VIRY.CZ

prosím o kontrolu

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
Ran by Lenka (administrator) on NASPC (31-08-2017 14:01:09)
Running from C:\Users\Lenka\Desktop
Loaded Profiles: Lenka (Available Profiles: Lenka & Petra & TaĹĄka & UpdatusUser & TuÄŤka & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
() C:\Windows\System32\PSIService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(forum.viry.cz) C:\Users\Lenka\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4468736 2007-05-10] (Realtek Semiconductor)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [831576 2016-10-26] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [296056 2012-05-18] (RealNetworks, Inc.)
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\...\MountPoints2: {26118ad3-b094-11e5-99cc-001fd084678a} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\...\MountPoints2: {4459499d-1677-11e6-a3d7-001fd084678a} - O:\HiSuiteDownLoader.exe
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (SpoleÄŤnost Microsoft)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-08-15] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 84.16.110.129 84.16.96.2
Tcpip\..\Interfaces\{D685CB04-1893-4C1C-8FE7-5080986A74B6}: [DhcpNameServer] 84.16.110.129 84.16.96.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-667600844-4042081094-1971980655-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-05-18] (RealPlayer)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

FireFox:
========
FF DefaultProfile: 6dilfgky.default
FF ProfilePath: C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\6dilfgky.default [2017-08-31]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\6dilfgky.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\6dilfgky.default -> about:home
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\6dilfgky.default\Extensions\artur.dubovoy@gmail.com [2017-08-31]
FF Extension: (Cooliris) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\6dilfgky.default\Extensions\piclens@cooliris.com [2012-02-10] [not signed]
FF Extension: (Google Translator for Firefox) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\6dilfgky.default\Extensions\translator@zoli.bod.xpi [2017-08-31]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\6dilfgky.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-17] [not signed]
FF Extension: (Stylish) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\6dilfgky.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2017-08-31]
FF Extension: (Ultimate Finder) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\6dilfgky.default\Extensions\{7c231677-e4fb-44ac-80a5-c87fcb7c2be9} [2014-10-16] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\6dilfgky.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-08-31]
FF ProfilePath: C:\Users\Lenka\AppData\Roaming\Mozilla\Firefox\Profiles\kpmt7ry8.namozilu [2014-09-17]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\kpmt7ry8.namozilu -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\kpmt7ry8.namozilu -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\kpmt7ry8.namozilu -> about:home
FF NewTab: Mozilla\Firefox\Profiles\kpmt7ry8.namozilu -> about:newtab
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2016-02-13] [not signed]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml [2013-07-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-05-18] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-05-18] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-18] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-18] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-05-18] (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-667600844-4042081094-1971980655-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lenka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-667600844-4042081094-1971980655-1003: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-11-29] ()
FF Plugin HKU\S-1-5-21-667600844-4042081094-1971980655-1003: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default [2017-01-20]
CHR Extension: (Last.fm free music player) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh [2014-09-22]
CHR Extension: (AdBlock) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-24]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-07-01]
CHR Extension: (Peněženka Google) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-01]
CHR Profile: C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-08-26]
CHR Profile: C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1 [2015-08-26]
CHR Extension: (Avira Browser Safety) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-11]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-06-11]
CHR Extension: (Peněženka Google) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-11]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-12-11]
CHR Profile: C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 2 [2015-08-26]
CHR Extension: (Avira Browser Safety) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-11]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-06-12]
CHR Extension: (Peněženka Google) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-11]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Lenka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-12-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-06-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-08-11] (Adobe Systems Incorporated) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [970632 2016-10-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [470600 2016-10-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [470600 2016-10-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1253352 2016-10-26] (Avira Operations GmbH & Co. KG)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-06-10] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-06-10] (BlueStack Systems, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1045328 2012-02-11] (Flexera Software, Inc.)
S2 gupdate1ca5eefa774ed9c; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-21] (Malwarebytes)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2119688 2016-07-02] (Electronic Arts)
R2 Printer Control; C:\Windows\system32\PrintCtrl.exe [65536 2009-10-28] (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) [File not signed]
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [20624 2012-10-31] (AVAST Software)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [115600 2016-10-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140272 2016-10-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-06-10] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-12-10] (Disc Soft Ltd)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2007-08-20] (EnTech Taiwan)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-08-24] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (SpoleÄŤnost Microsoft)
S3 gdrv; C:\Windows\gdrv.sys [16608 2008-12-08] (Windows (R) 2000 DDK provider)
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [166848 2017-08-31] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [40352 2017-08-31] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221632 2017-08-31] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [65312 2017-08-31] (Malwarebytes)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (SpoleÄŤnost Microsoft)
R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [26976 2012-02-11] (Feitian Technologies Co., Ltd.)
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [163644 2017-08-31] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-10-29] (Duplex Secure Ltd.)
U3 aemxl3qq; C:\Windows\system32\Drivers\aemxl3qq.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\Petra\Desktop\pája staví .. ... "
Error(1) reading file: "C:\Users\Petra\Desktop\pája staví .. "
2017-08-31 14:01 - 2017-08-31 14:02 - 000020801 _____ C:\Users\Lenka\Desktop\FRST.txt
2017-08-31 14:01 - 2017-08-31 14:01 - 000000000 ____D C:\FRST
2017-08-31 13:59 - 2017-08-31 13:59 - 000112640 _____ (forum.viry.cz) C:\Users\Lenka\Desktop\FRSTLauncher.exe
2017-08-31 13:58 - 2017-08-31 13:59 - 000112640 _____ (forum.viry.cz) C:\Users\Lenka\Downloads\FRSTLauncher.exe
2017-08-31 13:56 - 2017-08-31 13:56 - 001792512 _____ (Farbar) C:\Users\Lenka\Desktop\FRST.exe
2017-08-31 11:43 - 2017-08-31 13:46 - 000221632 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-31 11:43 - 2017-08-31 12:00 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-31 11:43 - 2017-08-31 12:00 - 000065312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-08-31 11:43 - 2017-08-31 12:00 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-08-31 11:42 - 2017-08-31 11:42 - 000001855 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-08-31 11:42 - 2017-08-31 11:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-08-31 11:42 - 2017-08-31 11:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-31 11:42 - 2017-08-31 11:42 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-31 11:42 - 2017-08-24 11:27 - 000059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-08-31 11:38 - 2017-08-31 11:39 - 066347240 _____ (Malwarebytes ) C:\Users\Lenka\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-08-31 11:34 - 2017-08-31 13:49 - 000000000 ____D C:\Users\Lenka\AppData\LocalLow\Mozilla
2017-08-20 14:29 - 2017-08-22 10:53 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-31 13:46 - 2006-11-02 15:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-31 13:46 - 2006-11-02 14:47 - 000003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-31 13:46 - 2006-11-02 14:47 - 000003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-31 13:44 - 2006-11-02 15:01 - 000032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-08-31 11:00 - 2015-01-18 13:42 - 000000000 ____D C:\Program Files\Rising Kingdoms
2017-08-31 10:58 - 2006-11-02 08:37 - 000163644 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys
2017-08-29 11:49 - 2014-12-24 13:02 - 000000000 ____D C:\ProgramData\Origin
2017-08-29 10:04 - 2013-05-20 17:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-08-23 18:04 - 2017-02-20 16:20 - 000000000 ____D C:\Users\TuÄŤka\AppData\LocalLow\Mozilla
2017-08-22 10:53 - 2012-05-06 06:33 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-08-20 15:28 - 2017-07-09 15:39 - 000000000 ____D C:\Users\TaĹĄka\AppData\LocalLow\Mozilla
2017-08-17 15:52 - 2016-09-29 12:16 - 000000000 ____D C:\Users\TuÄŤka\Desktop\Filmy
2017-08-11 12:28 - 2012-06-10 11:19 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-08-11 12:28 - 2012-06-10 11:19 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-08-11 12:28 - 2008-11-06 15:25 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-11 12:18 - 2016-07-05 12:48 - 000000000 ____D C:\Users\TuÄŤka\AppData\Roaming\vlc
2017-08-11 11:51 - 2014-06-02 19:11 - 000000000 ____D C:\Users\TuÄŤka\AppData\Roaming\Real
2017-08-04 15:54 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\inf

==================== Files in the root of some directories =======

2014-10-29 16:27 - 2014-10-29 16:28 - 000005960 _____ () C:\Program Files\log.txt
2009-10-17 19:04 - 2010-10-02 15:41 - 000000141 _____ () C:\Users\Lenka\AppData\Roaming\default.rss
2008-12-16 20:17 - 2008-12-16 20:17 - 000000235 _____ () C:\Users\Lenka\AppData\Roaming\devices.xml
2008-12-16 20:17 - 2008-12-16 20:17 - 000000012 _____ () C:\Users\Lenka\AppData\Roaming\settings.xml
2010-06-21 14:35 - 2011-07-31 15:09 - 000000680 _____ () C:\Users\Lenka\AppData\Local\d3d9caps.dat
2008-12-12 16:58 - 2016-06-29 19:01 - 000237056 _____ () C:\Users\Lenka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-12-15 19:01 - 2008-12-16 20:38 - 000000584 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Petra\cc_20150827_122906.reg
C:\Users\TaĹĄka\cc_20150827_123831.reg
C:\Users\TaĹĄka\cc_20150827_123902.reg
C:\Users\TuÄŤka\cc_20150827_124257.reg


Some files in TEMP:
====================
2016-02-19 18:58 - 2016-02-19 18:58 - 000000000 ____D () C:\Users\Lenka\AppData\Local\Temp\avgnt.exe
2017-01-23 15:48 - 2017-01-23 15:48 - 000043008 _____ () C:\Users\Lenka\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2fzeru.dll
2015-01-05 17:32 - 2016-02-13 20:24 - 000000000 ____D () C:\Users\Petra\AppData\Local\Temp\avgnt.exe
2015-11-13 14:07 - 2015-11-28 12:06 - 033860608 _____ () C:\Users\Petra\AppData\Local\Temp\SkypeSetup.exe
2015-03-08 15:37 - 2015-03-08 15:37 - 000000000 ____D () C:\Users\TaĹĄka\AppData\Local\Temp\avgnt.exe
2015-01-08 18:37 - 2015-01-08 18:37 - 000000000 ____D () C:\Users\TuÄŤka\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Lenka\Desktop" je 2 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon
"C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira Systray
C:\Program Files\Avira\Launcher\Avira.Systray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent
C:\Program Files\BlueStacks\HD-Agent.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core
"C:\Program Files\Electronic Arts\EADM\Core.exe" -silent [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing
C:\Program Files\TechSmith\Jing\Jing.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG LinkAir
C:\Program Files\PeerBlock\peerblock.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock
C:\Windows\system32\PrintDisp.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp
"C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
Re§im ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Network Server.lnk
C:\PROGRA~1\WIBUKEY\Server\WkSvMgr.exe [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner 7.0.2.1 - Logfile created on Thu Aug 31 15:17:59 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 08-29-2017.2
# Running on Windows Vista (TM) Home Premium (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater
PUP.Optional.Legacy, C:\Program Files\DriverToolkit
PUP.Optional.Legacy, C:\Users\Lenka\AppData\Local\DriverToolkit
PUP.Optional.Legacy, C:\Program Files\Free FLV Converter
PUP.Optional.Legacy, C:\ProgramData\ICQ\ICQNewTab
PUP.Optional.Legacy, C:\ProgramData\Application Data\ICQ\ICQNewTab
PUP.Optional.Legacy, C:\Users\All Users\ICQ\ICQNewTab


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy, DRIVERTOOLKIT AUTORUN


***** [ Registry ] *****

PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Search Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Search Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Start Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Start Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Search_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Search_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Start Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Start Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Page_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Page_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [https:\\safesearch.avira.com\]
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\DriverToolkit
PUP.Optional.Legacy, [Key] - HKCU\Software\DriverToolkit
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{65739FA2-0444-4AB2-B598-872406539EBD}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{65739FA2-0444-4AB2-B598-872406539EBD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\SiteSee
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-667600844-4042081094-1971980655-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Free FLV Converter_is1
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Free FLV Converter_is1
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E716F183-5AD7-11DC-9670-00508DC0D496}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{528B5866-2BA6-42CE-8F74-39FB23B49767}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\...\MountPoints2: {26118ad3-b094-11e5-99cc-001fd084678a} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\...\MountPoints2: {4459499d-1677-11e6-a3d7-001fd084678a} - O:\HiSuiteDownLoader.exe
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-667600844-4042081094-1971980655-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
U3 aemxl3qq; C:\Windows\system32\Drivers\aemxl3qq.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Users\Lenka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Lenka\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-08-2017
Ran by Lenka (01-09-2017 10:31:03) Run:2
Running from C:\Users\Lenka\Desktop
Loaded Profiles: Lenka (Available Profiles: Lenka & Petra & Taťka & UpdatusUser & Tučka & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\...\MountPoints2: {26118ad3-b094-11e5-99cc-001fd084678a} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\...\MountPoints2: {4459499d-1677-11e6-a3d7-001fd084678a} - O:\HiSuiteDownLoader.exe
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-667600844-4042081094-1971980655-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
U3 aemxl3qq; C:\Windows\system32\Drivers\aemxl3qq.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Users\Lenka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Lenka\AppData\Local\Temp

EmptyTemp:
End
*****************

HKU\S-1-5-21-667600844-4042081094-1971980655-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26118ad3-b094-11e5-99cc-001fd084678a} => key not found.
HKLM\Software\Classes\CLSID\{26118ad3-b094-11e5-99cc-001fd084678a} => key not found.
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4459499d-1677-11e6-a3d7-001fd084678a} => key not found.
HKLM\Software\Classes\CLSID\{4459499d-1677-11e6-a3d7-001fd084678a} => key not found.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-667600844-4042081094-1971980655-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => key not found.
HKLM\Software\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => value not found.
HKLM\Software\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => key not found.
aemxl3qq => service not found.
"C:\Users\Lenka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.

"C:\Users\Lenka\AppData\Local\Temp" folder move:

Could not move "C:\Users\Lenka\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8119332 B
Java, Flash, Steam htmlcache => 2988 B
Windows/system/drivers => 676856559 B
Edge => 0 B
Chrome => 3587072 B
Firefox => 80113648 B
Opera => 118784 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 82868 B
LocalService => 0 B
NetworkService => 0 B

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-09-2017 11:10:34)

==> ATTENTION: System is not rebooted.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-09-2017 11:17:24)

==> ATTENTION: System is not rebooted.
"C:\Users\Lenka\AppData\Local\Temp" => Could not move

==== End of Fixlog 11:25:45 ====

Smazáno. Ještě restartujte PC:

==> ATTENTION: System is not rebooted.