Freezy a pomalý notas

[Sandokan]

Ahoj, už několik měsíců mám velmi pomalý notebook a když na něco kliknu, čekám třeba i 5 minut, než se system rozhýbe. Uvažuji kvůli tomu o koupi nového PC. Každopádně zkoušel jsme antivirové programy, defragmentace, CCleaner apod., ale nic nezabralo. Napadlo mě, že to může být os Windows 10, který soustavně obtěžuje aktualizacemi a s každou aktualizací je pomalejší a pomalejší, proto jsem systém přeinstaloval a nyní mám w8.1 a raději ho neaktualizuji na w10. Nicméně problém s pomalou odezvou přetrvává. Jestli mi nepomůžete Vy, tak už asi nikdo a budu muset skutečně pořídit nový PC.
Moc děkuji za ochotu a posílám log z FRST a v příloze Addiction.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Arno (administrator) on ARNOST (17-06-2018 10:08:50)
Running from C:\Users\Arno\Desktop
Loaded Profiles: UpdatusUser & Arno (Available Profiles: UpdatusUser & Arno)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\Arno\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\UPDATE CORE\NVBACKEND.EXE [1793736 2015-02-23] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\PROGRAM FILES\REALTEK\AUDIO\HDA\RAVCPL64.EXE [12921488 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\PROGRAM FILES\REALTEK\AUDIO\HDA\RAVBG64.EXE [1214608 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => \SYSTEM32\HKCMD.EXE
HKLM\...\Run: [Persistence] => \SYSTEM32\IGFXPERS.EXE
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\SYNAPTICS\SYNTP\SYNLENOVOGESTUREMGR.EXE [656896 2012-09-20] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\PROGRAM FILES\LENOVO\ONEKEY THEATER\ONEKEYSTUDIO.EXE [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\PROGRAM FILES (X86)\LENOVO\ENERGY MANAGEMENT\ENERGY MANAGEMENT.EXE [17080376 2012-12-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\PROGRAM FILES (X86)\LENOVO\ENERGY MANAGEMENT\UTILITY.EXE [191544 2012-12-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\PROGRAM FILES\CLASSIC SHELL\CLASSICSTARTMENU.EXE [163640 2017-08-13] (IvoSoft)
HKLM\...\Run: [BCSSync] => C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE14\BCSSYNC.EXE [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\SYNAPTICS\SYNTP\SYNTPENH.EXE [2874168 2012-09-17] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKU\S-1-5-21-1949881295-1686993644-244737176-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-21-1949881295-1686993644-244737176-1002\...\Run: [StartMenu] => C:\Program Files\Asoftis Start Menu\StartMenu.exe
HKU\S-1-5-21-1949881295-1686993644-244737176-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7722600 2018-04-25] (Lavasoft)
HKU\S-1-5-21-1949881295-1686993644-244737176-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-1949881295-1686993644-244737176-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49654736 2018-06-05] (Skype Technologies S.A.)
HKU\S-1-5-21-1949881295-1686993644-244737176-1002\...\MountPoints2: {8e5036bd-4858-11e8-be7f-e006e6bf1485} - "H:\setup.exe"
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [174856 2015-02-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2015-02-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2015-02-23] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-12-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{C519F8FC-4118-46CA-A2C5-F71C5531F374}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1949881295-1686993644-244737176-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1949881295-1686993644-244737176-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1949881295-1686993644-244737176-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-1949881295-1686993644-244737176-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {E7639129-2A03-441B-9349-0C85CA155C2F} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w17&q={searchTerms}
SearchScopes: HKLM -> {E7639129-2A03-441B-9349-0C85CA155C2F} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w17&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E7639129-2A03-441B-9349-0C85CA155C2F} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w17&q={searchTerms}
SearchScopes: HKLM-x32 -> {E7639129-2A03-441B-9349-0C85CA155C2F} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w17&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1949881295-1686993644-244737176-1002 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10438__180425__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1949881295-1686993644-244737176-1002 -> {E7639129-2A03-441B-9349-0C85CA155C2F} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w17&q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 8fm9fifg.default
FF ProfilePath: C:\Users\Arno\AppData\Roaming\Mozilla\Firefox\Profiles\8fm9fifg.default [2018-06-17]
FF Homepage: Mozilla\Firefox\Profiles\8fm9fifg.default -> hxxp://seznam.cz/
FF NewTab: Mozilla\Firefox\Profiles\8fm9fifg.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__180425__yaff
FF Extension: (Adblock Plus) - C:\Users\Arno\AppData\Roaming\Mozilla\Firefox\Profiles\8fm9fifg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-16]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Arno\AppData\Roaming\Mozilla\Firefox\Profiles\8fm9fifg.default\features\{5a39ab8d-6a93-42ce-b0ef-cc66e7e9062d}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi [2018-06-08] [Legacy]
FF SearchPlugin: C:\Users\Arno\AppData\Roaming\Mozilla\Firefox\Profiles\8fm9fifg.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-04-25]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957816 2012-10-22] (Broadcom Corporation.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-06-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2018-04-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2018-04-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2018-04-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-04-26] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-04-26] (Disc Soft Ltd)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [254528 2018-04-26] (DT Soft Ltd)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8229264 2012-09-28] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-17] (Synaptics Incorporated)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [47072 2012-10-10] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2018-04-23] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2018-04-23] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2018-04-23] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188896 2012-10-10] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-17 10:08 - 2018-06-17 10:09 - 000019813 _____ C:\Users\Arno\Desktop\FRST.txt
2018-06-17 10:08 - 2018-06-17 10:08 - 000000000 ____D C:\FRST
2018-06-17 10:02 - 2018-06-17 10:02 - 000112640 _____ (forum.viry.cz) C:\Users\Arno\Desktop\FRSTLauncher.exe
2018-06-17 09:59 - 2018-06-17 09:59 - 002413056 _____ (Farbar) C:\Users\Arno\Desktop\FRST64.exe
2018-06-13 21:38 - 2018-05-25 07:10 - 025742848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-13 21:38 - 2018-05-25 06:44 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-06-13 21:38 - 2018-05-25 06:38 - 005779968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-13 21:38 - 2018-05-25 06:34 - 020286976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-13 21:38 - 2018-05-25 06:32 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-13 21:38 - 2018-05-25 06:16 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-06-13 21:38 - 2018-05-25 06:06 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-13 21:38 - 2018-05-25 06:03 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-06-13 21:38 - 2018-05-25 05:56 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-13 21:38 - 2018-05-25 05:55 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-13 21:38 - 2018-05-25 05:55 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-06-13 21:38 - 2018-05-25 05:53 - 015283200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-13 21:38 - 2018-05-25 05:53 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-13 21:38 - 2018-05-25 05:44 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-06-13 21:38 - 2018-05-25 05:42 - 004496896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-13 21:38 - 2018-05-25 05:39 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-13 21:38 - 2018-05-25 05:39 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-13 21:38 - 2018-05-25 05:38 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-13 21:38 - 2018-05-25 05:38 - 002060288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-13 21:38 - 2018-05-25 05:38 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-13 21:38 - 2018-05-25 05:29 - 001546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-13 21:38 - 2018-05-25 05:19 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-13 21:38 - 2018-05-25 05:17 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-13 21:38 - 2018-05-25 05:15 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-13 21:38 - 2018-05-25 05:14 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-13 21:38 - 2018-05-23 07:56 - 007406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-13 21:38 - 2018-05-23 07:45 - 000027480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-13 21:38 - 2018-05-23 07:39 - 001676064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-13 21:38 - 2018-05-23 06:13 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2018-06-13 21:38 - 2018-05-15 07:47 - 002334624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-13 21:38 - 2018-05-15 07:47 - 000244304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-13 21:38 - 2018-05-15 07:33 - 001308352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-13 21:38 - 2018-05-15 06:57 - 002324752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-13 21:38 - 2018-05-15 06:17 - 000032640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-13 21:38 - 2018-05-15 06:04 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2018-06-13 21:38 - 2018-05-15 05:05 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-13 21:38 - 2018-05-15 04:57 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-13 21:38 - 2018-05-15 04:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-13 21:38 - 2018-05-12 23:11 - 000532664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-13 21:38 - 2018-05-12 23:06 - 000567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-13 21:38 - 2018-05-12 22:51 - 002014040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-13 21:38 - 2018-05-12 22:51 - 000923480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-13 21:38 - 2018-05-12 21:08 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-06-13 21:38 - 2018-05-11 05:04 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-06-13 21:38 - 2018-05-05 21:05 - 001543800 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-13 21:38 - 2018-05-05 20:15 - 001178136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-13 21:38 - 2018-05-05 18:38 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2018-06-13 21:38 - 2018-05-05 18:23 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2018-06-13 21:38 - 2018-04-07 18:48 - 000685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-06-13 21:38 - 2018-04-07 18:47 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-13 21:38 - 2018-04-07 18:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-06-13 21:38 - 2018-04-07 18:09 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-06-13 21:38 - 2018-04-07 17:34 - 002255360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-13 21:38 - 2018-04-07 17:15 - 001942016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-13 21:38 - 2018-04-05 19:47 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc63.sys
2018-06-13 21:38 - 2018-04-05 19:38 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetVscCoinstall.dll
2018-06-13 21:38 - 2018-03-29 03:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2018-06-13 21:38 - 2018-03-29 03:21 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2018-06-13 21:38 - 2018-03-29 03:06 - 002608640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-06-13 21:38 - 2018-03-29 03:05 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2018-06-13 21:38 - 2018-03-29 02:26 - 002170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2018-06-13 21:38 - 2018-03-29 02:24 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2018-06-13 08:11 - 2018-06-13 08:11 - 000001333 _____ C:\Users\Public\Desktop\Skype.lnk
2018-06-13 08:10 - 2018-06-13 08:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-06-13 08:09 - 2018-06-13 08:10 - 063222472 _____ (Skype Technologies S.A.) C:\Users\Arno\Downloads\Skype-8.23.0.10.exe
2018-06-13 08:08 - 2018-06-13 08:08 - 000003140 _____ C:\WINDOWS\System32\Tasks\{37D82D4C-31E3-49A9-B6A1-711ADAAE1BB6}
2018-06-13 08:07 - 2018-06-13 08:07 - 001384064 _____ (Skype Technologies S.A.) C:\Users\Arno\Downloads\SkypeSetup.exe
2018-06-13 06:57 - 2018-06-13 08:03 - 000000000 ____D C:\ProgramData\Skype
2018-06-13 06:56 - 2018-06-13 06:56 - 032542880 _____ (Skype Technologies S.A.) C:\Users\Arno\Downloads\SkypeSetupFull.exe
2018-06-04 07:48 - 2018-01-23 20:58 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-05-21 23:15 - 2018-05-21 23:15 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-17 04:17 - 2018-04-28 06:28 - 000003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6D312E53-A8A5-4420-83C8-40E7DEF238FF}
2018-06-16 22:33 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-16 19:22 - 2018-04-23 23:08 - 000000000 ____D C:\Users\Arno
2018-06-16 19:01 - 2018-04-25 09:20 - 000000000 ____D C:\Users\Arno\AppData\Local\ClassicShell
2018-06-16 12:33 - 2018-04-27 05:40 - 000142848 ___SH C:\Users\Arno\Desktop\Thumbs.db
2018-06-16 05:53 - 2018-04-27 07:25 - 000000583 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2018-06-15 20:57 - 2018-04-22 01:35 - 000000000 ____D C:\Users\Arno\AppData\LocalLow\Mozilla
2018-06-15 20:56 - 2018-04-24 03:17 - 000000000 __SHD C:\Users\Arno\IntelGraphicsProfiles
2018-06-14 21:33 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\rescache
2018-06-14 18:23 - 2012-12-06 05:23 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-06-14 18:22 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-14 18:22 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2018-06-14 09:40 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-06-14 06:56 - 2018-04-22 11:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-14 06:47 - 2018-04-22 11:07 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-14 06:47 - 2018-04-22 11:07 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-14 06:44 - 2012-07-26 09:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-14 06:34 - 2018-04-22 01:12 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1949881295-1686993644-244737176-1002
2018-06-13 21:17 - 2012-12-06 05:23 - 000000000 ____D C:\ProgramData\McAfee
2018-06-13 08:03 - 2018-04-24 17:55 - 000000000 ____D C:\Users\Arno\AppData\Roaming\Skype
2018-06-10 22:19 - 2018-04-23 23:08 - 000000000 ____D C:\Users\UpdatusUser
2018-06-09 09:01 - 2018-04-22 01:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-09 09:01 - 2018-04-22 01:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-07 19:55 - 2018-04-22 01:34 - 000001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-05 21:19 - 2018-04-25 08:19 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 21:19 - 2018-04-25 08:19 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-04 07:49 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2018-06-04 07:38 - 2018-04-23 05:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-06-04 07:37 - 2012-07-26 10:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-06-04 07:32 - 2012-07-26 07:37 - 000000000 ____D C:\Users\Default.migrated
2018-06-02 14:24 - 2018-04-22 09:52 - 000000000 ____D C:\Users\Arno\AppData\Roaming\IGdm
2018-05-29 19:00 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-29 00:46 - 2018-04-26 20:30 - 000000000 ____D C:\Users\Arno\AppData\Roaming\BSplayer
2018-05-22 08:05 - 2012-07-26 10:12 - 000000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======


Some files in TEMP:
====================
2018-04-25 20:02 - 2018-04-25 20:02 - 000355288 _____ (Lavasoft) C:\Users\Arno\AppData\Local\Temp\offer-E5BE6A0E-2D2C-40C8-A11C-AA4763A7E8CF.exe
2018-04-26 19:18 - 2018-04-26 19:18 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426171855087.dll
2018-04-26 19:18 - 2018-04-26 19:18 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426171857323.dll
2018-04-26 19:19 - 2018-04-26 19:19 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426171904714.dll
2018-04-26 19:19 - 2018-04-26 19:19 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426171913105.dll
2018-04-26 19:19 - 2018-04-26 19:19 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426171952477.dll
2018-04-26 19:28 - 2018-04-26 19:28 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426172852411.dll
2018-04-26 19:28 - 2018-04-26 19:28 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426172852677.dll
2018-04-26 19:28 - 2018-04-26 19:28 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426172853005.dll
2018-04-26 19:28 - 2018-04-26 19:28 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426172853958.dll
2018-04-26 19:28 - 2018-04-26 19:28 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426172858318.dll
2018-04-25 19:59 - 2018-04-25 19:59 - 001983672 _____ (BitTorrent Inc.) C:\Users\Arno\AppData\Local\Temp\utt4D.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-12 08:10

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows8_OS) (Fixed) (Total:883.24 GB) (Free:766.73 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.97 GB) NTFS
Drive f: (TESVLEt2k9) (CDROM) (Total:1.88 GB) (Free:0 GB) UDF
\\?\Volume{85e36f3f-bbb8-454a-a985-468e5fb1514d}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{a668f6bc-6b72-484a-88be-6da8f03da15e}\ () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS
\\?\Volume{28d53190-997b-47d9-8fe6-50596c672490}\ () (Fixed) (Total:0.49 GB) (Free:0.07 GB) NTFS
\\?\Volume{0fef535d-861b-4dd6-b9d8-bd224112ebbe}\ (PBR_DRV) (Fixed) (Total:20 GB) (Free:10.15 GB) NTFS

Available physical RAM: 922.42 MB
Total physical RAM: 3961.77 MB
Percentage of memory in use: 76%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: 61DEA825)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Verze podpisu: AV: 1.269.1363.0, AS: 1.269.1363.0, NIS: 0.0.0.0
Verze podpisu: AV: 1.269.1363.0, AS: 1.269.1363.0, NIS: 119.0.0.0
Verze podpisu: AV: 1.269.1363.0, AS: 1.269.1363.0, NIS: 119.0.0.0
Verze podpisu: AV: 1.269.1363.0, AS: 1.269.1363.0, NIS: 119.0.0.0
Verze podpisu: AV: 1.269.1363.0, AS: 1.269.1363.0, NIS: 119.0.0.0
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Verze podpisu: AV: 1.269.1363.0, AS: 1.269.1363.0, NIS: 0.0.0.0
Verze podpisu: AV: 1.269.1363.0, AS: 1.269.1363.0, NIS: 119.0.0.0
Verze podpisu: AV: 1.269.1363.0, AS: 1.269.1363.0, NIS: 119.0.0.0
Verze podpisu: AV: 1.269.1363.0, AS: 1.269.1363.0, NIS: 119.0.0.0
Verze podpisu: AV: 1.269.1363.0, AS: 1.269.1363.0, NIS: 119.0.0.0



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Arno\Desktop" je 38918 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[altrok]

Krasny den Vam preju


Jako prvni se zbavime vsech zbytku od McAfee - http://download.mcafee.com/products/lic ... s/MCPR.exe


V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).


Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

• ukoncete vsechny programy
• odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

• Stahnete Crystal Disk Info (CDI) https://osdn.jp/frs/redir.php?m=cznic&f ... o6_7_5.zip
• archiv extrahujte a spustte vyextrahovany soubor DiskInfo.exe
• ve spustenem programu kliknete nahore na Upravy -> Kopirovat (log mate nyni zkopirovany ve schrance)
• log vlozte do dalsi odpovedi (Ctrl + V)

[Sandokan]

Díky. Log z AdwCleaner:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-06-15.3
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-17-2018
# Duration: 00:00:17
# OS: Windows 8.1
# Cleaned: 13
# Failed: 2


***** [ Services ] *****

Deleted WCAssistantService

***** [ Folders ] *****

Not Deleted C:\ProgramData\lavasoft\web companion
Not Deleted C:\Program Files (x86)\lavasoft\web companion
Deleted C:\Users\Arno\AppData\Roaming\lavasoft\web companion
Deleted C:\Program Files (x86)\Amazon\ABB
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKCU\Software\csastats
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2442 octets] - [17/06/2018 16:20:09]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


Log z CrystalDisk:

----------------------------------------------------------------------------
CrystalDiskInfo 6.7.5 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 8.1 [6.3 Build 9600] (x64)
Date : 2018/06/17 16:31:03

-- Controller Map ----------------------------------------------------------
+ Intel(R) 7 Series Chipset Family SATA AHCI Controller [ATA]
- ST1000LM024 HN-M101MBB
- HL-DT-ST DVDRAM GT50N
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(1) ST1000LM024 HN-M101MBB : 1000,2 GB [0/0/0, pd1] - st

----------------------------------------------------------------------------
(1) ST1000LM024 HN-M101MBB
----------------------------------------------------------------------------
Model : ST1000LM024 HN-M101MBB
Firmware : 2AR10001
Serial Number : S2U5J9ACB33306
Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : SATA/300 | SATA/300
Power On Hours : 21337 hod.
Power On Count : 4593 krát
Temperature : 51 C (123 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 000000000A7F Počet chyb čtení
02 252 252 __0 000000000000 Průchodnost disku
03 _89 _89 _25 000000000D8B Čas na roztočení ploten
04 _96 _96 __0 0000000011FD Počet spuštění/zastavení
05 252 252 _10 000000000000 Počet přemapovaných sektorů
07 252 252 _51 000000000000 Počet chybných hledání
08 252 252 _15 000000000000 Čas potřebný na vyhledání
09 100 100 __0 000000005359 Hodin v činnosti
0A 252 252 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B _99 _99 __0 0000000004A8 Počet pokusů o překalibrování
0C _96 _96 __0 0000000011F1 Počet cyklů zapnutí zařízení
BF 100 100 __0 000000000022 Počet udalostí zaznamenaných otřesovým senzorem
C0 252 252 __0 000000000000 Počet vypnutí disku
C2 _49 _34 __0 0042000B0033 Teplota
C3 100 100 __0 000000000000 Počet oprav chybného čtení
C4 252 252 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 252 100 __0 000000000000 Počet podezřelých sektorů
C6 252 252 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 __1 __1 __0 0000000199F6 Počet chyb při zápisu sektorů
DF _99 _99 __0 0000000004A8 Zatížení budiče magnetických hlav způsobené opakovanými úkony
E1 _81 _81 __0 00000002FFBB Počet cyklů načítání/vymazání

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 5332 5535 4A39 4143 4233 3333 3036 2020 2020 2020
020: 0000 4000 0004 3241 5231 3030 3031 5354 3130 3030
030: 4C4D 3032 3420 484E 2D4D 3130 314D 4242 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0006 3FFF 0010 003F FC10 00FB 0000
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0F06 0004 004C 0048
080: 01FF 0028 746B 7D09 6123 7469 BC09 6123 203F 0068
090: 0068 0080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 6003 0000 5000 4CF2
110: 08F4 4C0D 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 103F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 66A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 64 7F 0A 00 00 00 00 00 02 26
010: 00 FC FC 00 00 00 00 00 00 00 03 23 00 59 59 8B
020: 0D 00 00 00 00 00 04 32 00 60 60 FD 11 00 00 00
030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E
040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00
050: 00 00 00 00 00 00 09 32 00 64 64 59 53 00 00 00
060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32
070: 00 63 63 A8 04 00 00 00 00 00 0C 32 00 60 60 F1
080: 11 00 00 00 00 00 BF 22 00 64 64 22 00 00 00 00
090: 00 00 C0 22 00 FC FC 00 00 00 00 00 00 00 C2 02
0A0: 00 31 22 33 00 0B 00 42 00 00 C3 3A 00 64 64 00
0B0: 00 00 00 00 00 00 C4 32 00 FC FC 00 00 00 00 00
0C0: 00 00 C5 32 00 FC 64 00 00 00 00 00 00 00 C6 30
0D0: 00 FC FC 00 00 00 00 00 00 00 C7 36 00 C8 C8 00
0E0: 00 00 00 00 00 00 C8 2A 00 01 01 F6 99 01 00 00
0F0: 00 00 DF 32 00 63 63 A8 04 00 00 00 00 00 E1 32
100: 00 51 51 BB FF 02 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 78 A0 32 00 5B
170: 03 00 01 00 02 D8 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0C

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00
010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33
040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00
070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
080: 00 00 00 00 00 00 BF 00 00 00 00 00 00 00 00 00
090: 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 C2 00
0A0: 00 00 00 00 00 00 00 00 00 00 C3 00 00 00 00 00
0B0: 00 00 00 00 00 00 C4 00 00 00 00 00 00 00 00 00
0C0: 00 00 C5 00 00 00 00 00 00 00 00 00 00 00 C6 00
0D0: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00
0E0: 00 00 00 00 00 00 C8 00 00 00 00 00 00 00 00 00
0F0: 00 00 DF 00 00 00 00 00 00 00 00 00 00 00 E1 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3B

[JaRon]

Ospravedlnujem sa za vstup ,,,
Velkost plochy mas 38GB, vycisti to - max. 1GB
Restart

[altrok]

01 100 100 _51 000000000A7F Počet chyb čtení
BF 100 100 __0 000000000022 Počet udalostí zaznamenaných otřesovým senzorem
C8 __1 __1 __0 0000000199F6 Počet chyb při zápisu sektorů

Tohle nejsou údaje, které se u 100% zdravého disku objevují. Může, ale nemusí to znamenat problémy.



Start -> Vsechny programy -> Prislusenstvi -> pravej klik na Prikazovy radek a Spustit jako spravce

• vepiste chkdsk /r
• enter a restartujte PC
• tato kontrola a opravovani probihaji pred nactenim OS a trvaji az nekolik hodin

Nainstalujte a spustte HD Tune - http://www.hdtune.com/files/hdtune_255.exe

• Prejdete na zalozku Health a zkontrolujte, ze je ve sloupecku Status vsude hodnota OK a dole sviti zelene Health status: OK
• Na zalozce Error Scan kliknete na Start. Po dokonceni testu udelejte screen a prilozte ho k dalsi odpovedi.

[Sandokan]

Dle pokynu posílám screen.
Při procesu HD Tune se mi disk zahřál na 55°C, hlásil mi to notebook.

[altrok]

chkdsk proběhl?

Stáhněte a nainstalujte MBAM https://www.bleepingcomputer.com/downlo ... i-malware/
- Custom scan -> zatrhnout celý disk -> zkontrolovat PC
- výsledky skenu prosím do příštího příspěvku.

[Sandokan]

Jj, chkdisk proběhl.
Jsem momentálně na dovolené bez svého notasu a vracím se za týden, tady mám jen pracovního maca. Tak za týden se ozvu. Díky.

[Sandokan]

Posílám výsledek scanu MBAM:

Malwarebytes
http://www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 02.07.18
Čas skenování: 20:02
Logovací soubor: 1b70655c-7e22-11e8-9983-e006e6bf1485.json
Správce: Ano

-Informace o softwaru-
Verze: 3.5.1.2522
Verze komponentů: 1.0.374
Aktualizovat verzi balíku komponent: 1.0.5731
Licence: Zkušební

-Systémová informace-
OS: Windows 8.1
CPU: x64
Systém souborů: NTFS
Uživatel: Ja

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 274590
Zjištěné hrozby: 6
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 5 min, 41 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 1
PUP.Optional.InstallCore.Generic, C:\USERS\ARNO\APPDATA\LOCAL\TEMP\DMGR1.25, Žádná uživatelská akce, [6199], [509535],1.0.5731

Soubor: 5
PUP.Optional.InstallCore.Generic, C:\USERS\JA\APPDATA\LOCAL\TEMP\DMGR1.25\DMGR1.25_0D1F2W1G1I1F1T1Q0A1B2Z1C1F1.25.exe, Žádná uživatelská akce, [6199], [509535],1.0.5731
PUP.Optional.OpenCandy, C:\USERS\ARNO\DOWNLOADS\DAEMON-TOOLS-LITE-4-46-1-DTLITE4461-0328.EXE, Žádná uživatelská akce, [1032], [297667],1.0.5731
PUP.Optional.InstallCore.Generic, C:\USERS\JA\DOWNLOADS\DAEMON_TOOLS_LITE_1320762071.EXE, Žádná uživatelská akce, [6199], [512152],1.0.5731
Adware.WhenU, C:\USERS\JA\DOWNLOADS\DAEMON403.EXE, Žádná uživatelská akce, [2740], [294434],1.0.5731
PUP.Optional.OpenCandy, C:\USERS\JA\DOWNLOADS\DAEMON-TOOLS_4.46.1_LITE.EXE, Žádná uživatelská akce, [1032], [297667],1.0.5731

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[altrok]

Tohle byl "jen" sken hrozeb, který je sice rychlý, ale neprohledá celý PC (navíc nenašel nic vyloženě nebezpečného).

-Systémová informace-
OS: Windows 8.1
CPU: x64
Systém souborů: NTFS
Uživatel: Ja

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)

Mě by zajímal ještě sken celého počítače, tedy spusť MBAM -> vlevo Sken -> prostřední možnost Vlastní skenování (tento typ skenu většinou trvá v řádu jednotek hodin).

[Sandokan]

Nový sken Vlastní skenování:

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 04.07.18
Čas skenování: 9:08
Logovací soubor: 124111d8-7f59-11e8-8df9-e006e6bf1485.json
Správce: Ano

-Informace o softwaru-
Verze: 3.5.1.2522
Verze komponentů: 1.0.374
Aktualizovat verzi balíku komponent: 1.0.5757
Licence: Zkušební

-Systémová informace-
OS: Windows 8.1
CPU: x64
Systém souborů: NTFS
Uživatel: System

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Spuštění skenování: Plánovač
Výsledek: Dokončeno
Skenované objekty: 316942
Zjištěné hrozby: 6
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 1 hod, 20 min, 0 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 1
PUP.Optional.InstallCore.Generic, C:\USERS\JA\APPDATA\LOCAL\TEMP\DMGR1.25, Žádná uživatelská akce, [6200], [509535],1.0.5757

Soubor: 5
PUP.Optional.InstallCore.Generic, C:\USERS\JA\APPDATA\LOCAL\TEMP\DMGR1.25\DMGR1.25_0D1F2W1G1I1F1T1Q0A1B2Z1C1F1.25.EXE, Žádná uživatelská akce, [6200], [509535],1.0.5757
PUP.Optional.OpenCandy, C:\USERS\JA\DOWNLOADS\DAEMON-TOOLS-LITE-4-46-1-DTLITE4461-0328.EXE, Žádná uživatelská akce, [1033], [297667],1.0.5757
PUP.Optional.OpenCandy, C:\USERS\JA\DOWNLOADS\DAEMON-TOOLS_4.46.1_LITE.EXE, Žádná uživatelská akce, [1033], [297667],1.0.5757
Adware.WhenU, C:\USERS\JA\DOWNLOADS\DAEMON403.EXE, Žádná uživatelská akce, [2741], [294434],1.0.5757
PUP.Optional.InstallCore.Generic, C:\USERS\JA\DOWNLOADS\DAEMON_TOOLS_LITE_1320762071.EXE, Žádná uživatelská akce, [6200], [512152],1.0.5757

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[altrok]

Vyborne, dejte prosim logy FRST.txt a Addition.txt. Na svatky budu mimo PC, takze odpovim az po vikendu.

[Sandokan]

Posílám scan FRST.txt a Addiction v příloze:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Arno (administrator) on ARNOST (05-07-2018 20:02:27)
Running from C:\Users\Arno\Desktop
Loaded Profiles: UpdatusUser & Arno (Available Profiles: UpdatusUser & Arno)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Failed to access process -> ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\UPDATE CORE\NVBACKEND.EXE [1793736 2015-02-23] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\PROGRAM FILES\REALTEK\AUDIO\HDA\RAVCPL64.EXE [12921488 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\PROGRAM FILES\REALTEK\AUDIO\HDA\RAVBG64.EXE [1214608 2012-09-14] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => \SYSTEM32\HKCMD.EXE
HKLM\...\Run: [Persistence] => \SYSTEM32\IGFXPERS.EXE
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\SYNAPTICS\SYNTP\SYNLENOVOGESTUREMGR.EXE [656896 2012-09-20] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\PROGRAM FILES\LENOVO\ONEKEY THEATER\ONEKEYSTUDIO.EXE [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\PROGRAM FILES (X86)\LENOVO\ENERGY MANAGEMENT\ENERGY MANAGEMENT.EXE [17080376 2012-12-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\PROGRAM FILES (X86)\LENOVO\ENERGY MANAGEMENT\UTILITY.EXE [191544 2012-12-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\PROGRAM FILES\CLASSIC SHELL\CLASSICSTARTMENU.EXE [163640 2017-08-13] (IvoSoft)
HKLM\...\Run: [BCSSync] => C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE14\BCSSYNC.EXE [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\SYNAPTICS\SYNTP\SYNTPENH.EXE [2874168 2012-09-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKU\S-1-5-21-1949881295-1686993644-244737176-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-21-1949881295-1686993644-244737176-1002\...\Run: [StartMenu] => C:\Program Files\Asoftis Start Menu\StartMenu.exe
HKU\S-1-5-21-1949881295-1686993644-244737176-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-1949881295-1686993644-244737176-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49654736 2018-06-05] (Skype Technologies S.A.)
HKU\S-1-5-21-1949881295-1686993644-244737176-1002\...\MountPoints2: {8e5036bd-4858-11e8-be7f-e006e6bf1485} - "H:\setup.exe"
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [174856 2015-02-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2015-02-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2015-02-23] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-12-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{C519F8FC-4118-46CA-A2C5-F71C5531F374}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1949881295-1686993644-244737176-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1949881295-1686993644-244737176-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1949881295-1686993644-244737176-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-1949881295-1686993644-244737176-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {E7639129-2A03-441B-9349-0C85CA155C2F} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w17&q={searchTerms}
SearchScopes: HKLM -> {E7639129-2A03-441B-9349-0C85CA155C2F} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w17&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E7639129-2A03-441B-9349-0C85CA155C2F} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w17&q={searchTerms}
SearchScopes: HKLM-x32 -> {E7639129-2A03-441B-9349-0C85CA155C2F} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w17&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1949881295-1686993644-244737176-1002 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10438__180425__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1949881295-1686993644-244737176-1002 -> {E7639129-2A03-441B-9349-0C85CA155C2F} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=cz&p_tsrc=301ssg01&p_w=y1w17&q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 8fm9fifg.default
FF ProfilePath: C:\Users\Arno\AppData\Roaming\Mozilla\Firefox\Profiles\8fm9fifg.default [2018-07-05]
FF Homepage: Mozilla\Firefox\Profiles\8fm9fifg.default -> hxxp://seznam.cz/
FF NewTab: Mozilla\Firefox\Profiles\8fm9fifg.default -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10438__180425__yaff
FF Extension: (Adblock Plus) - C:\Users\Arno\AppData\Roaming\Mozilla\Firefox\Profiles\8fm9fifg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-16]
FF SearchPlugin: C:\Users\Arno\AppData\Roaming\Mozilla\Firefox\Profiles\8fm9fifg.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-04-25]
FF Extension: (WebCompat Reporter) - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-07-02] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => not found
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957816 2012-10-22] (Broadcom Corporation.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2018-04-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2018-04-23] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-04-26] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-04-26] (Disc Soft Ltd)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [254528 2018-04-26] (DT Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-07-02] (Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-07-02] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112872 2018-07-05] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-07-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-07-05] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103656 2018-07-05] (Malwarebytes)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8229264 2012-09-28] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-17] (Synaptics Incorporated)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [47072 2012-10-10] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2018-04-23] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2018-04-23] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2018-04-23] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188896 2012-10-10] (Windows (R) Win 7 DDK provider)
S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-05 19:59 - 2018-07-05 19:59 - 000000000 ____D C:\Users\Arno\Desktop\FRST-OlderVersion
2018-07-03 08:12 - 2018-07-05 17:46 - 000103656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-07-02 20:00 - 2018-07-05 06:41 - 000112872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-07-02 20:00 - 2018-07-05 06:41 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-07-02 20:00 - 2018-07-05 06:40 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-02 20:00 - 2018-07-02 20:00 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-07-02 19:54 - 2018-07-02 19:59 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-02 19:54 - 2018-07-02 19:54 - 000001894 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-02 19:54 - 2018-07-02 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-02 19:54 - 2018-07-02 19:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-02 19:54 - 2018-07-02 19:54 - 000000000 ____D C:\Program Files\Malwarebytes
2018-07-02 19:50 - 2018-07-02 19:51 - 074288784 _____ (Malwarebytes ) C:\Users\Arno\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2018-06-21 19:00 - 2018-06-21 19:00 - 000000949 _____ C:\Users\Arno\Desktop\HD Tune.lnk
2018-06-21 19:00 - 2018-06-21 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2018-06-21 19:00 - 2018-06-21 19:00 - 000000000 ____D C:\Program Files (x86)\HD Tune
2018-06-21 18:59 - 2018-06-21 18:59 - 000642632 _____ (EFD Software ) C:\Users\Arno\Downloads\hdtune_255.exe
2018-06-17 16:18 - 2018-06-17 16:20 - 000000000 ____D C:\AdwCleaner
2018-06-17 16:17 - 2018-06-17 16:18 - 007372496 _____ (Malwarebytes) C:\Users\Arno\Downloads\adwcleaner_7.2.0.exe
2018-06-17 16:12 - 2018-06-17 16:12 - 003480040 _____ (McAfee, Inc.) C:\Users\Arno\Downloads\MCPR.exe
2018-06-17 10:13 - 2018-06-17 10:13 - 000009916 _____ C:\Users\Arno\Desktop\Addition.rar
2018-06-17 10:10 - 2018-06-17 10:11 - 000039291 _____ C:\Users\Arno\Desktop\Addition.txt
2018-06-17 10:08 - 2018-07-05 20:03 - 000018689 _____ C:\Users\Arno\Desktop\FRST.txt
2018-06-17 10:08 - 2018-07-05 20:02 - 000000000 ____D C:\FRST
2018-06-17 09:59 - 2018-07-05 19:59 - 002412544 _____ (Farbar) C:\Users\Arno\Desktop\FRST64.exe
2018-06-13 21:38 - 2018-05-25 07:10 - 025742848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-13 21:38 - 2018-05-25 06:44 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-06-13 21:38 - 2018-05-25 06:38 - 005779968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-13 21:38 - 2018-05-25 06:34 - 020286976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-13 21:38 - 2018-05-25 06:32 - 000794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-13 21:38 - 2018-05-25 06:16 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-06-13 21:38 - 2018-05-25 06:06 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-13 21:38 - 2018-05-25 06:03 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-06-13 21:38 - 2018-05-25 05:56 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-13 21:38 - 2018-05-25 05:55 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-13 21:38 - 2018-05-25 05:55 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-06-13 21:38 - 2018-05-25 05:53 - 015283200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-13 21:38 - 2018-05-25 05:53 - 002135552 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-13 21:38 - 2018-05-25 05:44 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-06-13 21:38 - 2018-05-25 05:42 - 004496896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-13 21:38 - 2018-05-25 05:39 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-13 21:38 - 2018-05-25 05:39 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-13 21:38 - 2018-05-25 05:38 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-13 21:38 - 2018-05-25 05:38 - 002060288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-13 21:38 - 2018-05-25 05:38 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-13 21:38 - 2018-05-25 05:29 - 001546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-13 21:38 - 2018-05-25 05:19 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-13 21:38 - 2018-05-25 05:17 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-13 21:38 - 2018-05-25 05:15 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-13 21:38 - 2018-05-25 05:14 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-13 21:38 - 2018-05-23 07:56 - 007406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-13 21:38 - 2018-05-23 07:45 - 000027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-13 21:38 - 2018-05-23 07:39 - 001676064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-13 21:38 - 2018-05-23 06:13 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2018-06-13 21:38 - 2018-05-15 07:47 - 002334624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-13 21:38 - 2018-05-15 07:47 - 000244304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-13 21:38 - 2018-05-15 07:33 - 001308352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-13 21:38 - 2018-05-15 06:57 - 002324752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-13 21:38 - 2018-05-15 06:17 - 000032640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-13 21:38 - 2018-05-15 06:04 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2018-06-13 21:38 - 2018-05-15 05:05 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-13 21:38 - 2018-05-15 04:57 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-13 21:38 - 2018-05-15 04:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-13 21:38 - 2018-05-12 23:11 - 000532664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-13 21:38 - 2018-05-12 23:06 - 000567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-13 21:38 - 2018-05-12 22:51 - 002014040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-13 21:38 - 2018-05-12 22:51 - 000923480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-13 21:38 - 2018-05-12 21:08 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-06-13 21:38 - 2018-05-11 05:04 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-06-13 21:38 - 2018-05-05 21:05 - 001543800 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-13 21:38 - 2018-05-05 20:15 - 001178136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-13 21:38 - 2018-05-05 18:38 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2018-06-13 21:38 - 2018-05-05 18:23 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2018-06-13 21:38 - 2018-04-07 18:48 - 000685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-06-13 21:38 - 2018-04-07 18:47 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-13 21:38 - 2018-04-07 18:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-06-13 21:38 - 2018-04-07 18:09 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-06-13 21:38 - 2018-04-07 17:34 - 002255360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-13 21:38 - 2018-04-07 17:15 - 001942016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-13 21:38 - 2018-04-05 19:47 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc63.sys
2018-06-13 21:38 - 2018-04-05 19:38 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetVscCoinstall.dll
2018-06-13 21:38 - 2018-03-29 03:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2018-06-13 21:38 - 2018-03-29 03:21 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2018-06-13 21:38 - 2018-03-29 03:06 - 002608640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-06-13 21:38 - 2018-03-29 03:05 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2018-06-13 21:38 - 2018-03-29 02:26 - 002170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2018-06-13 21:38 - 2018-03-29 02:24 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2018-06-13 08:11 - 2018-06-13 08:11 - 000001333 _____ C:\Users\Public\Desktop\Skype.lnk
2018-06-13 08:10 - 2018-06-13 08:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-06-13 08:09 - 2018-06-13 08:10 - 063222472 _____ (Skype Technologies S.A.) C:\Users\Arno\Downloads\Skype-8.23.0.10.exe
2018-06-13 08:08 - 2018-06-13 08:08 - 000003140 _____ C:\WINDOWS\System32\Tasks\{37D82D4C-31E3-49A9-B6A1-711ADAAE1BB6}
2018-06-13 08:07 - 2018-06-13 08:07 - 001384064 _____ (Skype Technologies S.A.) C:\Users\Arno\Downloads\SkypeSetup.exe
2018-06-13 06:57 - 2018-06-13 08:03 - 000000000 ____D C:\ProgramData\Skype
2018-06-13 06:56 - 2018-06-13 06:56 - 032542880 _____ (Skype Technologies S.A.) C:\Users\Arno\Downloads\SkypeSetupFull.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-05 19:22 - 2018-04-23 23:08 - 000000000 ____D C:\Users\Arno
2018-07-05 16:24 - 2018-04-28 06:28 - 000003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6D312E53-A8A5-4420-83C8-40E7DEF238FF}
2018-07-05 07:40 - 2018-04-22 01:35 - 000000000 ____D C:\Users\Arno\AppData\LocalLow\Mozilla
2018-07-05 06:42 - 2018-04-23 23:08 - 000000000 ____D C:\Users\UpdatusUser
2018-07-05 06:40 - 2018-04-27 07:25 - 000000726 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2018-07-05 06:40 - 2018-04-24 03:17 - 000000000 __SHD C:\Users\Arno\IntelGraphicsProfiles
2018-07-05 06:40 - 2013-08-22 16:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-05 06:39 - 2018-04-22 01:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-05 06:39 - 2018-04-22 01:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-07-03 06:20 - 2018-04-25 09:20 - 000000000 ____D C:\Users\Arno\AppData\Local\ClassicShell
2018-07-02 07:49 - 2018-04-22 01:12 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1949881295-1686993644-244737176-1002
2018-07-02 07:26 - 2018-04-22 01:34 - 000001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-01 22:00 - 2018-04-27 05:40 - 000172032 ___SH C:\Users\Arno\Desktop\Thumbs.db
2018-06-21 19:09 - 2018-04-27 06:23 - 000000000 ____D C:\Users\Arno\Desktop\Nová složka
2018-06-21 19:08 - 2012-12-06 05:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-06-19 06:37 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-19 03:47 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\Inf
2018-06-17 16:21 - 2018-04-25 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-06-17 16:20 - 2018-04-25 20:04 - 000000000 ____D C:\Users\Arno\AppData\Roaming\Lavasoft
2018-06-17 16:20 - 2012-12-06 05:22 - 000000000 ____D C:\Program Files (x86)\Amazon
2018-06-14 21:33 - 2013-08-22 17:36 - 000000000 ____D C:\WINDOWS\rescache
2018-06-14 09:40 - 2013-08-22 15:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-06-14 06:56 - 2018-04-22 11:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-14 06:47 - 2018-04-22 11:07 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-14 06:47 - 2018-04-22 11:07 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-14 06:44 - 2012-07-26 09:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-13 08:03 - 2018-04-24 17:55 - 000000000 ____D C:\Users\Arno\AppData\Roaming\Skype
2018-06-05 21:19 - 2018-04-25 08:19 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 21:19 - 2018-04-25 08:19 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Some files in TEMP:
====================
2018-04-25 20:02 - 2018-04-25 20:02 - 000355288 _____ (Lavasoft) C:\Users\Arno\AppData\Local\Temp\offer-E5BE6A0E-2D2C-40C8-A11C-AA4763A7E8CF.exe
2018-04-26 19:18 - 2018-04-26 19:18 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426171855087.dll
2018-04-26 19:18 - 2018-04-26 19:18 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426171857323.dll
2018-04-26 19:19 - 2018-04-26 19:19 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426171904714.dll
2018-04-26 19:19 - 2018-04-26 19:19 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426171913105.dll
2018-04-26 19:19 - 2018-04-26 19:19 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426171952477.dll
2018-04-26 19:28 - 2018-04-26 19:28 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426172852411.dll
2018-04-26 19:28 - 2018-04-26 19:28 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426172852677.dll
2018-04-26 19:28 - 2018-04-26 19:28 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426172853005.dll
2018-04-26 19:28 - 2018-04-26 19:28 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426172853958.dll
2018-04-26 19:28 - 2018-04-26 19:28 - 002183680 _____ (Opera Software) C:\Users\Arno\AppData\Local\Temp\Opera_installer_180426172858318.dll
2018-04-25 19:59 - 2018-04-25 19:59 - 001983672 _____ (BitTorrent Inc.) C:\Users\Arno\AppData\Local\Temp\utt4D.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-01 12:37

==================== End of FRST.txt ============================

[altrok]

Malwarebytes odinstalujte (nemáte-li placenou verzi).



Pokud bychom chtěli PC odlehčit (zejména při startu), spusťte správce úloh (Ctrl+Shift+Esc), přejděte na záložku "Po spuštění" a zakažte, co nepoužíváte. S případnými pochybnostmi poradím.



Po restartu dejte vedet, jak se PC chova.

• Znovu spustte FRST.exe/FRST64.exe
• stisknete Ctrl + y (obe klavesy zaroven)
• otevre se fixlist.txt, do nejz vlozte obsah bileho pole nize
• stisknete Ctrl + s (ulozite zmeny), pote fixlist zavrete
• kliknete na tlacitko Fix
• po restartu bude vedle FRST vytvoren fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  HKU\S-1-5-21-1949881295-1686993644-244737176-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
  HKU\S-1-5-21-1949881295-1686993644-244737176-1002\...\MountPoints2: {8e5036bd-4858-11e8-be7f-e006e6bf1485} - "H:\setup.exe" 
  HKU\S-1-5-21-1949881295-1686993644-244737176-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
  HKU\S-1-5-21-1949881295-1686993644-244737176-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
  SearchScopes: HKLM -> DefaultScope {E7639129-2A03-441B-9349-0C85CA155C2F} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w17&q={searchTerms}
  SearchScopes: HKLM -> {E7639129-2A03-441B-9349-0C85CA155C2F} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w17&q={searchTerms}
  SearchScopes: HKLM-x32 -> DefaultScope {E7639129-2A03-441B-9349-0C85CA155C2F} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w17&q={searchTerms}
  SearchScopes: HKLM-x32 -> {E7639129-2A03-441B-9349-0C85CA155C2F} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w17&q={searchTerms}
  SearchScopes: HKU\S-1-5-21-1949881295-1686993644-244737176-1002 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hsp ... 5__yaie&p={searchTerms}
  SearchScopes: HKU\S-1-5-21-1949881295-1686993644-244737176-1002 -> {E7639129-2A03-441B-9349-0C85CA155C2F} URL = hxxps://search.gmx.com/web/result?origi ... w=y1w17&q={searchTerms}
  BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
  Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
  FF NewTab: Mozilla\Firefox\Profiles\8fm9fifg.default -> hxxps://search.yahoo.com/yhs/web?hspart ... 0425__yaff
  FF SearchPlugin: C:\Users\Arno\AppData\Roaming\Mozilla\Firefox\Profiles\8fm9fifg.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-04-25]
  FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => not found
  FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => not found
  C:\Program Files (x86)\McAfee
  S3 mfesapsn; \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [X]
  2018-07-02 19:50 - 2018-07-02 19:51 - 074288784 _____ (Malwarebytes ) C:\Users\Arno\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
  2018-06-13 08:09 - 2018-06-13 08:10 - 063222472 _____ (Skype Technologies S.A.) C:\Users\Arno\Downloads\Skype-8.23.0.10.exe
  2018-06-13 08:07 - 2018-06-13 08:07 - 001384064 _____ (Skype Technologies S.A.) C:\Users\Arno\Downloads\SkypeSetup.exe
  2018-06-13 06:56 - 2018-06-13 06:56 - 032542880 _____ (Skype Technologies S.A.) C:\Users\Arno\Downloads\SkypeSetupFull.exe
  ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
  Task: {75A36887-2910-4DE7-B151-035569492680} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
  FirewallRules: [{B4C93908-D987-4756-97B2-C9B3CA6E6D6F}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
  FirewallRules: [{D69295B8-BE15-42BC-BDC2-14B43E995871}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
  FirewallRules: [{37E1DFBF-4EAE-4517-BB07-F8A8D9D8CBC6}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
  FirewallRules: [{F28C671D-157A-460B-9DBE-4B545D683E86}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
  C:\Program Files\Common Files\McAfee
  CMD: dir "C:\PROGRA~1"
  CMD: dir "C:\PROGRA~2"
  CMD: dir "C:\PROGRA~3"
  CMD: dir "%localappdata%"
  CMD: dir "%appdata%"
  Hosts:
  EmptyTemp:
  End

[Sandokan]

Je to pořád stejná bída "Po spuštění" jsem zakázal asi 1/3 procesů, u kterých jsem věděl, že tím nic nezkazím.