™ 16.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2017 11:01:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-PLDHHMP)
Description: Balíček Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe+App se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error: (03/13/2017 10:57:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (03/13/2017 10:56:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (03/13/2017 04:16:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-PLDHHMP)
Description: Aplikaci Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/13/2017 08:40:11 AM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: DESKTOP-PLDHHMP)
Description: U klienta Certifikační služby se nezdařilo vyvolat poskytovatele jako odpověď na událost 512. Kód chyby 2147942593.

Error: (03/13/2017 08:40:10 AM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1001) (User: DESKTOP-PLDHHMP)
Description: U klienta Certifikační služby se nezdařilo načíst poskytovatele pautoenr.dll. Kód chyby 193.

Error: (03/08/2017 09:18:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-PLDHHMP)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (03/07/2017 10:57:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-PLDHHMP)
Description: Balíček Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe+App se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error: (03/06/2017 11:35:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: backgroundTaskHost.exe, verze: 10.0.14393.0, časové razítko: 0x57899179
Název chybujícího modulu: MessagingNativeCore.dll, verze: 2.19.1607.1001, časové razítko: 0x5776e7d8
Kód výjimky: 0xc0000005
Posun chyby: 0x001043cf
ID chybujícího procesu: 0x1ac8
Čas spuštění chybující aplikace: 0x01d296c9e7182aa1
Cesta k chybující aplikaci: C:\Windows\syswow64\backgroundTaskHost.exe
Cesta k chybujícímu modulu: C:\Program Files\WindowsApps\Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
ID zprávy: b70df36b-21fb-4dcd-b3fe-e23606533786
Úplný název chybujícího balíčku: Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: x27e26f40ye031y48a6yb130yd1f20388991ax

Error: (03/06/2017 10:58:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.


System errors:
=============
Error: (03/13/2017 11:01:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/13/2017 04:22:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/13/2017 04:19:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_42c6d byla ukončena s následující chybou:
Nespecifikovaná chyba

Error: (03/13/2017 04:16:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-PLDHHMP)
Description: Server App.AppX85gcbw533amccd2rr8qswxymhfj649t2.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/13/2017 04:16:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/13/2017 04:02:13 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.

Error: (03/13/2017 04:01:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (03/13/2017 04:01:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SynTPEnh Caller Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/13/2017 04:01:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (03/13/2017 04:01:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility byla neočekávaně ukončena. Tento stav nastal již 1krát.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 72%
Total physical RAM: 4039.86 MB
Available physical RAM: 1106.31 MB
Total Virtual: 6277.73 MB
Available Virtual: 1639.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:654.69 GB) (Free:568.72 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:16.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5818102B)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=654.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End of Addition.txt ============================

[paolov]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2017
Ran by Marcelka a Pavlíček (administrator) on DESKTOP-PLDHHMP (14-03-2017 16:25:32)
Running from C:\Users\Marcelka a Pavlíček\Desktop
Loaded Profiles: Marcelka a Pavlíček & (Available Profiles: defaultuser0 & Marcelka a Pavlíček)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3951280 2016-01-07] (Synaptics Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60120 2016-11-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1924853894-3384431554-226884380-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017201534278\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017202542142\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{814726b5-596d-4d4d-863e-d6a7e609a60e}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 1702ipeu.default
FF ProfilePath: C:\Users\Marcelka a Pavlíček\AppData\Roaming\Mozilla\Firefox\Profiles\1702ipeu.default [2017-03-14]
FF Homepage: Mozilla\Firefox\Profiles\1702ipeu.default -> www.seznam.cz
FF Extension: (Avira Browser Safety) - C:\Users\Marcelka a Pavlíček\AppData\Roaming\Mozilla\Firefox\Profiles\1702ipeu.default\Extensions\abs@avira.com.xpi [2017-02-10]
FF Extension: (uBlock Origin) - C:\Users\Marcelka a Pavlíček\AppData\Roaming\Mozilla\Firefox\Profiles\1702ipeu.default\Extensions\uBlock0@raymondhill.net.xpi [2017-03-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-1924853894-3384431554-226884380-1001: SkypePlugin -> C:\Users\Marcelka a Pavlíček\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi.dll [2016-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1924853894-3384431554-226884380-1001: SkypePlugin64 -> C:\Users\Marcelka a Pavlíček\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi-x64.dll [2016-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017201534278: SkypePlugin -> C:\Users\Marcelka a Pavlíček\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi.dll [2016-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017201534278: SkypePlugin64 -> C:\Users\Marcelka a Pavlíček\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi-x64.dll [2016-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017202542142: SkypePlugin -> C:\Users\Marcelka a Pavlíček\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi.dll [2016-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1924853894-3384431554-226884380-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132017202542142: SkypePlugin64 -> C:\Users\Marcelka a Pavlíček\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi-x64.dll [2016-12-08] (Skype Technologies S.A.)

Chrome:
=======
CHR NewTab: Default -> Not-active:"ipmkfpcnmccejididiaagpgchgjfajgp/html/newtab.html"
CHR Profile: C:\Users\Marcelka a Pavlíček\AppData\Local\Google\Chrome\User Data\Default [2017-03-12]
CHR Extension: (Prezentace Google) - C:\Users\Marcelka a Pavlíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-12]
CHR Extension: (Dokumenty Google) - C:\Users\Marcelka a Pavlíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-12]
CHR Extension: (Disk Google) - C:\Users\Marcelka a Pavlíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-12]
CHR Extension: (YouTube) - C:\Users\Marcelka a Pavlíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-12]
CHR Extension: (Tabulky Google) - C:\Users\Marcelka a Pavlíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-12]
CHR Extension: (Avira Browser Safety) - C:\Users\Marcelka a Pavlíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-03-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Marcelka a Pavlíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marcelka a Pavlíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\Marcelka a Pavlíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-12]
CHR Extension: (Chrome Media Router) - C:\Users\Marcelka a Pavlíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487424 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487424 2017-03-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519144 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246448 2016-01-07] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [82664 2015-12-16] (Advanced Micro Devices, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2016-11-22] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [161824 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [163976 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [48584 2017-03-02] (Avira Operations GmbH & Co. KG)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2016-07-16] (Broadcom Corporation)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-11-22] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-11-22] (Disc Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2016-11-22] ()
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-13] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42664 2016-01-07] (Synaptics Incorporated)
R1 UimBus; C:\Windows\System32\drivers\UimBus.sys [92848 2016-10-06] ()
R1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [26800 2016-10-06] ()
R1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [484528 2016-10-06] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-14 16:25 - 2017-03-14 16:26 - 00014638 _____ C:\Users\Marcelka a Pavlíček\Desktop\FRST.txt
2017-03-14 16:25 - 2017-03-14 16:25 - 00000000 ____D C:\FRST
2017-03-14 16:24 - 2017-03-14 16:24 - 02424832 _____ (Farbar) C:\Users\Marcelka a Pavlíček\Desktop\FRST64.exe
2017-03-14 16:22 - 2017-03-14 16:22 - 00112640 _____ (forum.viry.cz) C:\Users\Marcelka a Pavlíček\Downloads\FRSTLauncher.exe
2017-03-14 16:22 - 2017-03-14 16:22 - 00015327 _____ C:\Users\Marcelka a Pavlíček\Desktop\LM.bat
2017-03-14 16:21 - 2017-03-14 16:21 - 01766912 _____ (Farbar) C:\Users\Marcelka a Pavlíček\Desktop\FRST.exe
2017-03-13 20:13 - 2017-03-13 20:13 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-13 20:12 - 2017-03-14 11:05 - 00092088 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-13 20:12 - 2017-03-13 20:12 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-13 20:12 - 2017-03-13 20:12 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-13 20:12 - 2017-03-13 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-13 20:12 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-13 15:54 - 2017-03-13 16:01 - 00000000 ____D C:\AdwCleaner
2017-03-13 15:50 - 2017-03-13 15:54 - 04031440 _____ C:\Users\Marcelka a Pavlíček\Desktop\adwcleaner_6.044.exe
2017-03-13 15:50 - 2017-03-13 15:52 - 03961080 _____ (Crystal Dew World ) C:\Users\Marcelka a Pavlíček\Downloads\CrystalDiskInfo7_0_5.exe
2017-03-12 22:32 - 2017-03-12 22:32 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-12 22:31 - 2017-03-12 22:40 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Local\Google
2017-03-12 22:31 - 2017-03-12 22:31 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-12 22:31 - 2017-03-12 22:31 - 00003346 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-12 22:31 - 2017-03-12 22:31 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-12 21:57 - 2017-03-12 22:30 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Local\Opera Software
2017-03-12 21:56 - 2017-03-12 22:30 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Roaming\Opera Software
2017-03-12 21:55 - 2017-03-12 22:30 - 00000000 ____D C:\Program Files\Opera
2017-03-11 21:42 - 2017-03-11 21:42 - 00094208 ___SH C:\Users\Marcelka a Pavlíček\Documents\Thumbs.db
2017-03-11 13:11 - 2015-05-24 13:59 - 90263756 _____ C:\Users\Marcelka a Pavlíček\Documents\MVI_1299.MOV
2017-03-10 22:06 - 2017-03-12 21:00 - 00000000 ____D C:\Program Files (x86)\Kingo ROOT
2017-03-10 22:06 - 2017-03-10 23:16 - 00000188 _____ C:\Users\Marcelka a Pavlíček\AppData\Local\uts.ini
2017-03-10 22:06 - 2017-03-10 22:06 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Local\uts
2017-03-10 22:06 - 2017-03-10 22:06 - 00000000 ____D C:\Users\Marcelka a Pavlíček\.android
2017-03-10 22:06 - 2017-03-10 22:06 - 00000000 ____D C:\Users\Marcelka a Pavl��ek\AppData\Local\Kingosoft
2017-03-10 22:06 - 2017-03-10 22:06 - 00000000 ____D C:\Users\Marcelka a Pavl��ek
2017-03-09 10:50 - 2017-03-09 10:51 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-03-09 01:17 - 2017-03-09 01:17 - 11330576 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2017-03-09 01:17 - 2017-03-09 01:17 - 01086408 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2017-03-09 01:17 - 2017-03-09 01:17 - 00975184 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2017-03-09 01:17 - 2017-03-09 01:17 - 00558728 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2017-03-09 01:17 - 2017-03-09 01:17 - 00553424 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2017-03-09 01:17 - 2017-03-09 01:17 - 00242800 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2017-03-09 01:17 - 2017-03-09 01:17 - 00206000 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2017-03-09 01:17 - 2017-03-09 01:17 - 00051184 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 13046920 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 10829448 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 05925984 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2017-03-09 01:16 - 2017-03-09 01:16 - 03529352 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 03139208 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00593544 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00560776 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00536664 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2017-03-09 01:16 - 2017-03-09 01:16 - 00460936 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00458376 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00457864 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00457864 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00457352 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00457344 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456840 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456840 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456840 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456840 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456840 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456840 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456840 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456328 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00456328 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00455816 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00455816 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00455816 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00455816 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00455816 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00455304 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00455304 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00453768 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00453768 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00450184 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00449160 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00447112 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00446600 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00428680 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00402568 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00348808 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00304264 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2017-03-09 01:16 - 2017-03-09 01:16 - 00300128 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2017-03-09 01:16 - 2017-03-09 01:16 - 00276064 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2017-03-09 01:16 - 2017-03-09 01:16 - 00206944 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2017-03-09 01:16 - 2017-03-09 01:16 - 00193160 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00160392 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00145032 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2017-03-09 01:16 - 2017-03-09 01:16 - 00134280 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4459.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00119432 _____ C:\Windows\system32\igdde64.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00099464 _____ C:\Windows\SysWOW64\igdde32.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00043144 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2017-03-09 01:16 - 2017-03-09 01:16 - 00027784 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2017-03-08 16:02 - 2017-03-08 16:04 - 00000000 ____D C:\Users\Marcelka a Pavlíček\Downloads\Cradle-Of-Filth---Discography-16CD[1994-2015]-320kbps
2017-03-06 23:35 - 2017-03-06 23:35 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Local\CrashDumps
2017-03-06 22:23 - 2017-03-06 22:26 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Roaming\Foxit Software
2017-03-06 22:23 - 2017-03-06 22:26 - 00000000 ____D C:\ProgramData\Foxit Software
2017-03-06 22:23 - 2017-03-06 22:23 - 00000000 ____D C:\Users\Public\Foxit Software
2017-03-06 22:23 - 2017-03-06 22:23 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Roaming\Foxit AgentInformation
2017-03-06 22:23 - 2017-03-06 22:23 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform
2017-03-06 22:17 - 2017-03-06 22:17 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Roaming\IrfanView
2017-03-06 22:17 - 2017-03-06 22:17 - 00000000 ____D C:\Program Files (x86)\IrfanView
2017-03-06 21:49 - 2017-03-06 21:53 - 00000000 ____D C:\Program Files (x86)\Digiarty
2017-03-06 21:49 - 2017-03-06 21:49 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Roaming\Digiarty
2017-03-06 21:39 - 2017-03-06 21:39 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Roaming\Ashampoo
2017-03-06 21:39 - 2017-03-06 21:39 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Local\ashampoo
2017-03-06 21:38 - 2017-03-06 21:39 - 00000000 ____D C:\ProgramData\Ashampoo
2017-03-06 20:57 - 2017-03-06 21:01 - 00000000 ____D C:\ProgramData\advlauncher
2017-03-06 20:57 - 2017-03-06 20:57 - 00000000 ____D C:\Users\Public\Documents\My Wipe Reports
2017-03-06 20:57 - 2017-03-06 20:57 - 00000000 ____D C:\ProgramData\Paragon
2017-03-06 20:56 - 2017-03-06 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 16
2017-03-06 20:52 - 2017-03-06 20:52 - 00000000 ____D C:\ProgramData\Paragon Software
2017-03-06 20:47 - 2017-03-06 20:47 - 00000000 ____D C:\Program Files\Paragon Software
2017-03-06 20:46 - 2017-03-06 20:56 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Local\Downloaded Installations
2017-03-04 22:31 - 2017-03-04 22:31 - 00432926 _____ C:\Users\Marcelka a Pavlíček\Downloads\HLÁŠENÍ O TRVALÉM STANOVIŠTI VČELSTEV 2018.pdf
2017-03-04 22:31 - 2017-03-04 22:31 - 00018657 _____ C:\Users\Marcelka a Pavlíček\Downloads\HLÁŠENÍ O TRVALÉM STANOVIŠTI VČELSTEV 2018.odg
2017-03-04 21:58 - 2017-03-06 23:33 - 00001926 _____ C:\Users\Marcelka a Pavlíček\Documents\cc_20170304_215801.reg
2017-03-01 22:14 - 2017-03-12 22:34 - 00001198 _____ C:\Users\Marcelka a Pavlíček\Documents\cc_20170301_221403.reg
2017-03-01 21:31 - 2017-03-01 21:31 - 00000000 ____D C:\ProgramData\Tracker Software
2017-03-01 21:30 - 2017-03-04 22:35 - 00060416 ___SH C:\Users\Marcelka a Pavlíček\Downloads\Thumbs.db
2017-03-01 21:29 - 2017-03-01 21:29 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Roaming\Tracker Software
2017-03-01 21:28 - 2017-03-01 21:59 - 00000000 ____D C:\Program Files\Tracker Software
2017-03-01 21:03 - 2017-03-01 21:33 - 00098741 _____ C:\Users\Marcelka a Pavlíček\Downloads\HLÁŠENÍ O TRVALÉM STANOVIŠTI VČELSTEV 2017.pdf
2017-02-22 16:48 - 2017-02-22 16:55 - 00000000 ____D C:\Users\Marcelka a Pavlíček\Downloads\freerapiddownload
2017-02-22 13:59 - 2017-02-22 13:59 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Local\TeamViewer
2017-02-22 12:32 - 2017-03-10 22:26 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Roaming\TeamViewer
2017-02-22 12:32 - 2017-02-24 18:53 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-22 12:32 - 2017-02-22 12:32 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-18 08:04 - 2017-02-18 08:04 - 00000000 ____D C:\Program Files\Defraggler

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-14 16:22 - 2016-11-24 22:37 - 00029696 _____ C:\Users\Marcelka a Pavlíček\AppData\Local\MSGBOX.EXE
2017-03-14 16:19 - 2016-09-24 10:23 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-03-14 08:57 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-14 08:57 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\AppReadiness
2017-03-13 22:56 - 2016-11-29 21:48 - 00000000 ____D C:\Users\Marcelka a Pavlíček\Desktop\vjeci
2017-03-13 21:09 - 2017-01-13 23:55 - 00024374 _____ C:\Users\Marcelka a Pavlíček\Documents\cc_20170113_235527.reg
2017-03-13 20:23 - 2017-02-08 09:18 - 00000000 ____D C:\Users\Marcelka a Pavlíček\Downloads\hry
2017-03-13 16:21 - 2016-11-18 23:05 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\LocalLow\Mozilla
2017-03-13 16:19 - 2016-09-24 10:42 - 00000000 ____D C:\Users\Marcelka a Pavlíček
2017-03-13 16:18 - 2016-09-24 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-13 16:16 - 2016-07-16 07:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-03-13 15:51 - 2016-09-24 20:39 - 00004727 _____ C:\Users\Marcelka a Pavlíček\Desktop\Nový textový dokument.txt
2017-03-13 00:53 - 2017-02-06 21:00 - 00000000 ____D C:\Program Files\trend micro
2017-03-12 22:33 - 2017-02-06 21:06 - 00003292 _____ C:\Users\Marcelka a Pavlíček\Documents\cc_20170206_210635.reg
2017-03-12 08:21 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\NDF
2017-03-11 21:49 - 2017-01-26 08:38 - 00055296 ___SH C:\Users\Marcelka a Pavlíček\Desktop\Thumbs.db
2017-03-09 10:50 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\INF
2017-03-09 08:38 - 2016-11-18 08:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-09 08:38 - 2016-09-24 11:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-09 01:17 - 2015-06-01 20:01 - 13182528 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2017-03-09 01:17 - 2015-06-01 20:01 - 12935296 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2017-03-09 01:17 - 2015-06-01 20:01 - 11460448 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2017-03-09 01:16 - 2015-06-01 20:00 - 09025672 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2017-03-09 01:16 - 2015-06-01 20:00 - 05382856 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2017-03-09 01:16 - 2015-06-01 20:00 - 00463960 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2017-03-09 01:16 - 2015-06-01 20:00 - 00456328 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2017-03-09 01:16 - 2015-06-01 20:00 - 00420960 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2017-03-09 01:16 - 2015-06-01 20:00 - 00193112 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2017-03-09 01:16 - 2015-06-01 20:00 - 00128648 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2017-03-09 01:16 - 2015-06-01 20:00 - 00112264 _____ C:\Windows\system32\IccLibDll_x64.dll
2017-03-09 01:16 - 2015-06-01 20:00 - 00082056 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2017-03-06 23:58 - 2016-10-09 22:20 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-06 23:47 - 2016-10-09 22:23 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Local\Steam
2017-03-06 23:37 - 2016-09-24 10:42 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Local\Packages
2017-03-06 22:03 - 2016-09-24 10:23 - 00233136 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-06 20:51 - 2017-01-15 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2017-03-04 21:08 - 2017-01-22 10:37 - 00003318 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-04 21:08 - 2016-09-24 10:46 - 00002474 _____ C:\Users\Marcelka a Pavlíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-04 21:08 - 2016-09-24 10:46 - 00000000 ___RD C:\Users\Marcelka a Pavlíček\OneDrive
2017-03-02 18:09 - 2016-12-09 21:57 - 00163976 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-03-02 18:09 - 2016-12-09 21:57 - 00161824 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-03-02 18:09 - 2016-12-09 21:57 - 00088488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-03-02 18:09 - 2016-12-09 21:57 - 00048584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-03-02 18:09 - 2016-12-09 21:57 - 00044488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-03-02 18:09 - 2016-12-09 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-01 21:59 - 2016-09-24 10:56 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-26 08:27 - 2017-01-21 14:42 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Local\ElevatedDiagnostics
2017-02-24 18:51 - 2016-11-22 21:33 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-23 08:54 - 2016-09-24 11:29 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 08:54 - 2016-07-16 12:36 - 00000000 ____D C:\Windows\CbsTemp
2017-02-23 08:51 - 2016-09-24 11:29 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 16:53 - 2016-11-19 22:21 - 00001224 _____ C:\Users\Marcelka a Pavlíček\AppData\Local\FSDownloader.nast
2017-02-17 09:18 - 2016-09-25 21:47 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-16 21:50 - 2016-09-25 21:46 - 00000000 ____D C:\Users\Marcelka a Pavlíček\AppData\Local\Adobe
2017-02-16 21:49 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-16 21:49 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-13 13:50 - 2016-11-14 19:56 - 00000000 ____D C:\Users\Marcelka a Pavlíček\Desktop\směny 2017

==================== Files in the root of some directories =======

2017-01-19 22:28 - 2017-01-19 22:28 - 0000031 _____ () C:\Users\Marcelka a Pavlíček\AppData\Local\FSDownloader.err
2016-11-19 22:21 - 2017-02-22 16:53 - 0001224 _____ () C:\Users\Marcelka a Pavlíček\AppData\Local\FSDownloader.nast
2016-11-24 22:37 - 2017-03-14 16:22 - 0029696 _____ () C:\Users\Marcelka a Pavlíček\AppData\Local\MSGBOX.EXE
2017-01-15 00:58 - 2017-01-15 00:58 - 0000218 _____ () C:\Users\Marcelka a Pavlíček\AppData\Local\recently-used.xbel
2016-10-22 21:25 - 2016-10-22 21:25 - 0007607 _____ () C:\Users\Marcelka a Pavlíček\AppData\Local\Resmon.ResmonCfg
2017-03-10 22:06 - 2017-03-10 23:16 - 0000188 _____ () C:\Users\Marcelka a Pavlíček\AppData\Local\uts.ini

Some files in TEMP:
====================
2017-03-06 22:26 - 2016-10-13 19:19 - 5571272 _____ (Foxit Corporation) C:\Users\Marcelka a Pavlíček\AppData\Local\Temp\FoxitUpdater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-26 08:26

==================== End of FRST.txt ============================

[Márty84]

Napiste mi velikost adresare plochy (C:\Users\Marcelka a Pavlíček\Plocha)



Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)

Task: {3F2124B4-13E7-46BB-935B-2DBB31F188B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-12] (Google Inc.)
Task: {A412C6B7-4338-4090-A972-B3B1DD1F1880} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {C4BC9F2F-AB04-4702-9828-20BE9DAC4144} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-12] (Google Inc.)

S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-12 153752]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-12 153752]

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

[paolov]

Kód: Vybrat vše

 Napiste mi velikost adresare plochy (C:\Users\Marcelka a Pavlíček\Plocha)

30,3 MB - velikost plocha

[paolov]

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Marcelka a Pavlíček (15-03-2017 22:29:17) Run:1
Running from C:\Users\Marcelka a Pavlíček\Desktop
Loaded Profiles: Marcelka a Pavlíček & (Available Profiles: defaultuser0 & Marcelka a Pavlíček)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)

Task: {3F2124B4-13E7-46BB-935B-2DBB31F188B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-12] (Google Inc.)
Task: {A412C6B7-4338-4090-A972-B3B1DD1F1880} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {C4BC9F2F-AB04-4702-9828-20BE9DAC4144} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-12] (Google Inc.)

S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-12 153752]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-12 153752]

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes TrayApp => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F2124B4-13E7-46BB-935B-2DBB31F188B1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F2124B4-13E7-46BB-935B-2DBB31F188B1} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A412C6B7-4338-4090-A972-B3B1DD1F1880} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A412C6B7-4338-4090-A972-B3B1DD1F1880} => key removed successfully
C:\Windows\System32\Tasks\CCleanerSkipUAC => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4BC9F2F-AB04-4702-9828-20BE9DAC4144} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4BC9F2F-AB04-4702-9828-20BE9DAC4144} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\System\CurrentControlSet\Services\gupdate => key removed successfully
gupdate => service removed successfully
HKLM\System\CurrentControlSet\Services\gupdatem => key removed successfully
gupdatem => service removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23668656 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 0 B
Edge => 136187 B
Chrome => 220160 B
Firefox => 43913965 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 3266 B
NetworkService => 0 B
defaultuser0 => 0 B
Marcelka a Pavlíček => 5147331 B

RecycleBin => 0 B
EmptyTemp: => 69.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:30:26 ====

[paolov]

Prosím o zdělění co tam bylo za potvory pokud už bude konec s čistěním děkuji za opověď.

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada.

Prosím o zdělění co tam bylo za potvory

Zadne potvory jsem tam zatim nevidel, jen bezne smeti zpusobene beznym pouzivanim. Akorat disk hlasi nejake chyby, coz by mohlo delat potize.

[paolov]

Zatím vše šlape uvidíme časem, mám zaslat nový rsit log nebo už je konec jinak díky za rady.