VIRY.CZ

Tak buď je vaše osobní, nebo patří firmě (instituci). Jiné rozlišení nemáme. Měli jsme ti případy, kdy si firmní ajťáci u nás nechali odvirovat PC a sami za to shrábli odměnu. Tím jsme tomu učinili přítrž, poněvadž se nám to zdá dost nefér. Ten první případ tu samozřejmě řešíme. Je-li tomu tak, klidně sem dejte FRST+Addition.

Díky! Nejde o instituci, nikdo za to smetanu slízávat nebude.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.03.2019
Ran by Částka Petr (administrator) on LENOVO-PC (06-03-2019 11:21:55)
Running from C:\Users\Petr\Desktop
Loaded Profiles: UpdatusUser & Částka Petr (Available Profiles: UpdatusUser & Částka Petr)
Platform: Windows 8.1 (Update) (X64) Language: Angličtina (Spojené státy)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
() [File not signed] C:\Windows\jmesoft\Service.exe
(LENOVO -> LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ClientConnect LTD -> ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ClientConnect LTD -> ClientConnect LTD) C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\cltmng.exe
(Pokki -> Pokki) C:\Users\Petr\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Lenovo) [File not signed] C:\Windows\jmesoft\hotkey.exe
() [File not signed] C:\Windows\jmesoft\JME_LOAD.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-04] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo) [File not signed]
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] () [File not signed]
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo (Beijing) Limited -> Lenovo)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-08] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2013-03-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] () [File not signed]
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Software Inc. -> Acresso Corporation)
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {2a1b4f04-bd53-11e6-8264-f0761c5221e3} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {2e20ddfc-7c38-11e7-8267-f0761c5221e3} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {4d1ec61d-d63a-11e5-825c-f0761c5221e3} - "G:\autorun.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {4d1ed478-d63a-11e5-825c-f0761c5221e3} - "F:\autorun.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {6206e3d8-ec3f-11e5-825e-f0761c5221e3} - "F:\autorun.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {95169767-9ab6-11e6-8264-f0761c5221e3} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {a6e9883d-7eaf-11e8-826f-f0761c5221e3} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\MountPoints2: {edd49d32-55a2-11e7-8266-f0761c5221e3} - "F:\HiSuiteDownLoader.exe"
HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\system32\xvidvfw.dll [255488 2011-05-30] () [File not signed]
HKLM\...\Drivers32: [msacm.l3acm] => C:\WINDOWS\SysWOW64\l3codecp.acm [186368 2014-10-29] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\SysWOW64\xvidvfw.dll [240640 2011-05-30] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-06] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
AppInit_DLLs: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll [206152 2014-05-12] (ClientConnect LTD -> ClientConnect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL => C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll [173896 2014-05-12] (ClientConnect LTD -> ClientConnect LTD)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{03F53F67-784D-4FB3-9EC0-A406A81A51C6}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{373C285D-1596-47EB-B690-00328B36A86A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3971982784-3446199161-1991443711-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=29530
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2017-01-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-04] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-03-04] (DivX, LLC -> DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-18] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default [2019-03-06]
CHR Extension: (Prezentace) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Dokumenty) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Disk Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-16]
CHR Extension: (Vyhledávání Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-27]
CHR Extension: (FormApps Extension) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2017-06-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [2535752 2014-05-12] (ClientConnect LTD -> ClientConnect LTD)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-04] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation - pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO -> LENOVO INCORPORATED.)
S4 LSEDT; C:\WINDOWS\System32\LSEDT.exe [32968 2016-02-16] (Lenovo.Ltd -> Lenovo)
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] (CyberLink -> )
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation -> Microsoft Corporation)
S2 0025841460351472mcinstcleanup; C:\WINDOWS\TEMP\002584~1.EXE -cleanup -nolog [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [95344 2014-10-23] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [21872 2014-10-23] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R1 MpKsl4f544884; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4218A688-72B8-40FC-8EFD-77D0EBAE5830}\MpKsl4f544884.sys [44928 2018-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Microsoft Corporation)
S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
R3 vmuacflt; C:\WINDOWS\System32\Drivers\vmuacflt.sys [15872 2013-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Vimicro Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Windows -> Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-06 11:21 - 2019-03-06 11:22 - 000023925 _____ C:\Users\Petr\Desktop\FRST.txt
2019-03-06 11:21 - 2019-03-06 11:21 - 000000000 ____D C:\Users\Petr\Desktop\FRST-OlderVersion
2019-03-06 11:21 - 2019-03-06 11:21 - 000000000 ____D C:\FRST
2019-03-06 11:12 - 2019-03-06 11:21 - 002434560 _____ (Farbar) C:\Users\Petr\Desktop\FRST64.exe
2019-02-22 14:24 - 2019-02-22 15:49 - 000010912 _____ C:\Users\Petr\Desktop\heslo.odt
2019-02-22 13:59 - 2019-02-22 13:59 - 000452747 _____ C:\Users\Petr\Downloads\2018_05_17_14_13_49.pdf
2019-02-22 13:58 - 2019-02-22 13:58 - 000452393 _____ C:\Users\Petr\Downloads\Let Repair Wire Trasnfer__ 2-11-19.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-06 11:20 - 2016-02-16 21:37 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3971982784-3446199161-1991443711-1002
2019-03-06 11:15 - 2016-02-16 21:51 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-06 11:15 - 2016-02-16 21:51 - 000002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-03-06 11:09 - 2016-08-29 06:38 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Skype
2019-03-06 11:07 - 2016-02-16 21:30 - 000000000 ____D C:\Users\Petr\AppData\Local\SweetLabs App Platform
2019-03-06 11:06 - 2016-02-18 12:56 - 000000000 ___RD C:\Users\Petr\OneDrive
2019-03-05 16:13 - 2018-09-06 12:33 - 000014161 _____ C:\Users\Petr\Desktop\Nový Textový dokument OpenDocument.odt
2019-03-05 16:10 - 2016-02-16 22:40 - 000026474 _____ C:\WINDOWS\BRRBCOM.INI
2019-02-22 11:44 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-02-21 15:50 - 2016-03-16 08:33 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-14 13:34 - 2014-12-02 04:51 - 000739704 _____ C:\WINDOWS\system32\perfh005.dat
2019-02-14 13:34 - 2014-12-02 04:51 - 000151944 _____ C:\WINDOWS\system32\perfc005.dat
2019-02-14 13:34 - 2014-03-18 10:53 - 001749406 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-14 13:34 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2019-02-14 13:01 - 2016-03-16 08:33 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-02-11 12:53 - 2017-07-27 12:50 - 000003186 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3971982784-3446199161-1991443711-1002
2019-02-11 12:53 - 2016-04-27 06:56 - 000002334 _____ C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2019-02-05 14:40 - 2016-11-25 14:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-02-05 14:40 - 2016-05-06 13:53 - 000001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

==================== Files in the root of some directories =======

2016-06-08 10:32 - 2007-11-20 08:22 - 000000060 ____R () C:\Program Files (x86)\BRINST.INI

Some files in TEMP:
====================
2018-06-06 11:44 - 2019-01-07 16:00 - 026481656 _____ (Microsoft Corporation) C:\Users\Petr\AppData\Local\Temp\AccessDatabaseEngine.exe
2018-06-06 11:44 - 2019-01-07 16:00 - 076055472 _____ (Microsoft Corporation) C:\Users\Petr\AppData\Local\Temp\accessruntimeanddataconnectivity2007sp3-kb2526310-fullfile-en-us.exe
2017-01-04 11:29 - 2017-01-04 11:29 - 000737856 _____ (Oracle Corporation) C:\Users\Petr\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-06-08 09:37 - 2016-06-08 09:37 - 000739904 _____ (Oracle Corporation) C:\Users\Petr\AppData\Local\Temp\jre-8u91-windows-au.exe
2016-03-14 12:03 - 2016-03-14 12:03 - 000205808 _____ (McAfee, Inc.) C:\Users\Petr\AppData\Local\Temp\McCSPInstall.dll
2016-05-06 13:24 - 2016-03-14 12:03 - 000169184 _____ (McAfee Inc.) C:\Users\Petr\AppData\Local\Temp\mccspuninstall.exe
2016-08-01 06:33 - 2016-08-01 06:34 - 063953128 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct27FF.tmp.exe
2017-05-19 09:27 - 2017-05-19 09:28 - 064118864 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct2A04.tmp.exe
2018-01-19 16:09 - 2018-01-19 16:12 - 041424392 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct4705.tmp.exe
2016-09-20 12:31 - 2016-09-20 12:32 - 064108904 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct4CCB.tmp.exe
2017-08-11 06:51 - 2017-08-11 06:52 - 063610592 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct4F8C.tmp.exe
2018-03-15 15:59 - 2018-03-15 16:00 - 041560272 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct51B3.tmp.exe
2016-11-21 07:57 - 2016-11-21 07:58 - 064111920 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct53EA.tmp.exe
2017-10-09 07:40 - 2017-10-09 07:40 - 041565936 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct5F7.tmp.exe
2018-10-05 07:33 - 2018-10-05 07:34 - 043898176 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct65EB.tmp.exe
2017-09-25 13:17 - 2017-09-25 13:17 - 041563000 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct6E69.tmp.exe
2018-03-18 18:02 - 2018-03-18 18:02 - 041561472 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct7AF0.tmp.exe
2017-12-07 13:24 - 2017-12-07 13:25 - 041373360 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct8199.tmp.exe
2018-03-22 09:29 - 2018-03-22 09:30 - 041558960 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\oct8C6E.tmp.exe
2017-09-27 07:29 - 2017-09-27 07:29 - 041564368 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octA0E9.tmp.exe
2019-01-03 08:41 - 2019-01-03 08:42 - 044622200 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octD65F.tmp.exe
2017-10-30 13:02 - 2017-10-30 13:03 - 042197072 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octDF41.tmp.exe
2017-12-18 12:16 - 2017-12-18 12:16 - 041440856 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octEED.tmp.exe
2016-07-25 09:00 - 2016-07-25 09:01 - 063953600 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octF187.tmp.exe
2018-11-23 11:07 - 2018-11-23 11:07 - 044113736 _____ (SweetLabs,Inc.) C:\Users\Petr\AppData\Local\Temp\octF27D.tmp.exe
2016-06-08 10:41 - 2006-05-24 18:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_is46D5.exe
2016-06-08 09:27 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_is5120.exe
2016-06-08 10:33 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_is65AA.exe
2016-06-07 10:04 - 2006-05-24 18:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_is8A18.exe
2016-06-08 09:23 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_isE66F.exe
2016-06-08 09:45 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_isF504.exe
2016-06-08 10:49 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_isF918.exe
2016-06-08 10:43 - 2006-05-24 18:10 - 000455600 _____ (Macrovision Corporation) C:\Users\Petr\AppData\Local\Temp\_isFA5D.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-03-05 15:17

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.03.2019
Ran by Částka Petr (06-03-2019 11:23:28)
Running from C:\Users\Petr\Desktop
Windows 8.1 (Update) (X64) (2016-02-16 20:31:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3971982784-3446199161-1991443711-500 - Administrator - Disabled)
Guest (S-1-5-21-3971982784-3446199161-1991443711-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3971982784-3446199161-1991443711-1001 - Limited - Enabled) => C:\Users\UpdatusUser
Částka Petr (S-1-5-21-3971982784-3446199161-1991443711-1002 - Administrator - Enabled) => C:\Users\Petr

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
Brother MFL-Pro Suite MFC-J6520DW (HKLM-x32\...\{6A367B4D-2E1C-4843-9FF0-A1DF1DEAB1E6}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
collage of waste materials (HKLM-x32\...\{ECE59CCF-8619-4700-BD83-484962C959B8}) (Version: 1.20.2014.0617 - Tong child Research & Planning Co.,Ltd)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.8.0.18 - DivX, LLC)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0903 - Lenovo)
FastStone Image Viewer 6.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.2 - FastStone Soft)
Find the Differences (HKLM-x32\...\{65F9B587-24A7-466A-999A-9C5F9D452400}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Find the Differences (HKLM-x32\...\InstallShield_{65F9B587-24A7-466A-999A-9C5F9D452400}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (HKLM-x32\...\{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
FORM studio (HKLM-x32\...\FSCZ_is1) (Version: - KASTNER software s.r.o.)
FormApps Signing Extension (HKLM-x32\...\{ACA43D91-8B42-4D42-8C8B-A893BD6AA40D}) (Version: 2.8.2.28 - Software602 a.s.)
Fruits (HKLM-x32\...\{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2751 - Hightail, Inc.)
Host App Service (HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\SweetLabs_AP) (Version: 0.269.8.718 - Pokki) <==== ATTENTION
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.8.1000 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.14.0.129 - ClientConnect LTD) <==== ATTENTION
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo Web Start (HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
LibreOffice 5.1.2.2 (HKLM-x32\...\{09AD7191-4F96-442C-B2F4-1491B144DBEB}) (Version: 5.1.2.2 - The Document Foundation)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Mammals (HKLM-x32\...\{33492EF5-7931-45B9-B74F-E4A99068B7C9}) (Version: 1.20.2014.0509 - Tong child Research & Planning Co.,Ltd)
Matching Roles (HKLM-x32\...\{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.5.0.6961 - Mozilla)
Mozilla Thunderbird 60.5.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 60.5.0 (x86 cs)) (Version: 60.5.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{A04A7656-A8E6-451F-A687-B1E34F83A8E2}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Graphics Driver 332.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.92 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{7308600A-5231-459C-A3E2-A637F842CACA}) (Version: 4.13.9783 - Apache Software Foundation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7093 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0224 - REALTEK Semiconductor Corp.)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Start Menu (HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\...\SweetLabs_Start_Menu) (Version: 0.269.8.718 - Pokki)
STORMWARE PDF Printer 10.1.0.1871 (HKLM\...\STORMWARE PDF Printer_is1) (Version: 10.1.0.1871 - STORMWARE)
STORMWARE POHODA CZ Komplet (HKLM-x32\...\{E4D96EE7-1C92-4121-8876-37972063DF37}) (Version: 12100.85 - STORMWARE)
StormWare Tax CZ DEMO (HKLM-x32\...\{43F904C7-A617-4515-943A-FDBDACE57B74}) (Version: 5.1.6302.10 - StormWare) Hidden
StormWare Tax CZ DEMO (HKLM-x32\...\{56AEC0F0-E101-4BEF-8712-8A576A231AA2}) (Version: 5.1.6302.10 - StormWare)
sudoku (HKLM-x32\...\{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3971982784-3446199161-1991443711-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-3971982784-3446199161-1991443711-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [000LenovoFoldersContextMenu] -> {D2DB7BAA-9E12-4640-825C-B1EB36A3809A} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc. (YouSendIt Inc.) -> Hightail Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2014-03-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov) [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D09E63C-03C8-4A1D-878F-5B24E73E353E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {0D09E63C-03C8-4A1D-878F-5B24E73E353E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Windows -> Microsoft Corporation)
Task: {13A4C487-68F7-4B8A-B75B-2876E02E9E45} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {13A4C487-68F7-4B8A-B75B-2876E02E9E45} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Windows -> Microsoft Corporation)
Task: {1DFFCCC0-1931-4480-B1C0-85B4389E5CEE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {1DFFCCC0-1931-4480-B1C0-85B4389E5CEE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Windows -> Microsoft Corporation)
Task: {48040C76-5DE0-4E3A-A4E2-DB0DCB9991FE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {48040C76-5DE0-4E3A-A4E2-DB0DCB9991FE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {48040C76-5DE0-4E3A-A4E2-DB0DCB9991FE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\WINDOWS\system32\GWX\GWXDetector.exe [2015-12-04] (Microsoft Windows -> Microsoft Corporation)
Task: {770BA25B-2355-4334-A286-9E0517744BB6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {78126E3D-A19E-465A-A41B-F9AE0B022320} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {8197A040-55BE-4B6A-8046-D1183A50FBEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {90CD5E01-4EB3-45A3-8723-3FC2994E3C9B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {93D07814-3773-4B8F-99B9-F4362C379EFA} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe (Dolby Laboratories, Inc. -> Dolby Laboratories Inc.)
Task: {A00D71B7-C812-494D-94D5-CB39DA2D3FDE} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe (DivX, LLC -> DivX, LLC)
Task: {A184FC17-755C-4E78-913B-99DCF30F7B73} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {C25156BE-D38D-439B-9BB7-FE6AA5F3F305} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo)
Task: {C6AC946D-5A76-46F5-A729-0D3A42BAB999} - System32\Tasks\{0DCC8433-C868-4FAC-955A-0B1C04628B29} => C:\WINDOWS\system32\pcalua.exe -a "C:\_základní SW balíček\Knihovny\vbrun60sp5.exe" -d "C:\_základní SW balíček\Knihovny"
Task: {D1F5B8FD-88D7-40AF-9C70-3AFBA5B6DD78} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {FAE11101-1C22-4B91-92A7-8C3DF275A606} - System32\Tasks\SweetLabs App Platform => C:\Users\Petr\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe (Pokki -> Pokki)
Task: {FB41987C-FCC5-487D-ACC4-865E55D01899} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe (LENOVO -> )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-12-02 04:03 - 2012-02-15 04:37 - 000594432 _____ (Realtek Semiconductor Corp. ) [File not signed] C:\WINDOWS\system32\Rtlihvs.dll
2016-02-17 00:26 - 2013-10-04 08:42 - 000210944 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\STORMWARE\PDF Printer\Ports\STORMWARE\bzpdf.dll
2014-12-02 04:17 - 2012-05-17 20:30 - 000007680 _____ (Microsoft) [File not signed] C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
2014-12-02 04:17 - 2012-06-17 22:26 - 000016896 _____ (Microsoft) [File not signed] C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataProvider.dll
2014-12-02 04:17 - 2012-05-17 20:30 - 000011264 _____ (Microsoft) [File not signed] C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.DataModel.dll
2013-05-12 02:45 - 2013-05-12 02:45 - 000733696 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2014-12-02 04:05 - 2011-08-17 05:46 - 000032768 _____ () [File not signed] C:\Windows\jmesoft\Service.exe
2016-06-08 10:52 - 2012-10-26 09:40 - 000282112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
2016-05-06 13:39 - 2015-12-31 15:15 - 000077312 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-12-02 04:02 - 2014-03-27 15:48 - 000067072 _____ (NVIDIA Corporation) [File not signed] C:\WINDOWS\SYSTEM32\Nv3DAppShExtR.dll
2014-12-02 04:05 - 2013-07-24 22:15 - 000118784 _____ (Lenovo) [File not signed] C:\Windows\jmesoft\hotkey.exe
2014-12-02 04:05 - 2011-08-17 05:46 - 000024576 _____ () [File not signed] C:\Windows\jmesoft\JME_LOAD.exe
2016-06-08 10:52 - 2013-04-08 12:39 - 000508928 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
2016-06-08 10:52 - 2013-03-22 16:21 - 004522496 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
2016-06-08 10:52 - 2013-03-07 08:41 - 001944576 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
2016-06-08 10:52 - 2013-04-08 12:37 - 001459712 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
2013-11-04 18:16 - 2013-11-04 18:16 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2013-11-04 18:16 - 2013-11-04 18:16 - 000499200 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2016-06-08 10:51 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-06-08 10:52 - 2012-07-13 12:09 - 000385024 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2016-06-08 10:52 - 2008-08-18 17:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2017-10-05 22:16 - 2017-10-05 22:16 - 027716608 ____R (Skype Technologies S.A.) [File not signed] C:\Program Files (x86)\Skype\Phone\SkypeSkylib.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () [File not signed] C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-10-05 22:03 - 2017-10-05 22:03 - 000654848 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmPal.dll
2017-10-05 22:05 - 2017-10-05 22:05 - 002969600 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmCodecs.dll
2017-10-05 22:08 - 2017-10-05 22:08 - 000941056 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmMediaManager.dll
2017-10-05 22:04 - 2017-10-05 22:04 - 000089088 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2017-10-05 22:07 - 2017-10-05 22:07 - 010914816 ____R (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Skype\Phone\RtmPltfm.dll
2014-12-02 04:05 - 2011-05-17 22:27 - 000028672 _____ () [File not signed] C:\Windows\jmesoft\hidhook.dll
2005-09-07 11:03 - 2005-09-07 11:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll
2016-06-08 10:52 - 2013-04-08 12:23 - 000137728 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2016-06-08 10:52 - 2012-11-29 18:04 - 002040832 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2016-06-08 10:52 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2016-06-08 10:52 - 2013-03-25 11:32 - 000078336 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLCze.dll
2016-06-08 10:52 - 2013-04-08 12:40 - 000079872 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2016-06-08 10:52 - 2013-04-08 12:40 - 017734144 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-3971982784-3446199161-1991443711-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Petr\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\z-knoblozky-342.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1F2716C6-0B28-4E6D-9620-F487A4BD5618}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3DAE90C1-58DE-4B48-A915-D5DB040DD566}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{419B6E59-862A-44FF-91E6-AD8BCA4394B0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{16C239E1-8770-4A54-89CA-F2DF5E4A1146}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{218F93B6-F047-4370-99F4-9EB478C96081}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{226D0219-0321-408D-BA80-04176CC5BF05}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2030AE52-664D-4AD8-A28B-44A006461EBE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

13-02-2019 10:36:39 Scheduled Checkpoint
20-02-2019 10:45:55 Scheduled Checkpoint
05-03-2019 15:28:53 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2019 12:08:02 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (01/22/2019 08:13:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program DllHost.exe verze 6.3.9600.17415 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 145c

Čas spuštění: 01d4b22151b2dc1f

Čas ukončení: 125

Cesta k aplikaci: C:\WINDOWS\system32\DllHost.exe

ID hlášení: 2c2f78ec-1e15-11e9-8273-f0761c5221e3

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:

Error: (01/18/2019 11:06:23 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (01/09/2019 09:17:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PDFProFiltSrvPP.exe, verze: 12.1.11402.100, časové razítko: 0x4e37ed94
Název chybujícího modulu: PDFProFiltSrvPP.exe, verze: 12.1.11402.100, časové razítko: 0x4e37ed94
Kód výjimky: 0xc0000005
Posun chyby: 0x00003510
ID chybujícího procesu: 0x6cc
Čas spuštění chybující aplikace: 0x01d4750853a391da
Cesta k chybující aplikaci: C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
ID zprávy: 10b31179-13e7-11e9-8273-f0761c5221e3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/20/2018 11:01:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FSViewer.exe verze 6.2.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1e50

Čas spuštění: 01d4984a2bdc9e20

Čas ukončení: 62

Cesta k aplikaci: C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe

ID hlášení: 3f2ff79d-043e-11e9-8273-f0761c5221e3

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:

Error: (12/11/2018 03:17:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FSViewer.exe verze 6.2.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: ca4

Čas spuštění: 01d4915902122f95

Čas ukončení: 31

Cesta k aplikaci: C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe

ID hlášení: 7200cfb5-fd4f-11e8-8273-f0761c5221e3

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:

Error: (09/27/2018 12:09:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: soffice.bin, verze: 5.1.2.2, časové razítko: 0x56fc50e8
Název chybujícího modulu: mergedlo.dll, verze: 5.1.2.2, časové razítko: 0x56fc50ab
Kód výjimky: 0xc0000005
Posun chyby: 0x01dc525e
ID chybujícího procesu: 0x894
Čas spuštění chybující aplikace: 0x01d45651c45290e9
Cesta k chybující aplikaci: C:\Program Files (x86)\LibreOffice 5\program\soffice.bin
Cesta k chybujícímu modulu: C:\Program Files (x86)\LibreOffice 5\program\mergedlo.dll
ID zprávy: c2df6322-c245-11e8-8271-f0761c5221e3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/06/2018 07:51:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FSViewer.exe verze 6.2.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1e40

Čas spuštění: 01d445ab162ed064

Čas ukončení: 15

Cesta k aplikaci: C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe

ID hlášení: 475f0734-b1a1-11e8-8271-f0761c5221e3

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (02/22/2019 10:39:03 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: )
Description: Kontrola šifrovaného svazku: Informace o svazku G: nelze přečíst.

Error: (01/09/2019 09:17:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PDFProFiltSrvPP byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/09/2019 07:08:04 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {995C996E-D918-4A8C-A302-45719A6F4EA7} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/08/2019 08:35:29 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku Windows8_OS bylo zjištěno poškození.

A corruption was found in a file system index structure. The file reference number is 0x1000000002adf. The name of the file is "\Windows\servicing\Packages". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

Error: (01/08/2019 08:35:29 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku Windows8_OS bylo zjištěno poškození.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x6000000039764. The name of the file is "<unable to determine file name>".

Error: (01/08/2019 08:35:29 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku Windows8_OS bylo zjištěno poškození.

A corruption was found in a file system index structure. The file reference number is 0x1000000002adf. The name of the file is "\Windows\servicing\Packages". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

Error: (01/08/2019 08:35:29 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku Windows8_OS bylo zjištěno poškození.

A corruption was found in a file system index structure. The file reference number is 0x1000000002adf. The name of the file is "\Windows\servicing\Packages". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

Error: (01/08/2019 08:35:29 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: Ve struktuře systému souborů na svazku Windows8_OS bylo zjištěno poškození.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x800000003c643. The name of the file is "<unable to determine file name>".


Windows Defender:
===================================
Date: 2019-03-05 15:23:55.460
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {F752D422-B262-43AC-8C2F-86B301EF0516}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-02-22 14:44:15.557
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {836E13A8-A7FF-443F-B3A9-5D5F7722AFED}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-02-22 13:45:58.316
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {71520B76-4556-4855-A4C2-C61144EFEEF6}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-02-22 12:40:20.607
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {D8E6473A-FAEE-411A-B7E0-85272F654502}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-02-20 10:51:40.523
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {642EB7F4-E166-4BBD-8F88-61B2F894DBFD}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===================================

Date: 2018-11-06 09:51:14.274
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-11-02 13:47:33.574
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-08-16 11:01:44.249
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-08-08 11:37:00.054
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-07-03 13:08:19.295
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-06-04 13:14:16.283
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-03-16 08:21:28.369
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-11-21 14:36:13.608
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460T CPU @ 1.90GHz
Percentage of memory in use: 34%
Total physical RAM: 8091.89 MB
Available physical RAM: 5261.78 MB
Total Virtual: 9371.89 MB
Available Virtual: 6114.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:833.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (ADATA HD710) (Fixed) (Total:931.28 GB) (Free:882.28 GB) FAT32
Drive f: (TOM-16GB) (Removable) (Total:14.53 GB) (Free:7.84 GB) NTFS

\\?\Volume{de5046c7-2a35-4334-a288-c1de5be481d1}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.69 GB) NTFS
\\?\Volume{603dce74-0211-4db9-8842-26b55c18353b}\ (PBR_DRV) (Fixed) (Total:24.41 GB) (Free:13.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1C0CE13A)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8276A664)
Partition 1: (Active) - (Size=931.5 GB) - (Type=0C)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi