VIRY.CZ

Dobrý den, prosím o kontrolu logu - přestala fungovat wifi, tlačítko start taky nereaguje, nelze se vrátit přes bod obnovení do miunlosti. Použil jsem MBAM, pr věcí jsem tím odstranil, bohužel bez úspěchu. Předem děkuju.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by viceníci (administrator) on LENOVO-PC (13-04-2017 17:02:23)
Running from C:\Users\klara_000\Desktop
Loaded Profiles: viceníci (Available Profiles: viceníci)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(PS Media s.r.o.) C:\Windows\SysWOW64\ssins.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Users\klara_000\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\klara_000\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.103.44.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.103.44.0\OverwolfHelper64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17022.10301.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17022.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(forum.viry.cz) C:\Users\klara_000\Desktop\FRSTLauncher.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\MMLoadDrvPXDiscrete.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-05-19] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-05-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [CNAP2 Launcher] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-01-11] (CANON INC.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-11-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [WindowsDriverScan86] => C:\Program Files (x86)\Adobe Arkalis\Arkalis86.lnk [1501 2014-08-10] ()
HKLM-x32\...\Run: [WindowsDriverScan64] => C:\Program Files (x86)\Adobe Arkalis\Arkalis.lnk [1419 2014-08-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\klara_000\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\klara_000\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-03-21] ()
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\MountPoints2: {3d92fed9-18a0-11e7-83d0-201a06f60ee4} - "F:\autorun.exe"
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\MountPoints2: {618938a8-709c-11e6-8366-0cd292a5e5a0} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\MountPoints2: {d045982d-cf4f-11e6-83b7-0cd292a5e5a0} - "F:\autorun.exe"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2014-10-21]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2014-10-21]
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.146.210.222 10.146.254.253
Tcpip\..\Interfaces\{14268641-5768-4c94-bc6b-eaf509585205}: [DhcpNameServer] 10.146.210.222 10.146.254.253
Tcpip\..\Interfaces\{1fac8850-0822-45e7-9acc-fc3ed21f977a}: [DhcpNameServer] 10.146.210.222 10.146.254.253

Internet Explorer:
==================
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
URLSearchHook: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll No File
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> DefaultScope {1A45903F-EA21-4BB8-9B36-C9854D3B7DB3} URL =
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {1A45903F-EA21-4BB8-9B36-C9854D3B7DB3} URL =
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {37FFB530-A647-4727-AA75-A0D785444465} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {47F727CF-C297-4411-A6F0-2D68350BBE06} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {53706E5C-2D32-4ED9-94CB-15FEE0E80527} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {6E7057B2-B42F-462F-A81C-BF65AEFBCF1F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {764ED885-E06B-46D8-953B-37C24CDD722B} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {7D252221-CAF1-4B29-B357-B4D91BEBC984} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {9CDFA569-14BB-4B88-A243-581E287B64D4} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {B16B9EAA-3D7B-4879-AE27-416BC70FF145} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {DE137550-ACE0-40C0-95CF-C980F291C3BC} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-08] (Intel Security)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-31] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-31] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-08] (Intel Security)
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab

FireFox:
========
FF ProfilePath: C:\Users\klara_000\AppData\Roaming\Mozilla\Firefox\Profiles\hs790l73.default [2017-04-12]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\hs790l73.default -> Ask Web Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\hs790l73.default -> Ask Web Search
FF Homepage: Mozilla\Firefox\Profiles\hs790l73.default -> hxxps://www.seznam.cz/
FF Keyword.URL: Mozilla\Firefox\Profiles\hs790l73.default -> hxxp://int.search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=74336473-82B7-4646-88B5-406FFEFEB3A7&n=781c0502&ind=2015102210&p2=^HJ^xdm007^YYA^cz&si=CLDO67_11sgCFQrhGwodenANhQ&searchfor=
FF Extension: (Battlefield Play4Free) - C:\Users\klara_000\AppData\Roaming\Mozilla\Firefox\Profiles\hs790l73.default\Extensions\battlefieldplay4free@ea.com [2014-12-03] [not signed]
FF Extension: (Search App by Ask) - C:\Users\klara_000\AppData\Roaming\Mozilla\Firefox\Profiles\hs790l73.default\Extensions\toolbar_ORJ-SPE@apn.ask.com.xpi [2017-01-26]
FF Extension: (Seznam lištička) - C:\Users\klara_000\AppData\Roaming\Mozilla\Firefox\Profiles\hs790l73.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-04-07]
FF SearchPlugin: C:\Users\klara_000\AppData\Roaming\Mozilla\Firefox\Profiles\hs790l73.default\searchplugins\ask-search.xml [2015-03-31]
FF SearchPlugin: C:\Users\klara_000\AppData\Roaming\Mozilla\Firefox\Profiles\hs790l73.default\searchplugins\ask-web-search.xml [2015-10-22]
FF Extension: (Site Deployment Checker) - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-24] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-24] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1071084066-1248797906-2185764281-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\klara_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default [2017-04-12]
CHR Extension: (Dokumenty Google) - C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-26]
CHR Extension: (Disk Google) - C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-24]
CHR Extension: (YouTube) - C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-08]
CHR Extension: (Gmail) - C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-11-21] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-02] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe [404376 2017-03-20] (McAfee, Inc.)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1325384 2017-03-21] (Overwolf LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 ssinstall; C:\WINDOWS\SysWoW64\ssins.exe [4696960 2016-12-10] (PS Media s.r.o.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [130048 2010-01-21] (WDC) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmdag.sys [26568848 2017-01-25] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmpag.sys [536600 2017-01-25] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-13] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-13 17:02 - 2017-04-13 17:03 - 00023104 _____ C:\Users\klara_000\Desktop\FRST.txt
2017-04-13 17:00 - 2017-04-13 17:02 - 00000000 ____D C:\FRST
2017-04-13 16:58 - 2017-04-13 16:58 - 00112640 _____ (forum.viry.cz) C:\Users\klara_000\Desktop\FRSTLauncher.exe
2017-04-13 16:57 - 2017-04-13 16:57 - 02424832 _____ (Farbar) C:\Users\klara_000\Desktop\FRST64.exe
2017-04-12 21:26 - 2017-04-12 21:26 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-12 21:16 - 2017-04-13 06:57 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-12 21:16 - 2017-04-12 21:16 - 00001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-12 21:16 - 2017-04-12 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-12 21:16 - 2017-03-24 04:10 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-04-12 21:15 - 2017-04-12 21:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-12 21:15 - 2017-04-12 21:15 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-12 21:13 - 2017-04-12 21:15 - 59272008 _____ (Malwarebytes ) C:\Users\klara_000\Desktop\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-04-12 09:02 - 2017-04-12 09:02 - 00000354 _____ C:\Users\klara_000\Desktop\Wi-Fi – zástupce.lnk
2017-04-12 08:55 - 2017-04-12 08:56 - 00417316 _____ C:\WINDOWS\Minidump\041217-26734-01.dmp
2017-04-11 17:29 - 2017-04-11 17:30 - 00417084 _____ C:\WINDOWS\Minidump\041117-32656-01.dmp
2017-04-11 10:37 - 2017-04-11 10:37 - 00417308 _____ C:\WINDOWS\Minidump\041117-26906-01.dmp
2017-04-10 18:34 - 2017-04-10 18:34 - 04025200 _____ C:\Users\klara_000\Downloads\20170409_002.m4a
2017-04-10 18:34 - 2017-04-10 18:34 - 03319992 _____ C:\Users\klara_000\Downloads\20170409_001.m4a
2017-04-10 15:25 - 2017-04-10 15:27 - 00417164 _____ C:\WINDOWS\Minidump\041017-39656-01.dmp
2017-04-10 13:18 - 2017-04-10 13:21 - 00417628 _____ C:\WINDOWS\Minidump\041017-34796-01.dmp
2017-04-08 20:44 - 2017-04-08 20:44 - 00000000 __SHD C:\found.001
2017-04-08 20:44 - 2017-04-08 20:44 - 00000000 __SHD C:\found.000
2017-04-08 20:32 - 2017-04-08 20:32 - 00417204 _____ C:\WINDOWS\Minidump\040817-32015-01.dmp
2017-04-08 16:18 - 2017-04-12 12:55 - 00000000 ____D C:\Users\klara_000\AppData\LocalLow\Mozilla
2017-04-08 16:17 - 2017-04-08 16:17 - 00001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-08 16:17 - 2017-04-08 16:17 - 00001004 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-08 16:17 - 2017-04-08 16:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-04-08 16:17 - 2017-04-08 16:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-08 16:12 - 2017-04-08 16:16 - 47440664 _____ C:\Users\klara_000\Downloads\Firefox Setup 52.0.2.exe
2017-04-08 16:11 - 2017-04-08 16:11 - 00000017 _____ C:\Users\klara_000\AppData\Local\resmon.resmoncfg
2017-04-08 09:43 - 2017-04-08 09:44 - 00417244 _____ C:\WINDOWS\Minidump\040817-42921-01.dmp
2017-04-04 08:40 - 2017-04-04 09:05 - 00000000 ____D C:\Users\klara_000\Desktop\mobil
2017-04-03 22:36 - 2017-04-03 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-04-03 21:04 - 2017-04-03 21:05 - 00417100 _____ C:\WINDOWS\Minidump\040317-32578-01.dmp
2017-04-03 08:18 - 2017-04-03 08:18 - 00056431 _____ C:\Users\klara_000\Downloads\24-02-2017_13-37-03.pdf
2017-04-03 08:18 - 2017-04-03 08:18 - 00038615 _____ C:\Users\klara_000\Downloads\24-02-2017_13-35-55.pdf
2017-04-03 08:17 - 2017-04-03 08:18 - 00215575 _____ C:\Users\klara_000\Downloads\24-02-2017_13-38-07.pdf
2017-04-03 08:16 - 2017-04-03 08:16 - 00055965 _____ C:\Users\klara_000\Downloads\vypis-781567(1).pdf
2017-04-01 23:04 - 2017-04-01 23:05 - 00417268 _____ C:\WINDOWS\Minidump\040117-32046-01.dmp
2017-03-20 08:22 - 2017-03-20 08:24 - 00607116 _____ C:\WINDOWS\Minidump\032017-37937-01.dmp
2017-03-15 18:10 - 2017-03-15 18:10 - 00000819 _____ C:\Users\klara_000\Downloads\Plocha – zástupce.lnk
2017-03-14 16:25 - 2017-03-14 16:26 - 01617372 _____ C:\WINDOWS\Minidump\031417-27687-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-13 16:52 - 2016-08-04 12:23 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-13 16:30 - 2016-07-17 00:25 - 07299132 _____ C:\WINDOWS\system32\perfh005.dat
2017-04-13 16:30 - 2016-07-17 00:25 - 02120114 _____ C:\WINDOWS\system32\perfc005.dat
2017-04-13 16:30 - 2016-04-18 11:19 - 14709620 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-13 16:27 - 2014-12-03 20:42 - 00000000 ____D C:\Users\klara_000\AppData\Roaming\Seznam.cz
2017-04-13 07:00 - 2015-07-24 10:56 - 00000000 ____D C:\Users\klara_000\AppData\Local\Overwolf
2017-04-13 06:57 - 2016-08-04 12:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-13 06:56 - 2016-07-16 08:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-04-13 06:52 - 2015-03-31 16:20 - 00000000 ____D C:\ProgramData\APN
2017-04-12 21:14 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-04-12 12:44 - 2016-08-04 12:35 - 00000000 ____D C:\Users\klara_000
2017-04-12 10:58 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\registration
2017-04-12 09:05 - 2014-11-14 19:09 - 00000000 ____D C:\Users\klara_000\AppData\Local\ElevatedDiagnostics
2017-04-12 08:55 - 2016-08-07 20:52 - 00000000 ____D C:\WINDOWS\Minidump
2017-04-12 08:55 - 2015-05-26 05:17 - 594014832 _____ C:\WINDOWS\MEMORY.DMP
2017-04-11 17:31 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-11 10:37 - 2016-10-29 22:36 - 00000000 ____D C:\Program Files\TrueKey
2017-04-11 09:26 - 2016-10-29 22:50 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-04-10 16:04 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-10 15:44 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-08 16:05 - 2014-11-11 18:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-08 09:51 - 2014-12-03 20:24 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-07 17:52 - 2015-03-31 16:19 - 00000000 ____D C:\Users\klara_000\AppData\Roaming\.minecraft
2017-04-06 15:08 - 2015-01-28 18:34 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-06 15:08 - 2015-01-28 18:34 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-03 22:36 - 2016-10-29 23:06 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-04-03 22:36 - 2016-10-29 22:36 - 00002020 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-04-03 15:20 - 2015-10-20 19:44 - 00000000 ____D C:\Users\klara_000\Desktop\Klub rodičů
2017-04-03 11:25 - 2014-10-21 21:22 - 00000000 ____D C:\Users\klara_000\Desktop\fotbal- dokumenty
2017-03-25 14:48 - 2015-07-24 10:57 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-03-24 18:44 - 2016-08-04 12:50 - 00004470 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-03-24 18:44 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-24 18:44 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-24 18:44 - 2014-10-01 17:52 - 00000000 ____D C:\Users\klara_000\AppData\Local\Adobe
2017-03-24 16:37 - 2015-11-07 14:55 - 00000000 ____D C:\Users\klara_000\Desktop\Dílna
2017-03-23 18:47 - 2016-10-29 22:51 - 00000000 ____D C:\Users\klara_000\AppData\Local\tkdata
2017-03-15 18:52 - 2014-10-02 21:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-15 18:49 - 2014-10-02 21:44 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2017-04-08 16:11 - 2017-04-08 16:11 - 0000017 _____ () C:\Users\klara_000\AppData\Local\resmon.resmoncfg
2016-08-04 12:28 - 2016-08-04 12:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-30 19:28 - 2015-01-30 19:28 - 0001534 _____ () C:\ProgramData\ss.ini

Some files in TEMP:
====================
2016-08-15 07:28 - 2016-08-15 07:28 - 0534528 _____ () C:\Users\klara_000\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\klara_000\Desktop" je 207236 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Přikládám výpis logu:
# AdwCleaner v6.045 - Log vytvořen 13/04/2017 v 18:31:41
# Aktualizováno dne 28/03/2017 z Malwarebytes
# Databáze : 2017-03-28.2 [Místní]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : viceníci - LENOVO-PC
# Spuštěno z : C:\Users\klara_000\Desktop\adwcleaner_6.045.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Users\klara_000\AppData\Local\iac
[#] Složka smazána po restartu: C:\Users\klara_000\AppData\Local\IAC
[-] Složka smazána: C:\Users\klara_000\AppData\LocalLow\iac
[#] Složka smazána po restartu: C:\Users\klara_000\AppData\LocalLow\IAC
[-] Složka smazána: C:\Users\klara_000\AppData\Roaming\Mozilla\Firefox\Profiles\hs790l73.default\VideoDownloadConverter_4z
[-] Složka smazána: C:\ProgramData\apn
[-] Složka smazána: C:\Users\Default User\AppData\Local\Pokki
[#] Složka smazána po restartu: C:\Users\Default\AppData\Local\Pokki
[-] Složka smazána: C:\Users\Public\Pokki


***** [ Soubory ] *****

[-] Soubor smazán: C:\END
[-] Soubor smazán: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[-] Soubor smazán: C:\Users\klara_000\AppData\Roaming\Mozilla\Firefox\Profiles\hs790l73.default\extensions\toolbar_ORJ-SPE@apn.ask.com.xpi
[-] Soubor smazán: C:\Users\klara_000\AppData\Roaming\Mozilla\Firefox\Profiles\hs790l73.default\searchplugins\ask-search.xml
[-] Soubor smazán: C:\Users\klara_000\AppData\Roaming\Mozilla\Firefox\Profiles\hs790l73.default\searchplugins\ask-web-search.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****

[-] Úloha smazána: Pokki


***** [ Registry ] *****

[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
[-] Klíč smazán: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\Software\Classes\pokki
[#] Klíč smazán po restartu: HKCU\Software\Classes\pokki
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\pokki
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
[-] Klíč smazán: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\Software\SweetLabs App Platform
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1071084066-1248797906-2185764281-1001\Software\WeatherBlink
[#] Klíč smazán po restartu: HKCU\Software\SweetLabs App Platform
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1071084066-1248797906-2185764281-1001\Software\WeatherBlink
[#] Klíč smazán po restartu: [x64] HKCU\Software\SweetLabs App Platform
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akcniceny.cz
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\naseporodnice.cz
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pda.slunecnice.cz
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\porodnice.cz
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.tb.ask.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.naseporodnice.cz
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.porodnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\naseporodnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pda.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\porodnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.tb.ask.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.naseporodnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.porodnice.cz
[-] Hodnota smazána: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]


***** [ Prohlížeče ] *****

[-] Firefox předvolby vyčištěny: "browser.search.defaultenginename" - "Ask Web Search"
[-] Firefox předvolby vyčištěny: "browser.search.selectedEngine" - "Ask Web Search"
[-] Firefox předvolby vyčištěny: "extensions.APN_TB.first-previous-keyword-url" - ""
[-] Firefox předvolby vyčištěny:
[-] Firefox předvolby vyčištěny: "extensions.mywebsearch.prevKwdEnabled" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.BUTTON_STRUCTURE" - "[{\"b\":224542617,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224542618,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0\"},{\"b\":224542623,\"c\":\"mindspark.full\",\"p\":\"L.0.1\"},{\"b\":224542627,\"c\":\"mindspark.image\",\"p\":\"L.0.2\"},{\"b\":224542632,\"c\":\"mindspark.advanced\",\"p\":\"L.0.3\"},{\"b\":224542636,\"c\":\"mindspark.directorysearch\",\"p\":\"L.0.4\"},{\"b\":224542569,\"c\":\"mindspark.search\",\"p\":\"L.1\"},{\"b\":224542572,\"c\":\"mindspark.vdclogo\",\"p\":\"L.2\"},{\"b\":224542573,\"c\":\"mindspark.notspyware\",\"p\":\"L.2.0\"},{\"b\":224542580,\"c\":\"mindspark.faqs\",\"p\":\"L.2.1\"},{\"b\":224542581,\"c\":\"mindspark.help\",\"p\":\"L.2.2\"},{\"b\":224542587,\"c\":\"mindspark.version\",\"p\":\"L.2.3\"},{\"b\":224542595,\"c\":\"mindspark.download\",\"v\":\"2.0.0\",\"p\":\"L.3\"},{\"b\":224542596,\"c\":\"mindspark.convertfiles\",\"v\":\"1.0.2\",\"p\":\"L.4\"},{\"b\":224542597,\"c\":\"mindspark.popularwebsites\",\"p\":\"L.5\"},{\"b\":224542598,\"c\":\"mindspark.facebook\",\"p\":\"L.5.0\"},{\"b\":224542599,\"c\":\"mindspark.dailymotion\",\"p\":\"L.5.1\"},{\"b\":224542600,\"c\":\"mindspark.vimeo\",\"p\":\"L.5.2\"},{\"b\":224542601,\"c\":\"mindspark.entertainment\",\"p\":\"L.6\"},{\"b\":224542603,\"c\":\"mindspark.radio\",\"v\":\"1.0.3\",\"p\":\"L.7\"},{\"b\":224542571,\"c\":\"mindspark.ask\",\"p\":\"R.0\"},{\"b\":224542642,\"c\":\"mindspark.wrench\",\"p\":\"R.1\"},{\"b\":224542647,\"c\":\"mindspark.tboptions\",\"p\":\"R.1.0\"},{\"b\":224542648,\"c\":\"mindspark.enabledisable\",\"p\":\"R.1.0.0\"},{\"b\":224542666,\"c\":\"mindspark.uninstall\",\"p\":\"R.1.0.1\"}]"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.browser.search.defaultenginename.prev" - "Google"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.browser.search.defaultenginename.savedPrev" - "true"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.browser.search.defaultenginename.tb" - "Ask Web Search"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.browser.search.selectedEngine.prev" - "Google"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.browser.search.selectedEngine.savedPrev" - "true"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.browser.search.selectedEngine.tb" - "Ask Web Search"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.browser.startup.homepage.prev" - "hxxps://www.seznam.cz/"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.browser.startup.homepage.savedPrev" - "true"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.browser.startup.homepage.tb" - "hxxp://home.tb.ask.com/index.jhtml?ptb=74336473-82B7-4646-88B5-406FFEFEB3A7&n=781c0502&p2=^HJ^xdm007^YYA^cz&si=CLDO67_11sgCFQrhGwodenANhQ"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.browser.startup.page.savedPrev" - 1
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.browser.startup.page.tb" - 1
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.browser.version.last" - "33.0"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.competitorDNS" - "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/index.php\",\"p\":\" ... ":\"domain\"}],\"expires\":1446230711813,\"retrieveDateStr\":\"Fri Oct 23 2015 20:45:11 GMT+0200\"}"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.firstKnownVersion" - "7.23.7.36111"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.homepage" - "hxxp://home.tb.ask.com/index.jhtml?ptb=74336473-82B7-4646-88B5-406FFEFEB3A7&n=781c0502&p2=^HJ^xdm007^YYA^cz&si=CLDO67_11sgCFQrhGwodenANhQ"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.hp.enabled" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.hp.guardType" - "HPR"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.hp.user.defined" - false
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.initialized" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.installKeysSource" - "LocalStorage"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.installType" - "XPI"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.installation.contextKey" - ""
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.installation.dlpCountryCode" - "CZ"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.installation.installDate" - "2015102210"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.installation.partnerId" - "^HJ^xdm007^YYA^cz"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId" - "CLDO67_11sgCFQrhGwodenANhQ"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.installation.pixelUrl" - "hxxp://free.videodownloadconverter.com/install_pixels.jhtml?partner=^HJ^xdm007^YYA^cz&sub_id=CLDO67_11sgCFQrhGwodenANhQ&coId=378477b1b34c43c3ab0d8c62bc807020&tbGuid=74336473-82B7-4646-88B5-406FFEFEB3A7"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.installation.success" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.installation.toolbarId" - "74336473-82B7-4646-88B5-406FFEFEB3A7"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.lastActivePing" - "1445624048479"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.lastKnownVersion" - "7.23.7.36111"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.options.defaultSearch" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.options.tabEnabled" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.partnerPixelFired" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.successUrl" - "hxxp://free.videodownloadconverter.com/installComplete.jhtml"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.toolbar.ownSearch" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark._4zMembers_.toolbarCollapsed" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark.hp.enabled" - true
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark.hp.enabled.guid" - "videodownloadconverter@mindspark.com"
[-] Firefox předvolby vyčištěny: "extensions.toolbar.mindspark.lastInstalled" - "videodownloadconverter@mindspark.com"
[-] Firefox předvolby vyčištěny: "keyword.URL" - "hxxp://int.search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=74336473-82B7-4646-88B5-406FFEFEB3A7&n=781c0502&ind=2015102210&p2=^HJ^xdm007^YYA^cz&si=CLDO67_11sgCFQrhGwodenANhQ&searchfor="


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [18134 Bajty] - [13/04/2017 18:31:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [19819 Bajty] - [13/04/2017 18:29:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [18282 Bajty] ##########

Dejte nový log FRST.

tak tady ho máte
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by viceníci (administrator) on LENOVO-PC (13-04-2017 19:58:26)
Running from C:\Users\klara_000\Desktop
Loaded Profiles: viceníci (Available Profiles: viceníci)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
A
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(PS Media s.r.o.) C:\Windows\SysWOW64\ssins.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe
() C:\Users\klara_000\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
() C:\Users\klara_000\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.103.44.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.103.44.0\OverwolfHelper64.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17022.10301.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17022.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(forum.viry.cz) C:\Users\klara_000\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-05-19] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-05-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [CNAP2 Launcher] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-01-11] (CANON INC.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-11-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [WindowsDriverScan86] => C:\Program Files (x86)\Adobe Arkalis\Arkalis86.lnk [1501 2014-08-10] ()
HKLM-x32\...\Run: [WindowsDriverScan64] => C:\Program Files (x86)\Adobe Arkalis\Arkalis.lnk [1419 2014-08-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\klara_000\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\klara_000\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-03-21] ()
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\MountPoints2: {3d92fed9-18a0-11e7-83d0-201a06f60ee4} - "F:\autorun.exe"
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\MountPoints2: {618938a8-709c-11e6-8366-0cd292a5e5a0} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\MountPoints2: {d045982d-cf4f-11e6-83b7-0cd292a5e5a0} - "F:\autorun.exe"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2014-10-21]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2014-10-21]
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.146.210.222 10.146.254.253
Tcpip\..\Interfaces\{14268641-5768-4c94-bc6b-eaf509585205}: [DhcpNameServer] 10.146.210.222 10.146.254.253
Tcpip\..\Interfaces\{1fac8850-0822-45e7-9acc-fc3ed21f977a}: [DhcpNameServer] 10.146.210.222 10.146.254.253

Internet Explorer:
==================
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
URLSearchHook: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll No File
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> DefaultScope {1A45903F-EA21-4BB8-9B36-C9854D3B7DB3} URL =
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {1A45903F-EA21-4BB8-9B36-C9854D3B7DB3} URL =
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {37FFB530-A647-4727-AA75-A0D785444465} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {47F727CF-C297-4411-A6F0-2D68350BBE06} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {53706E5C-2D32-4ED9-94CB-15FEE0E80527} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {6E7057B2-B42F-462F-A81C-BF65AEFBCF1F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {764ED885-E06B-46D8-953B-37C24CDD722B} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {7D252221-CAF1-4B29-B357-B4D91BEBC984} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {9CDFA569-14BB-4B88-A243-581E287B64D4} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {B16B9EAA-3D7B-4879-AE27-416BC70FF145} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {DE137550-ACE0-40C0-95CF-C980F291C3BC} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-08] (Intel Security)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-31] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-31] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-08] (Intel Security)
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab

FireFox:
========
FF ProfilePath: C:\Users\klara_000\AppData\Roaming\Mozilla\Firefox\Profiles\hs790l73.default [2017-04-13]
FF Homepage: Mozilla\Firefox\Profiles\hs790l73.default -> hxxps://www.seznam.cz/
FF Extension: (Battlefield Play4Free) - C:\Users\klara_000\AppData\Roaming\Mozilla\Firefox\Profiles\hs790l73.default\Extensions\battlefieldplay4free@ea.com [2014-12-03] [not signed]
FF Extension: (Seznam lištička) - C:\Users\klara_000\AppData\Roaming\Mozilla\Firefox\Profiles\hs790l73.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-04-07]
FF Extension: (Site Deployment Checker) - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-24] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-24] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1071084066-1248797906-2185764281-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\klara_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default [2017-04-12]
CHR Extension: (Dokumenty Google) - C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-26]
CHR Extension: (Disk Google) - C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-24]
CHR Extension: (YouTube) - C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-08]
CHR Extension: (Gmail) - C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\klara_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-11-21] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-02] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe [404376 2017-03-20] (McAfee, Inc.)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1325384 2017-03-21] (Overwolf LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 ssinstall; C:\WINDOWS\SysWoW64\ssins.exe [4696960 2016-12-10] (PS Media s.r.o.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [130048 2010-01-21] (WDC) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmdag.sys [26568848 2017-01-25] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmpag.sys [536600 2017-01-25] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-13] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-13 19:58 - 2017-04-13 19:59 - 00022234 _____ C:\Users\klara_000\Desktop\FRST.txt
2017-04-13 18:30 - 2017-04-13 18:30 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4C83146F.sys
2017-04-13 18:27 - 2017-04-13 18:31 - 00000000 ____D C:\AdwCleaner
2017-04-13 18:26 - 2017-04-13 18:26 - 04089296 _____ C:\Users\klara_000\Desktop\adwcleaner_6.045.exe
2017-04-13 17:00 - 2017-04-13 17:02 - 00000000 ____D C:\FRST
2017-04-13 16:58 - 2017-04-13 16:58 - 00112640 _____ (forum.viry.cz) C:\Users\klara_000\Desktop\FRSTLauncher.exe
2017-04-13 16:57 - 2017-04-13 16:57 - 02424832 _____ (Farbar) C:\Users\klara_000\Desktop\FRST64.exe
2017-04-12 21:26 - 2017-04-12 21:26 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-12 21:16 - 2017-04-13 18:36 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-12 21:16 - 2017-04-12 21:16 - 00001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-12 21:16 - 2017-04-12 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-12 21:16 - 2017-03-24 04:10 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-04-12 21:15 - 2017-04-12 21:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-12 21:15 - 2017-04-12 21:15 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-12 21:13 - 2017-04-12 21:15 - 59272008 _____ (Malwarebytes ) C:\Users\klara_000\Desktop\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-04-12 09:02 - 2017-04-12 09:02 - 00000354 _____ C:\Users\klara_000\Desktop\Wi-Fi – zástupce.lnk
2017-04-12 08:55 - 2017-04-12 08:56 - 00417316 _____ C:\WINDOWS\Minidump\041217-26734-01.dmp
2017-04-11 17:29 - 2017-04-11 17:30 - 00417084 _____ C:\WINDOWS\Minidump\041117-32656-01.dmp
2017-04-11 10:37 - 2017-04-11 10:37 - 00417308 _____ C:\WINDOWS\Minidump\041117-26906-01.dmp
2017-04-10 18:34 - 2017-04-10 18:34 - 04025200 _____ C:\Users\klara_000\Downloads\20170409_002.m4a
2017-04-10 18:34 - 2017-04-10 18:34 - 03319992 _____ C:\Users\klara_000\Downloads\20170409_001.m4a
2017-04-10 15:25 - 2017-04-10 15:27 - 00417164 _____ C:\WINDOWS\Minidump\041017-39656-01.dmp
2017-04-10 13:18 - 2017-04-10 13:21 - 00417628 _____ C:\WINDOWS\Minidump\041017-34796-01.dmp
2017-04-08 20:44 - 2017-04-08 20:44 - 00000000 __SHD C:\found.001
2017-04-08 20:44 - 2017-04-08 20:44 - 00000000 __SHD C:\found.000
2017-04-08 20:32 - 2017-04-08 20:32 - 00417204 _____ C:\WINDOWS\Minidump\040817-32015-01.dmp
2017-04-08 16:18 - 2017-04-12 12:55 - 00000000 ____D C:\Users\klara_000\AppData\LocalLow\Mozilla
2017-04-08 16:17 - 2017-04-08 16:17 - 00001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-08 16:17 - 2017-04-08 16:17 - 00001004 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-08 16:17 - 2017-04-08 16:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-04-08 16:17 - 2017-04-08 16:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-08 16:12 - 2017-04-08 16:16 - 47440664 _____ C:\Users\klara_000\Downloads\Firefox Setup 52.0.2.exe
2017-04-08 16:11 - 2017-04-08 16:11 - 00000017 _____ C:\Users\klara_000\AppData\Local\resmon.resmoncfg
2017-04-08 09:43 - 2017-04-08 09:44 - 00417244 _____ C:\WINDOWS\Minidump\040817-42921-01.dmp
2017-04-04 08:40 - 2017-04-04 09:05 - 00000000 ____D C:\Users\klara_000\Desktop\mobil
2017-04-03 22:36 - 2017-04-03 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-04-03 21:04 - 2017-04-03 21:05 - 00417100 _____ C:\WINDOWS\Minidump\040317-32578-01.dmp
2017-04-03 08:18 - 2017-04-03 08:18 - 00056431 _____ C:\Users\klara_000\Downloads\24-02-2017_13-37-03.pdf
2017-04-03 08:18 - 2017-04-03 08:18 - 00038615 _____ C:\Users\klara_000\Downloads\24-02-2017_13-35-55.pdf
2017-04-03 08:17 - 2017-04-03 08:18 - 00215575 _____ C:\Users\klara_000\Downloads\24-02-2017_13-38-07.pdf
2017-04-03 08:16 - 2017-04-03 08:16 - 00055965 _____ C:\Users\klara_000\Downloads\vypis-781567(1).pdf
2017-04-01 23:04 - 2017-04-01 23:05 - 00417268 _____ C:\WINDOWS\Minidump\040117-32046-01.dmp
2017-03-20 08:22 - 2017-03-20 08:24 - 00607116 _____ C:\WINDOWS\Minidump\032017-37937-01.dmp
2017-03-15 18:10 - 2017-03-15 18:10 - 00000819 _____ C:\Users\klara_000\Downloads\Plocha – zástupce.lnk
2017-03-14 16:25 - 2017-03-14 16:26 - 01617372 _____ C:\WINDOWS\Minidump\031417-27687-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-13 19:59 - 2016-07-17 00:25 - 07343526 _____ C:\WINDOWS\system32\perfh005.dat
2017-04-13 19:59 - 2016-07-17 00:25 - 02133314 _____ C:\WINDOWS\system32\perfc005.dat
2017-04-13 19:59 - 2016-04-18 11:19 - 14795570 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-13 19:57 - 2016-08-04 12:23 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-13 18:40 - 2014-12-03 20:42 - 00000000 ____D C:\Users\klara_000\AppData\Roaming\Seznam.cz
2017-04-13 18:36 - 2015-07-24 10:56 - 00000000 ____D C:\Users\klara_000\AppData\Local\Overwolf
2017-04-13 18:34 - 2016-08-04 12:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-13 18:32 - 2016-07-16 08:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-04-12 21:14 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-04-12 12:44 - 2016-08-04 12:35 - 00000000 ____D C:\Users\klara_000
2017-04-12 10:58 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\registration
2017-04-12 09:05 - 2014-11-14 19:09 - 00000000 ____D C:\Users\klara_000\AppData\Local\ElevatedDiagnostics
2017-04-12 08:55 - 2016-08-07 20:52 - 00000000 ____D C:\WINDOWS\Minidump
2017-04-12 08:55 - 2015-05-26 05:17 - 594014832 _____ C:\WINDOWS\MEMORY.DMP
2017-04-11 17:31 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-11 10:37 - 2016-10-29 22:36 - 00000000 ____D C:\Program Files\TrueKey
2017-04-11 09:26 - 2016-10-29 22:50 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-04-10 16:04 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-10 15:44 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-08 16:05 - 2014-11-11 18:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-08 09:51 - 2014-12-03 20:24 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-07 17:52 - 2015-03-31 16:19 - 00000000 ____D C:\Users\klara_000\AppData\Roaming\.minecraft
2017-04-06 15:08 - 2015-01-28 18:34 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-06 15:08 - 2015-01-28 18:34 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-03 22:36 - 2016-10-29 23:06 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-04-03 22:36 - 2016-10-29 22:36 - 00002020 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-04-03 15:20 - 2015-10-20 19:44 - 00000000 ____D C:\Users\klara_000\Desktop\Klub rodičů
2017-04-03 11:25 - 2014-10-21 21:22 - 00000000 ____D C:\Users\klara_000\Desktop\fotbal- dokumenty
2017-03-25 14:48 - 2015-07-24 10:57 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-03-24 18:44 - 2016-08-04 12:50 - 00004470 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-03-24 18:44 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-24 18:44 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-24 18:44 - 2014-10-01 17:52 - 00000000 ____D C:\Users\klara_000\AppData\Local\Adobe
2017-03-24 16:37 - 2015-11-07 14:55 - 00000000 ____D C:\Users\klara_000\Desktop\Dílna
2017-03-23 18:47 - 2016-10-29 22:51 - 00000000 ____D C:\Users\klara_000\AppData\Local\tkdata
2017-03-15 18:52 - 2014-10-02 21:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-15 18:49 - 2014-10-02 21:44 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2017-04-08 16:11 - 2017-04-08 16:11 - 0000017 _____ () C:\Users\klara_000\AppData\Local\resmon.resmoncfg
2016-08-04 12:28 - 2016-08-04 12:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-30 19:28 - 2015-01-30 19:28 - 0001534 _____ () C:\ProgramData\ss.ini

Some files in TEMP:
====================
2016-08-15 07:28 - 2016-08-15 07:28 - 0534528 _____ () C:\Users\klara_000\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\klara_000\Desktop" je 207240 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\MountPoints2: {3d92fed9-18a0-11e7-83d0-201a06f60ee4} - "F:\autorun.exe"
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\MountPoints2: {618938a8-709c-11e6-8366-0cd292a5e5a0} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\MountPoints2: {d045982d-cf4f-11e6-83b7-0cd292a5e5a0} - "F:\autorun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
URLSearchHook: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll No File
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> DefaultScope {1A45903F-EA21-4BB8-9B36-C9854D3B7DB3} URL =
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {1A45903F-EA21-4BB8-9B36-C9854D3B7DB3} URL =
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe [404376 2017-03-20] (McAfee, Inc.)
C:\Program Files (x86)\McAfee
C:\ProgramData\DP45977C.lfl
C:\ProgramData\ss.ini
C:\Users\klara_000\AppData\Local\Temp
Task: {0C559025-4E78-4AF2-ADBC-DA3975C29634} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1F78019F-3464-475E-A453-4CB2EEDF5F86} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2E02D832-2308-4176-A19F-BCAFF9C36627} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3156F77F-BDC8-400E-8E11-402324C46B46} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {406CCE3B-D7B5-4E8D-B15F-EA91B5E3C51C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {44407601-270B-4D99-8747-8555D6D898FB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {53AE95FA-24B4-4220-A4F8-2254364A9393} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6564D94B-1BC0-45A9-9163-EDC99219E4CD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6A6BF239-5594-45F1-9AB6-94370AC31A87} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6C82A009-D959-4B47-BF31-60BB2BFA6930} - \WPD\SqmUpload_S-1-5-21-1071084066-1248797906-2185764281-1001 -> No File <==== ATTENTION
Task: {81188EF4-9214-4BAE-8BDE-9FD8B9567D46} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {95303F27-CA32-42B5-976B-D773F85905C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AD462E75-8851-45AD-99F2-56EAAEAA13C2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F199ED06-F96E-497A-90B1-64C95D517447} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:

Velikost slozky "C:\Users\klara_000\Desktop" je 207240 MB.

To je příliš mnoho a může to způsobovat zpomalený start systému. Vytvořte v C:\Users\klara_000 novou složku, do které přesuňte všechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.

Zde je log. Je to o hodně svižnější, nicméně wi-fi stále nefunguje. Dále jsem si všiml, že nejde zapnout firewall (windowsí). Takže stále tam nějaký problém zřejmě je

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by viceníci (13-04-2017 20:44:05) Run:1
Running from C:\Users\klara_000\Desktop
Loaded Profiles: viceníci (Available Profiles: viceníci)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\MountPoints2: {3d92fed9-18a0-11e7-83d0-201a06f60ee4} - "F:\autorun.exe"
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\MountPoints2: {618938a8-709c-11e6-8366-0cd292a5e5a0} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\...\MountPoints2: {d045982d-cf4f-11e6-83b7-0cd292a5e5a0} - "F:\autorun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
URLSearchHook: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll No File
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> DefaultScope {1A45903F-EA21-4BB8-9B36-C9854D3B7DB3} URL =
SearchScopes: HKU\S-1-5-21-1071084066-1248797906-2185764281-1001 -> {1A45903F-EA21-4BB8-9B36-C9854D3B7DB3} URL =
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe [404376 2017-03-20] (McAfee, Inc.)
C:\Program Files (x86)\McAfee
C:\ProgramData\DP45977C.lfl
C:\ProgramData\ss.ini
C:\Users\klara_000\AppData\Local\Temp
Task: {0C559025-4E78-4AF2-ADBC-DA3975C29634} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1F78019F-3464-475E-A453-4CB2EEDF5F86} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2E02D832-2308-4176-A19F-BCAFF9C36627} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3156F77F-BDC8-400E-8E11-402324C46B46} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {406CCE3B-D7B5-4E8D-B15F-EA91B5E3C51C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {44407601-270B-4D99-8747-8555D6D898FB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {53AE95FA-24B4-4220-A4F8-2254364A9393} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6564D94B-1BC0-45A9-9163-EDC99219E4CD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6A6BF239-5594-45F1-9AB6-94370AC31A87} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6C82A009-D959-4B47-BF31-60BB2BFA6930} - \WPD\SqmUpload_S-1-5-21-1071084066-1248797906-2185764281-1001 -> No File <==== ATTENTION
Task: {81188EF4-9214-4BAE-8BDE-9FD8B9567D46} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {95303F27-CA32-42B5-976B-D773F85905C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AD462E75-8851-45AD-99F2-56EAAEAA13C2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F199ED06-F96E-497A-90B1-64C95D517447} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d92fed9-18a0-11e7-83d0-201a06f60ee4} => key removed successfully
HKCR\CLSID\{3d92fed9-18a0-11e7-83d0-201a06f60ee4} => key not found.
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{618938a8-709c-11e6-8366-0cd292a5e5a0} => key removed successfully
HKCR\CLSID\{618938a8-709c-11e6-8366-0cd292a5e5a0} => key not found.
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d045982d-cf4f-11e6-83b7-0cd292a5e5a0} => key removed successfully
HKCR\CLSID\{d045982d-cf4f-11e6-83b7-0cd292a5e5a0} => key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfully
C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe => moved successfully

"C:\Program Files\McAfee Security Scan" folder move:

Could not move "C:\Program Files\McAfee Security Scan" => Scheduled to move on reboot.

HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{93a3111f-4f74-4ed8-895e-d9708497629e} => value removed successfully
HKCR\Wow6432Node\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} => key not found.
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1071084066-1248797906-2185764281-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A45903F-EA21-4BB8-9B36-C9854D3B7DB3} => key removed successfully
HKCR\CLSID\{1A45903F-EA21-4BB8-9B36-C9854D3B7DB3} => key not found.
HKLM\System\CurrentControlSet\Services\McComponentHostService => key removed successfully
McComponentHostService => service removed successfully
C:\Program Files (x86)\McAfee => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\ss.ini => moved successfully
C:\Users\klara_000\AppData\Local\Temp => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C559025-4E78-4AF2-ADBC-DA3975C29634} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C559025-4E78-4AF2-ADBC-DA3975C29634} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F78019F-3464-475E-A453-4CB2EEDF5F86} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F78019F-3464-475E-A453-4CB2EEDF5F86} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E02D832-2308-4176-A19F-BCAFF9C36627} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E02D832-2308-4176-A19F-BCAFF9C36627} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3156F77F-BDC8-400E-8E11-402324C46B46} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3156F77F-BDC8-400E-8E11-402324C46B46} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{406CCE3B-D7B5-4E8D-B15F-EA91B5E3C51C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{406CCE3B-D7B5-4E8D-B15F-EA91B5E3C51C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44407601-270B-4D99-8747-8555D6D898FB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44407601-270B-4D99-8747-8555D6D898FB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53AE95FA-24B4-4220-A4F8-2254364A9393} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53AE95FA-24B4-4220-A4F8-2254364A9393} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6564D94B-1BC0-45A9-9163-EDC99219E4CD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6564D94B-1BC0-45A9-9163-EDC99219E4CD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A6BF239-5594-45F1-9AB6-94370AC31A87} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A6BF239-5594-45F1-9AB6-94370AC31A87} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C82A009-D959-4B47-BF31-60BB2BFA6930} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C82A009-D959-4B47-BF31-60BB2BFA6930} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1071084066-1248797906-2185764281-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81188EF4-9214-4BAE-8BDE-9FD8B9567D46} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81188EF4-9214-4BAE-8BDE-9FD8B9567D46} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95303F27-CA32-42B5-976B-D773F85905C5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95303F27-CA32-42B5-976B-D773F85905C5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD462E75-8851-45AD-99F2-56EAAEAA13C2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD462E75-8851-45AD-99F2-56EAAEAA13C2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F199ED06-F96E-497A-90B1-64C95D517447} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F199ED06-F96E-497A-90B1-64C95D517447} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 748166059 B
Java, Flash, Steam htmlcache => 686001556 B
Windows/system/drivers => 425754527 B
Edge => 6674556 B
Chrome => 489284608 B
Firefox => 425923240 B
Opera => 14736836 B

Temp, IE cache, history, cookies, recent:
Default => 13780 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 97428 B
NetworkService => 116852 B
klara_000 => 92903308 B

RecycleBin => 3194253452 B
EmptyTemp: => 5.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 13-04-2017 20:59:06)

C:\Program Files\McAfee Security Scan => moved successfully

==== End of Fixlog 20:59:07 ====

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 13.04.17
Čas skenování: 21:24
Logovací soubor: scan.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.96
Aktualizovat verzi balíku komponent: 1.0.1622
Licence: Bezplatný

-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: LENOVO-PC\vicen\u00c3\u00adci

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 558493
Uplynulý čas: 16 hod, 21 min, 23 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 5
PUP.Optional.MindSpark, C:\USERS\KLARA_000\APPDATA\LOCALLOW\WEATHERBLINKEI\INSTALLR\CACHE\2B3C4AE9.EXE, Žádná uživatelská akce, [341], [301125],1.0.1622
PUP.Optional.MindSpark, C:\USERS\KLARA_000\DOWNLOADS\VIDEODOWNLOADCONVERT.EXE, Žádná uživatelská akce, [341], [301125],1.0.1622
PUP.Optional.MindSpark, C:\WINDOWS\SYSTEM32\MRT\3AC662F4-BBD5-4771-B2A0-164912094D5D\FILESSTASH\92694FB8-A172-11B1-2E09-0EE908E582CF, Žádná uživatelská akce, [341], [312773],1.0.1622
PUP.Optional.ASK.Generic, C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\D2A425F405350054677A7A857BC0B100\12.27.0\APNMCP_EXE, Žádná uživatelská akce, [1639], [345551],1.0.1622
PUP.Optional.ASK.Generic, C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\D2A425F405350054677A7A857BC0B100\12.27.0\IDCSRV_DLL_X64, Žádná uživatelská akce, [1639], [345551],1.0.1622

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Nálezy MBAM smažte.

Smazáno a restartováno. Nicméně žádná změna a log se mě nepodařilo objevit.

Zkuste obnovu systém k datu, kdy korektně fungoval.

Obnova systému (bod obnovy) byla neúspěšná (systém vyhodil chybu, po použítí Google to ukazovalo na chybu disku: proveden scan disk (bez chyby), kontrola nástrojem crystal disk (bez chyby)), po zálohování dokumentů jsem vyzkoušel obnovu do továrního nastavení z WIN (obnova neúspěšná, bez specifikace chyby). Nakonec pomohl až Lenovo recovery, které bylo úspěšné.
Ještě jsem si všiml, že kromě toho, že nefungovala wifi (kabel fungoval), začalo se zobrazovat, že nainstalované WIN jsou nelegální (což není pravda). Po obnově všechno šlape jako má. Díky za rady

OK. Nemáte zač!