Prosím o pomoc

[vokope]

Prosím o kontrolu mého PC. Je to už hodně let, co jsem kontroloval (resp. si nechal kontrolovat) PC přes Hijackthis. Od té doby mám už několik let jiný PC a přiznám se, že už jsem dost ztratil i tu PC gramotnost v tomto směru. Poslední dobou mám problém s rychlostí mého PC, je hodně pomalé (vypínám ho tak jednou za 3 dny, kdy se už hodně zpomalí). Asi tam mám dost zbytečných nepoužívaných aplikací, ale také zřejmě i dost různé havěti. Dnes jsem si tedy znovu nainstaloval Hijackthis, spustil, vyjel mi log (přikládám níže), ale to je tak jediné, co jsem zvládl. Orientace v logu už mi nic neříká. Proto prosím o radu, co s tím.
Mokrát díky za případnou pomoc.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:32:01, on 29.12.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18860)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Users\vojta\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hal3000.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee WebAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1927085-E71D-4371-819F-6B8F8AD3E83C}: NameServer = 62.240.178.250,10.0.0.1
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVerRemote - AVerMedia - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11701 bytes

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[vokope]

Díky,
tady je ten log.

# AdwCleaner 7.0.6.0 - Logfile created on Fri Dec 29 15:49:52 2017
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\AskPartnerNetwork
Deleted: C:\ProgramData\Application Data\AskPartnerNetwork
Deleted: C:\Program Files (x86)\AskPartnerNetwork
Deleted: C:\Users\All Users\AskPartnerNetwork
Deleted: C:\Users\vojta\AppData\Local\AskPartnerNetwork
Deleted: C:\Users\vojta\AppData\Roaming\Solvusoft
Deleted: C:\ProgramData\apn
Deleted: C:\ProgramData\Application Data\apn
Deleted: C:\Users\All Users\apn


***** [ Files ] *****

Deleted: C:\Windows\SysNative\roboot64.exe


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\apnwidgets.ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\actionprague.akcniceny.cz
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akcniceny.cz
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apnwidgets.ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cukrarstvimutenice.cz
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dsms0mj1bbhn4.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plarium.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\solvusoft.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\srovnanicen.cz
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\teta.akcniceny.cz
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wlogin.icq.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.akcniceny.cz
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.cukrarstvimutenice.cz
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.farnicek.estranky.cz
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.izito.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.metrolyrics.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice.cz
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.solvusoft.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.srovnanicen.cz
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Deleted: [Key] - HKLM\SOFTWARE\AskPartnerNetwork
Deleted: [Key] - HKU\S-1-5-21-277252482-2159804260-246990222-1000\Software\AskPartnerNetwork
Deleted: [Key] - HKCU\Software\AskPartnerNetwork
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Deleted: [Key] - HKU\S-1-5-21-277252482-2159804260-246990222-1000\Software\csastats
Deleted: [Key] - HKCU\Software\csastats
Deleted: [Key] - HKU\S-1-5-21-277252482-2159804260-246990222-1000\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [9447 B] - [2017/12/29 15:48:41]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

[Rudy]

OK. Teď dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=152707 .

[vokope]

Zdravím,
tak jsem se dostal až ke stažení toho FRSTLauncheru. Jako prohlížeč používám Mozillu Firefox a mám u ní nastavenou ochranu před klamavým obsahem a nebezpečným softwarem, takže mě to nepustilo dál. Tak jsem spustil 64 bitovou verzi IExploreru, kde reklamu blokovanou nemám (mám ji nainstalovanou, ale používám málo, jen v podstatě pro diskuzi na jednom serveru, která nefunguje, pokud je zablokována reklama) a podařilo se mi to obejít a ten program (FRSTLauncher) na plochu stáhnout. Když ho ale chci spustit, tak mi nejdřív vyskočí menší okno s varováním, že je to od neznámého vydavatele, jehož se nepodařilo ověřit a zda to chci přesto spustit. Dám-li souhlas se spuštěním, vyskočí pak malé okno se sdělením:

Verze souboru není kompatibilní se spuštěnou verzí systému Windows. Ověřte systémové informace počítače, zda je potřeba verze programu x86 (32 bitová) nebo x64 (64 bitová), a kontaktujte vydavatele softwaru.

A přes to nejede vlak Nainstalováno mám pochopitelně W7 v 64 bitové verzi. Dá se s tím něco dělat? nebo jak to spuštění obejít? Díky za radu.

[Rudy]

Stáhněte to buď přes IE, nebo vypněte po dobu práce s FRST antivir (FRST není virus, běžně ho tu používáme) a nebo stáhněte bežný FRST: https://www.bleepingcomputer.com/downlo ... scan-tool/ .

[vokope]

OK, díky, spustit se mi ho podařilo jen z IE, a to až po vypnutí ochrany antiviru a tady je tedy ten log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-12-2017
Ran by vojta (administrator) on PC (30-12-2017 12:44:51)
Running from C:\Users\vojta\Desktop
Loaded Profiles: vojta (Available Profiles: vojta)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(forum.viry.cz) C:\Users\vojta\Downloads\FRSTLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-277252482-2159804260-246990222-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-05] (Google Inc.)
HKU\S-1-5-21-277252482-2159804260-246990222-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-277252482-2159804260-246990222-1000\...\MountPoints2: {2cad8bb3-c428-11e4-af98-406186c73dc6} - G:\ihsEnergy.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk [2010-06-02]
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk [2010-06-02]
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-29]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\..\Interfaces\{D1927085-E71D-4371-819F-6B8F8AD3E83C}: [NameServer] 62.240.178.250,10.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-277252482-2159804260-246990222-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-277252482-2159804260-246990222-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hal3000.cz
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-277252482-2159804260-246990222-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-277252482-2159804260-246990222-1000 -> {9F1623F0-F9D9-4401-A555-89A86F2E4F46} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ADAP&o=102806&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=4J&apn_dtid=YYYYYYYYCZ&apn_uid=5F305085-802B-4EF8-A74B-2D4CBA019AC5&apn_sauid=2DC6111B-3FF3-49E4-A546-9E43C0E0567B
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-277252482-2159804260-246990222-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {672EE252-D813-4F5E-81BB-5DD163DD4FA5} hxxps://www.mojedatovaschranka.cz/static/pages/ ... ?3,16,13,0
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: 96z2ubt1.default-1493170029121
FF ProfilePath: C:\Users\vojta\AppData\Roaming\Mozilla\Firefox\Profiles\96z2ubt1.default-1493170029121 [2017-12-30]
FF Homepage: Mozilla\Firefox\Profiles\96z2ubt1.default-1493170029121 -> hxxp://www.msn.com/
FF Extension: (uBlock Origin) - C:\Users\vojta\AppData\Roaming\Mozilla\Firefox\Profiles\96z2ubt1.default-1493170029121\Extensions\uBlock0@raymondhill.net.xpi [2017-12-15]
FF Extension: (Adblock Plus) - C:\Users\vojta\AppData\Roaming\Mozilla\Firefox\Profiles\96z2ubt1.default-1493170029121\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-13]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-17]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2011-11-24] (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-277252482-2159804260-246990222-1000: jpl.nasa.gov/NASAEyes -> C:\Users\vojta\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2015-07-09] (Jet Propulsion Laboratory)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\vojta\AppData\Local\Google\Chrome\User Data\Default [2017-12-29]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\vojta\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-12-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\vojta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-18]
CHR Extension: (Chrome Media Router) - C:\Users\vojta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [84520 2011-03-14] (Software602 a.s.)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [344064 2009-04-08] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [405504 2008-12-10] () [File not signed]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-12-13] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 AVerA706_x64; C:\Windows\System32\DRIVERS\AVerA706_x64.sys [1422080 2009-06-10] (AVerMedia TECHNOLOGIES, Inc.)
S3 AVerBDA3x_x64; C:\Windows\System32\DRIVERS\AVerBDA3x_x64.sys [1523840 2008-08-27] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7345344 2009-07-21] (Intel Corporation) [File not signed]
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [95744 2010-01-12] (Windows (R) Codename Longhorn DDK provider)
R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [75264 2010-01-07] (Windows (R) Codename Longhorn DDK provider)
S1 dmkjdbnq; \??\C:\Windows\system32\drivers\dmkjdbnq.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 PAC7302; system32\DRIVERS\PAC7302.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-30 12:44 - 2017-12-30 12:45 - 000018827 _____ C:\Users\vojta\Desktop\FRST.txt
2017-12-30 12:43 - 2017-12-30 12:44 - 000000000 ____D C:\FRST
2017-12-30 12:41 - 2017-12-30 12:41 - 000112640 _____ (forum.viry.cz) C:\Users\vojta\Downloads\FRSTLauncher.exe
2017-12-30 12:19 - 2017-12-30 12:19 - 000002932 _____ C:\Windows\System32\Tasks\{BAA371A4-A19E-4B23-AB78-D6FD94926903}
2017-12-30 12:19 - 2017-12-30 12:19 - 000002932 _____ C:\Windows\System32\Tasks\{B207C474-3887-4B4F-BAA2-5F9DD21D614A}
2017-12-30 12:19 - 2017-12-30 12:19 - 000002932 _____ C:\Windows\System32\Tasks\{7FBCD108-354C-40B9-A81E-DDF6A19B0011}
2017-12-30 12:19 - 2017-12-30 12:19 - 000002932 _____ C:\Windows\System32\Tasks\{12428081-8DEA-4756-BF80-BC7235A075C7}
2017-12-30 12:16 - 2017-12-30 12:16 - 000000000 ____D C:\Users\vojta\AppData\Local\{01BE7CC7-F6CE-44A6-8F9C-87BE8117FC16}
2017-12-30 03:41 - 2017-12-30 03:41 - 000002932 _____ C:\Windows\System32\Tasks\{DAADE4F8-F1C6-48C2-A1EE-E4B27C98D61B}
2017-12-30 03:41 - 2017-12-30 03:41 - 000002932 _____ C:\Windows\System32\Tasks\{55BBA838-B381-4ADD-9B9D-FC014CDD2F91}
2017-12-30 03:41 - 2017-12-30 03:41 - 000002932 _____ C:\Windows\System32\Tasks\{1FBED80C-EFEA-471B-B92F-C18517185828}
2017-12-30 03:40 - 2017-12-30 03:40 - 000002932 _____ C:\Windows\System32\Tasks\{5FE661AA-34B9-4D6C-A096-27853C07C2C7}
2017-12-30 03:36 - 2017-12-30 03:36 - 000002932 _____ C:\Windows\System32\Tasks\{FB304D98-66DF-41F3-B4BA-C4ED6282F8B2}
2017-12-30 03:23 - 2017-12-30 03:25 - 000112640 _____ C:\Users\vojta\FRSTLauncher.exe
2017-12-30 02:59 - 2017-12-30 02:59 - 000002932 _____ C:\Windows\System32\Tasks\{B8489800-6828-4072-A06A-103AC48C1E22}
2017-12-30 02:59 - 2017-12-30 02:59 - 000002932 _____ C:\Windows\System32\Tasks\{B6825A8C-00A8-4A0E-8584-B3971FB5A1E7}
2017-12-30 02:59 - 2017-12-30 02:59 - 000002932 _____ C:\Windows\System32\Tasks\{981CD9FF-2EFF-42A7-B4A2-553AF89D21CB}
2017-12-30 02:59 - 2017-12-30 02:59 - 000002932 _____ C:\Windows\System32\Tasks\{5C34DE9F-482E-48D5-9BA9-AE56FF994930}
2017-12-30 02:59 - 2017-12-30 02:59 - 000002932 _____ C:\Windows\System32\Tasks\{203DE7A9-C464-4965-B150-3A24546FACB2}
2017-12-30 02:57 - 2017-12-30 02:57 - 000002932 _____ C:\Windows\System32\Tasks\{CEA1F46B-0FDA-4922-B87D-AE4395840837}
2017-12-30 02:57 - 2017-12-30 02:57 - 000002932 _____ C:\Windows\System32\Tasks\{86594782-19E0-4E14-BD77-74F622A31D4F}
2017-12-30 02:55 - 2017-12-30 02:55 - 000002932 _____ C:\Windows\System32\Tasks\{B0D0847E-6FC6-49C6-BCB9-C2C61746A038}
2017-12-30 02:55 - 2017-12-30 02:55 - 000002932 _____ C:\Windows\System32\Tasks\{27FA1E65-0A30-4256-AA58-927DC7C06535}
2017-12-30 02:26 - 2017-12-30 02:26 - 002391552 _____ (Farbar) C:\Users\vojta\Desktop\FRST64.exe
2017-12-29 16:47 - 2017-12-29 16:49 - 000000000 ____D C:\AdwCleaner
2017-12-29 16:43 - 2017-12-29 16:44 - 008198432 _____ (Malwarebytes) C:\Users\vojta\Desktop\adwcleaner_7.0.6.0.exe
2017-12-29 15:45 - 2017-12-29 15:45 - 000000000 ____D C:\Users\vojta\AppData\Local\{EC2CCD27-2B67-4915-9FC7-296A53785E4D}
2017-12-29 14:29 - 2017-12-29 14:29 - 000388608 _____ (Trend Micro Inc.) C:\Users\vojta\hijackthis.exe
2017-12-29 14:28 - 2017-12-29 14:28 - 000000000 ____D C:\Program Files (x86)\Hijackthis
2017-12-28 08:02 - 2017-12-28 08:02 - 000000000 ____D C:\Users\vojta\AppData\Local\{72D33661-914F-482E-9AF5-5D5CE4E33DAC}
2017-12-27 07:48 - 2017-12-27 07:48 - 000000000 ____D C:\Users\vojta\AppData\Local\{CDB12C55-6D01-4279-96C6-4CF734F3BC33}
2017-12-26 07:01 - 2017-12-26 07:01 - 000000000 ____D C:\Users\vojta\AppData\Local\{853A11DD-61CF-4264-ABBE-BC5A841CAEE0}
2017-12-25 07:32 - 2017-12-25 07:32 - 000000000 ____D C:\Users\vojta\AppData\Local\{D32A1CB2-213F-4D7B-9D59-D1F92B4E60B5}
2017-12-24 07:19 - 2017-12-24 07:19 - 000000000 ____D C:\Users\vojta\AppData\Local\{FEA83AEB-4EED-4CC4-B430-92708479D350}
2017-12-23 07:59 - 2017-12-23 07:59 - 000000000 ____D C:\Users\vojta\AppData\Local\{88793551-91A9-49B2-B642-AF07B91F771A}
2017-12-22 16:22 - 2017-12-22 16:22 - 000000000 ____D C:\Users\vojta\AppData\Local\{E5EDDBA5-1C89-4828-BC10-EF8AC1DED328}
2017-12-22 07:37 - 2017-12-22 07:37 - 000000000 ____D C:\Users\vojta\AppData\Local\{5D8BE9D9-5D9C-4E8D-B73B-C5A43EF0A696}
2017-12-20 21:01 - 2017-12-20 21:01 - 000000000 ____D C:\Users\vojta\AppData\Local\{4CDBDACA-130F-4328-A63E-3C6DDA627174}
2017-12-19 06:00 - 2017-12-19 06:00 - 000000000 ____D C:\Users\vojta\AppData\Local\{BE2D67E6-FB39-4577-A5EF-F848A9ADC34D}
2017-12-17 12:36 - 2017-12-17 12:36 - 000000000 ____D C:\Users\vojta\AppData\Local\{74AB8B9D-EED4-4276-9FE0-0DEBAE505A6B}
2017-12-14 13:17 - 2017-12-14 13:17 - 000000000 ____D C:\Users\vojta\AppData\Local\{BDA34FBD-C06A-4AF5-BABD-D3F034A38219}
2017-12-13 18:20 - 2017-12-13 18:20 - 000000000 ____D C:\Users\vojta\AppData\Local\{878C7211-1408-4EF3-9818-DAC560F2C696}
2017-12-13 10:48 - 2017-12-13 10:48 - 009497600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2017-12-12 20:55 - 2017-11-17 05:23 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-12-12 20:55 - 2017-11-15 02:27 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-12-12 20:55 - 2017-11-15 01:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-12-12 20:55 - 2017-11-14 04:57 - 025731072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-12 20:55 - 2017-11-14 04:43 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-12-12 20:55 - 2017-11-14 04:43 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-12-12 20:55 - 2017-11-14 04:32 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-12-12 20:55 - 2017-11-14 04:31 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-12-12 20:55 - 2017-11-14 04:31 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-12-12 20:55 - 2017-11-14 04:30 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-12-12 20:55 - 2017-11-14 04:30 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-12-12 20:55 - 2017-11-14 04:30 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-12-12 20:55 - 2017-11-14 04:25 - 005925888 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-12-12 20:55 - 2017-11-14 04:24 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-12-12 20:55 - 2017-11-14 04:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-12-12 20:55 - 2017-11-14 04:21 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-12-12 20:55 - 2017-11-14 04:20 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-12-12 20:55 - 2017-11-14 04:20 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-12-12 20:55 - 2017-11-14 04:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-12-12 20:55 - 2017-11-14 04:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-12-12 20:55 - 2017-11-14 04:15 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-12-12 20:55 - 2017-11-14 04:12 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-12-12 20:55 - 2017-11-14 04:06 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-12-12 20:55 - 2017-11-14 04:06 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-12-12 20:55 - 2017-11-14 04:05 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-12-12 20:55 - 2017-11-14 04:03 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-12-12 20:55 - 2017-11-14 04:02 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-12-12 20:55 - 2017-11-14 04:00 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-12-12 20:55 - 2017-11-14 03:59 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-12-12 20:55 - 2017-11-14 03:51 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-12-12 20:55 - 2017-11-14 03:48 - 015267328 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-12 20:55 - 2017-11-14 03:48 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-12-12 20:55 - 2017-11-14 03:48 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-12-12 20:55 - 2017-11-14 03:47 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-12-12 20:55 - 2017-11-14 03:46 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-12-12 20:55 - 2017-11-14 03:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-12-12 20:55 - 2017-11-14 03:27 - 001544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-12 20:55 - 2017-11-14 03:16 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-12-12 20:55 - 2017-11-14 02:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-12 20:55 - 2017-11-14 02:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-12-12 20:55 - 2017-11-14 02:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-12-12 20:55 - 2017-11-14 02:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-12-12 20:55 - 2017-11-14 02:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-12 20:55 - 2017-11-14 01:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-12-12 20:55 - 2017-11-14 01:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-12-12 20:55 - 2017-11-07 21:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-12-12 20:55 - 2017-11-07 21:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-12-12 20:55 - 2017-11-07 21:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-12-12 20:55 - 2017-11-07 21:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-12-12 20:55 - 2017-11-07 21:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-12-12 20:55 - 2017-11-07 21:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-12-12 20:55 - 2017-11-07 21:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-12-12 20:55 - 2017-11-07 21:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-12-12 20:55 - 2017-11-07 21:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-12-12 20:55 - 2017-11-07 21:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-12-12 20:55 - 2017-11-07 21:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-12-12 20:55 - 2017-11-07 21:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-12-12 20:55 - 2017-11-07 21:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-12-12 20:55 - 2017-11-07 21:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-12-12 20:55 - 2017-11-07 21:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-12 20:55 - 2017-11-07 21:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-12-12 20:55 - 2017-11-07 21:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-12-12 20:55 - 2017-11-07 21:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-12-12 20:55 - 2017-11-07 21:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-12-12 20:55 - 2017-11-07 21:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-12-12 20:55 - 2017-11-07 21:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-12-12 20:55 - 2017-11-07 21:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-12 20:55 - 2017-11-07 21:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-12 20:55 - 2017-11-07 20:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-12-12 20:55 - 2017-11-07 17:31 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-12 20:55 - 2017-11-07 17:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-12 20:55 - 2017-11-04 16:31 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2017-12-12 20:55 - 2017-11-04 16:31 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-12 20:55 - 2017-11-04 16:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itircl.dll
2017-12-12 20:55 - 2017-11-04 16:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-12 20:55 - 2017-11-02 17:55 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-12 20:55 - 2017-11-02 17:55 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2017-12-12 20:55 - 2017-11-02 17:55 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2017-12-12 20:55 - 2017-11-02 17:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2017-12-12 20:55 - 2017-11-02 16:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-12 20:55 - 2017-11-02 16:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2017-12-12 20:55 - 2017-11-02 16:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2017-12-12 20:55 - 2017-11-02 15:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2017-12-12 20:55 - 2017-10-17 00:04 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2017-12-12 20:55 - 2017-10-16 23:46 - 000953344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2017-12-12 20:55 - 2017-10-12 01:20 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-12-11 07:23 - 2017-12-11 07:23 - 000000000 ____D C:\Users\vojta\AppData\Local\{FDA57ADE-83BE-4BF5-B3C9-8FC8D3024954}
2017-12-09 15:47 - 2017-12-09 15:47 - 000000000 ____D C:\Users\vojta\AppData\Local\{9B466F4D-0663-43B0-B942-E0C4A0A10419}
2017-12-09 06:01 - 2017-12-09 06:01 - 000000000 ____D C:\Users\vojta\AppData\Local\{1F91D7CE-1B27-4629-B030-67EC1BF6662A}
2017-12-08 12:25 - 2017-12-08 12:25 - 000000000 ____D C:\Users\vojta\AppData\Local\{00008B6A-8509-4051-99C5-552627BCF9A3}
2017-12-07 19:57 - 2017-12-07 19:57 - 000000000 ____D C:\Users\vojta\AppData\Local\{7BDDA2A8-4101-41E1-AABE-F3199BD68E49}
2017-12-05 05:57 - 2017-12-05 05:57 - 000000000 ____D C:\Users\vojta\AppData\Local\{BD20DCB8-4223-4E65-A01B-FE7CAF291482}
2017-12-03 06:20 - 2017-12-03 06:21 - 000000000 ____D C:\Users\vojta\AppData\Local\{AE68F5DE-AC3A-49E5-813A-1E8BF270F568}
2017-12-02 04:34 - 2017-12-02 04:34 - 000000000 ____D C:\Users\vojta\AppData\Local\{8A4D08EE-83A2-436D-93AD-001F029586EC}
2017-11-30 22:29 - 2017-11-30 22:29 - 000000000 ____D C:\Users\vojta\AppData\Local\{374DAEBF-A4D7-48F5-AEA3-29B78715CA74}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-30 12:41 - 2016-12-18 09:18 - 000000000 ____D C:\Users\vojta\AppData\LocalLow\Mozilla
2017-12-30 12:39 - 2009-07-14 05:45 - 000023392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-30 12:39 - 2009-07-14 05:45 - 000023392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-30 12:31 - 2010-09-18 21:38 - 000000000 ____D C:\Users\vojta\Tracing
2017-12-30 12:31 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-30 12:21 - 2010-06-07 15:40 - 000000000 ____D C:\Users\vojta
2017-12-29 15:43 - 2016-12-18 09:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-29 15:43 - 2016-12-18 09:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-18 23:02 - 2009-07-14 16:18 - 000668882 _____ C:\Windows\system32\perfh005.dat
2017-12-18 23:02 - 2009-07-14 16:18 - 000141542 _____ C:\Windows\system32\perfc005.dat
2017-12-18 23:02 - 2009-07-14 06:13 - 001584626 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-18 23:02 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-12-17 12:34 - 2016-08-30 06:25 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-12-14 16:57 - 2012-08-16 12:06 - 000002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-13 10:48 - 2012-09-10 15:57 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-13 10:48 - 2012-03-30 14:18 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-13 10:48 - 2011-10-07 12:15 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-13 10:48 - 2011-05-14 06:26 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-13 10:48 - 2010-06-07 23:51 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-13 09:48 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2017-12-13 07:40 - 2009-07-14 05:45 - 000421504 _____ C:\Windows\system32\FNTCACHE.DAT
2017-12-13 03:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\Setup
2017-12-13 03:24 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\Setup
2017-12-13 03:12 - 2013-08-15 12:26 - 000000000 ____D C:\Windows\system32\MRT
2017-12-13 03:06 - 2017-10-11 02:05 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-13 03:06 - 2009-10-06 15:11 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2017-12-30 03:23 - 2017-12-30 03:25 - 000112640 _____ () C:\Users\vojta\FRSTLauncher.exe
2017-12-29 14:29 - 2017-12-29 14:29 - 000388608 _____ (Trend Micro Inc.) C:\Users\vojta\hijackthis.exe
2003-02-25 10:04 - 2003-02-25 10:04 - 000004632 _____ () C:\Program Files (x86)\0x0409.ini
2004-11-09 14:27 - 2004-11-09 14:27 - 108629173 _____ () C:\Program Files (x86)\Data1.cab
2002-03-11 07:45 - 2002-03-11 07:45 - 001708856 _____ (Microsoft Corporation) C:\Program Files (x86)\instmsia.exe
2002-03-11 08:06 - 2002-03-11 08:06 - 001822520 _____ (Microsoft Corporation) C:\Program Files (x86)\instmsiw.exe
2004-11-09 14:27 - 2004-11-09 14:27 - 002121484 _____ () C:\Program Files (x86)\Jasc Paint Shop Pro 9.msi
2004-11-09 14:22 - 2004-11-09 14:22 - 000225280 ____N (Jasc Software Inc ) C:\Program Files (x86)\setup.exe
2004-11-09 14:27 - 2004-11-09 14:27 - 000001221 _____ () C:\Program Files (x86)\Setup.ini

Some files in TEMP:
====================
2017-10-26 21:54 - 2003-03-17 17:52 - 000049152 _____ (Sony Corporation) C:\Users\vojta\AppData\Local\Temp\EdRegAcd.dll
2017-10-26 21:54 - 2002-12-27 08:59 - 000081920 _____ (Sony Corporation) C:\Users\vojta\AppData\Local\Temp\IMS.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\vojta\Desktop" je 10 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
C:\Program Files\McAfee Security Scan
HKU\S-1-5-21-277252482-2159804260-246990222-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-05] (Google Inc.)
C:\Program Files (x86)\Google\GoogleToolbarNotifier
HKU\S-1-5-21-277252482-2159804260-246990222-1000\...\MountPoints2: {2cad8bb3-c428-11e4-af98-406186c73dc6} - G:\ihsEnergy.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-29]
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-277252482-2159804260-246990222-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-277252482-2159804260-246990222-1000 -> {9F1623F0-F9D9-4401-A555-89A86F2E4F46} URL = hxxp://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=4J&apn_dtid=YYYYYYYYCZ&apn_uid=5F305085-802B-4EF8-A74B-2D4CBA019AC5&apn_sauid=2DC6111B-3FF3-49E4-A546-9E43C0E0567B
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-277252482-2159804260-246990222-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
S1 dmkjdbnq; \??\C:\Windows\system32\drivers\dmkjdbnq.sys [X]
C:\Program Files (x86)\0x0409.ini
C:\Users\vojta\AppData\Local\Temp
Task: {D4B29D62-49AF-454F-B195-67DD7CE00E60} - System32\Tasks\{5E60970E-1353-4682-98FA-ECEB9A9EBA30} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Microsoft GIF Animator\setup\GifACME.exe"

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[vokope]

Tady je ten vytvořený log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by vojta (30-12-2017 15:10:11) Run:1
Running from C:\Users\vojta\Desktop
Loaded Profiles: vojta (Available Profiles: vojta)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
C:\Program Files\McAfee Security Scan
HKU\S-1-5-21-277252482-2159804260-246990222-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-05] (Google Inc.)
C:\Program Files (x86)\Google\GoogleToolbarNotifier
HKU\S-1-5-21-277252482-2159804260-246990222-1000\...\MountPoints2: {2cad8bb3-c428-11e4-af98-406186c73dc6} - G:\ihsEnergy.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-29]
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-277252482-2159804260-246990222-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-277252482-2159804260-246990222-1000 -> {9F1623F0-F9D9-4401-A555-89A86F2E4F46} URL = hxxp://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=4J&apn_dtid=YYYYYYYYCZ&apn_uid=5F305085-802B-4EF8-A74B-2D4CBA019AC5&apn_sauid=2DC6111B-3FF3-49E4-A546-9E43C0E0567B
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-277252482-2159804260-246990222-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
S1 dmkjdbnq; \??\C:\Windows\system32\drivers\dmkjdbnq.sys [X]
C:\Program Files (x86)\0x0409.ini
C:\Users\vojta\AppData\Local\Temp
Task: {D4B29D62-49AF-454F-B195-67DD7CE00E60} - System32\Tasks\{5E60970E-1353-4682-98FA-ECEB9A9EBA30} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Microsoft GIF Animator\setup\GifACME.exe"

EmptyTemp:
End
*****************


"C:\Program Files\McAfee Security Scan" folder move:

Could not move "C:\Program Files\McAfee Security Scan" => Scheduled to move on reboot.

"HKU\S-1-5-21-277252482-2159804260-246990222-1000\Software\Microsoft\Windows\CurrentVersion\Run\\swg" => removed successfully
C:\Program Files (x86)\Google\GoogleToolbarNotifier => moved successfully
"HKU\S-1-5-21-277252482-2159804260-246990222-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cad8bb3-c428-11e4-af98-406186c73dc6}" => removed successfully
HKLM\Software\Classes\CLSID\{2cad8bb3-c428-11e4-af98-406186c73dc6} => key not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => removed successfully
HKLM\Software\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found
"HKU\S-1-5-21-277252482-2159804260-246990222-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => removed successfully
HKLM\Software\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => key not found
"HKU\S-1-5-21-277252482-2159804260-246990222-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9F1623F0-F9D9-4401-A555-89A86F2E4F46}" => removed successfully
HKLM\Software\Classes\CLSID\{9F1623F0-F9D9-4401-A555-89A86F2E4F46} => key not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}" => removed successfully
"HKLM\Software\Classes\CLSID\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully
"HKLM\Software\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{eec0f710-38b5-4aba-99bf-ec87564a4e13}" => removed successfully
"HKLM\Software\Classes\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully
"HKLM\Software\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{eec0f710-38b5-4aba-99bf-ec87564a4e13}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => removed successfully
"HKU\S-1-5-21-277252482-2159804260-246990222-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\System\CurrentControlSet\Services\McComponentHostService" => removed successfully
McComponentHostService => service removed successfully
"HKLM\System\CurrentControlSet\Services\dmkjdbnq" => removed successfully
dmkjdbnq => service removed successfully
C:\Program Files (x86)\0x0409.ini => moved successfully

"C:\Users\vojta\AppData\Local\Temp" folder move:

Could not move "C:\Users\vojta\AppData\Local\Temp" => Scheduled to move on reboot.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4B29D62-49AF-454F-B195-67DD7CE00E60} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4B29D62-49AF-454F-B195-67DD7CE00E60}" => removed successfully
C:\Windows\System32\Tasks\{5E60970E-1353-4682-98FA-ECEB9A9EBA30} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5E60970E-1353-4682-98FA-ECEB9A9EBA30}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 188441803 B
Java, Flash, Steam htmlcache => 251145 B
Windows/system/drivers => 760641070 B
Edge => 0 B
Chrome => 8710422 B
Firefox => 406284270 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42338216 B
systemprofile32 => 20044593 B
LocalService => 132244 B
NetworkService => 39971317 B
vojta => 1195283814 B

RecycleBin => 91620495 B
EmptyTemp: => 2.6 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 30-12-2017 15:19:37)

C:\Program Files\McAfee Security Scan => Is moved successfully
C:\Users\vojta\AppData\Local\Temp => moved successfully

==== End of Fixlog 15:19:53 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[vokope]

Určitě! Zrychlilo se otevírání hlavní stránky i ostatních stránek, snížilo se zatížení procesoru a celkově se mi ztišil počítač. Ale uvidím ještě tak po 3 dnech po zapnutí, jak to bude vypadat. Snad mi tam něco zas neskočí V každém případě velký dík za pomoc a máte ode mě příspěvek na provoz fóra.

P.S.
A co s těmi staženými soubory na ploše? Nechat je tam pro další příp. spolupráci (kéž by nemusela být ) nebo je smazat?

[Rudy]

ADW spusťte a odinstslujte. Klik na lavé roletové menu>odinstalovat. FRST a vše, co vytvořil normálně smažte. Rádo se stalo!