VIRY.CZ

Dobrý den,

prosím o pomoc s problémem PC, který používá moje manželka. Obsah vytvořený z FRST je níže.

Děkuji za pomoc předem.

Richard

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.05.2018 01
Ran by avasku (administrator) on NOTEBOOK-DOMA (06-05-2018 23:10:27)
Running from C:\Users\avasku\Desktop
Loaded Profiles: avasku (Available Profiles: avasku)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\avasku\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-05] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2918656 2011-01-12] (ESET)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-03-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499208 2015-06-11] (Lenovo)
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {0c95c4e2-9080-11e7-82c9-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {f25ebaaf-861c-11e6-82a9-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {f75f5317-2de7-11e7-82bb-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.2 10.0.1.6 192.168.1.1
Tcpip\..\Interfaces\{5EDBD75A-7BC6-451E-A34F-9F60B2F77587}: [DhcpNameServer] 10.0.1.2 10.0.1.6 192.168.1.1
Tcpip\..\Interfaces\{A9990539-0C94-42CB-BF5E-C5200282093C}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {6BD6D370-A29C-4D62-B9DA-527532BA32EB} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-195235002-2657258268-4010509441-1001 -> {6BD6D370-A29C-4D62-B9DA-527532BA32EB} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)

FireFox:
========
FF DefaultProfile: yplsswr1.default
FF ProfilePath: C:\Users\avasku\AppData\Roaming\Mozilla\Firefox\Profiles\yplsswr1.default [2016-03-01]
FF ProfilePath: C:\Users\avasku\AppData\Roaming\Greyfirst\Celtx\Profiles\ka6e5dmr.default [2018-05-03]
FF Extension: (Timezone Definitions for Mozilla Calendar) - C:\Program Files (x86)\Celtx\extensions\calendar-timezones@mozilla.org [2015-12-16] [Legacy] [not signed]
FF Extension: (Default Shot Palette) - C:\Program Files (x86)\Celtx\extensions\default-palette@celtx.com [2015-12-16] [Legacy] [not signed]
FF Extension: (MSN-Smileys) - C:\Program Files (x86)\Celtx\extensions\emoticons-msn-smileys@m513901.de [2015-12-16] [Legacy] [not signed]
FF Extension: (DOM Inspector) - C:\Program Files (x86)\Celtx\extensions\inspector@mozilla.org [2015-12-16] [Legacy] [not signed]
FF Extension: (Blackened) - C:\Program Files (x86)\Celtx\extensions\messagestyle-blackened@addons.instantbird.org [2015-12-16] [Legacy] [not signed]
FF Extension: (Depth) - C:\Program Files (x86)\Celtx\extensions\messagestyle-depth@addons.instantbird.org [2015-12-16] [Legacy] [not signed]
FF Extension: (Minimal) - C:\Program Files (x86)\Celtx\extensions\messagestyle-minimal20@addons.instantbird.org [2015-12-16] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-01-14] [Legacy] [not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default [2018-05-06]
CHR Extension: (Prezentace) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Dokumenty) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Disk Google) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-06]
CHR Extension: (YouTube) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-06]
CHR Extension: (Adblock Plus) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-20]
CHR Extension: (Vyhledávání Google) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-06]
CHR Extension: (Adobe Acrobat) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Tabulky) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-06]
CHR Extension: (Komponenta pro aplikaci SERVIS 24) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\gincjcoomijeeoddomaaimknmflggfnb [2017-11-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (AdBlocker Ultimate) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2018-05-01]
CHR Extension: (Gmail) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2011-01-12] (ESET)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-07-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-09-05] (Realtek Semiconductor)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269912 2017-11-09] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [153304 2014-04-23] (Broadcom Corporation.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [125296 2010-12-21] (ESET)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-06-10] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-06-10] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-11] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-10-18] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2014-08-18] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-08-18] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [31512 2014-08-26] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [267264 2016-08-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-06 23:10 - 2018-05-06 23:10 - 000018270 _____ C:\Users\avasku\Desktop\FRST.txt
2018-05-06 23:09 - 2018-05-06 23:10 - 000000000 ____D C:\FRST
2018-05-06 23:02 - 2018-05-06 23:02 - 000112640 _____ (forum.viry.cz) C:\Users\avasku\Desktop\FRSTLauncher.exe
2018-05-06 23:00 - 2018-05-06 23:00 - 002406912 _____ (Farbar) C:\Users\avasku\Desktop\FRST64.exe
2018-05-03 19:36 - 2018-05-06 22:55 - 000000000 ___DO C:\Users\avasku\OneDrive
2018-05-02 18:24 - 2018-05-02 18:06 - 006482768 _____ C:\Users\avasku\Desktop\10-15_sochy.pdf
2018-04-23 11:18 - 2018-05-03 10:44 - 000000000 ____D C:\Users\avasku\AppData\Local\CrashDumps
2018-04-22 18:17 - 2018-05-02 10:48 - 000003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2018-04-20 07:21 - 2018-05-03 16:20 - 000000000 ____D C:\Users\avasku\Desktop\10_stoplus
2018-04-13 11:33 - 2018-03-16 20:51 - 000144000 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-13 11:33 - 2018-03-14 15:23 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-13 11:33 - 2018-03-14 15:23 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-06 18:43 - 2018-04-06 18:43 - 000001129 _____ C:\Users\avasku\Downloads\Neomat export.csv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-06 23:02 - 2014-10-18 12:37 - 000762978 _____ C:\Windows\system32\perfh005.dat
2018-05-06 23:02 - 2014-10-18 12:37 - 000163700 _____ C:\Windows\system32\perfc005.dat
2018-05-06 23:02 - 2014-03-18 11:53 - 001876148 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-06 23:02 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2018-05-06 23:00 - 2014-12-31 21:06 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-195235002-2657258268-4010509441-1001
2018-05-06 22:55 - 2014-12-31 21:01 - 000000000 ____D C:\Users\avasku
2018-05-06 22:54 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-06 22:45 - 2014-12-31 21:02 - 000003994 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3D1174C0-4D37-4589-A203-F2C5FA8FBF32}
2018-05-06 15:29 - 2015-12-08 12:13 - 000000000 ____D C:\Users\avasku\AppData\Roaming\Skype
2018-05-06 13:14 - 2016-05-10 12:36 - 000000364 _____ C:\Windows\Tasks\HPCeeScheduleForavasku.job
2018-05-06 13:13 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-05-03 19:22 - 2016-09-09 00:26 - 000003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForavasku
2018-05-03 16:24 - 2016-05-27 15:52 - 000000600 _____ C:\Users\avasku\AppData\Roaming\winscp.rnd
2018-05-03 11:45 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2018-05-03 08:54 - 2015-12-04 09:50 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-03 08:54 - 2015-12-04 09:50 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-03 08:52 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness
2018-05-02 11:19 - 2017-09-15 09:19 - 000000000 ___RD C:\Users\avasku\Desktop\Stažené soubory
2018-04-30 11:53 - 2018-03-13 17:11 - 000000000 ____D C:\Users\avasku\Desktop\aukro
2018-04-30 07:10 - 2018-03-28 15:30 - 000000000 ____D C:\Users\avasku\Desktop\WEBOVKY
2018-04-27 04:21 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\tracing
2018-04-23 18:23 - 2014-12-31 21:01 - 000000000 ____D C:\Users\avasku\AppData\Local\Packages
2018-04-22 12:23 - 2015-02-05 21:25 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-13 19:27 - 2015-01-14 15:45 - 000000000 ____D C:\Windows\system32\MRT
2018-04-13 19:20 - 2017-10-20 11:23 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-13 19:19 - 2015-01-14 15:45 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-13 13:25 - 2015-12-11 00:44 - 000000000 ____D C:\Users\avasku\AppData\Roaming\BSplayer

==================== Files in the root of some directories =======

2016-05-27 15:52 - 2018-05-03 16:24 - 000000600 _____ () C:\Users\avasku\AppData\Roaming\winscp.rnd

Some files in TEMP:
====================
2015-02-26 15:50 - 2013-06-04 11:30 - 000050432 ____R () C:\Users\avasku\AppData\Local\Temp\Extract.exe
2015-01-14 13:54 - 2012-11-10 20:20 - 000150600 ____R (Microsoft Corporation) C:\Users\avasku\AppData\Local\Temp\ose00000.exe
2015-01-14 14:21 - 2012-11-10 20:20 - 000150600 ____R (Microsoft Corporation) C:\Users\avasku\AppData\Local\Temp\ose00001.exe
2018-04-27 10:41 - 2018-04-27 10:42 - 058834376 _____ (Skype Technologies S.A.) C:\Users\avasku\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-22 17:41

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows) (Fixed) (Total:21.12 GB) (Free:0.25 GB) NTFS
\\?\Volume{4c987669-a526-4e9e-a5f2-78382daaddca}\ (Images) (Fixed) (Total:7.62 GB) (Free:0.27 GB) NTFS

Available physical RAM: 290.37 MB
Total physical RAM: 1935.27 MB
Percentage of memory in use: 84%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 29.1 GB) (Disk ID: F23E93BD)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\HPCeeScheduleForavasku.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\avasku\Soubory cookie:ZepMq6vmo219Pb3dsDCU6PTtZq [2148]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_email1229235768 [1431]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_firmy-216282473 [2302]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_novinky-1609642764 [2302]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_prozeny771666966 [2302]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_sport6476750 [2302]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_stream1444311432 [703]
AlternateDataStreams: C:\Users\avasku\AppData\Roaming\Microsoft\Windows\Start Menu\Seznam.cz.website:DESTICON_super-41222104 [2302]

==================== Security Center ==================

AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\avasku\Desktop" je 877 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001


==================== End Of Log ==============================

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Dobré odpoledne,

dík za radu. Níže posílám log:

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-05-02.2
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-07-2018
# Duration: 00:00:03
# OS: Windows 8.1
# Cleaned: 8
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\pandasecuritytb

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKCU\Software\Video Player

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted TANGONEXION
Deleted Softonic EN
Deleted Softonic EN
Deleted Softonic EN

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Dejte nový log FRST.

nový log z FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.05.2018 01
Ran by avasku (administrator) on NOTEBOOK-DOMA (07-05-2018 19:09:18)
Running from C:\Users\avasku\Desktop
Loaded Profiles: avasku (Available Profiles: avasku)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClient.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-05] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2918656 2011-01-12] (ESET)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-03-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499208 2015-06-11] (Lenovo)
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {0c95c4e2-9080-11e7-82c9-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {f25ebaaf-861c-11e6-82a9-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {f75f5317-2de7-11e7-82bb-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.2 10.0.1.6 192.168.1.1
Tcpip\..\Interfaces\{5EDBD75A-7BC6-451E-A34F-9F60B2F77587}: [DhcpNameServer] 10.0.1.2 10.0.1.6 192.168.1.1
Tcpip\..\Interfaces\{A9990539-0C94-42CB-BF5E-C5200282093C}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {6BD6D370-A29C-4D62-B9DA-527532BA32EB} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-195235002-2657258268-4010509441-1001 -> {6BD6D370-A29C-4D62-B9DA-527532BA32EB} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)

FireFox:
========
FF DefaultProfile: yplsswr1.default
FF ProfilePath: C:\Users\avasku\AppData\Roaming\Mozilla\Firefox\Profiles\yplsswr1.default [2016-03-01]
FF ProfilePath: C:\Users\avasku\AppData\Roaming\Greyfirst\Celtx\Profiles\ka6e5dmr.default [2018-05-03]
FF Extension: (Timezone Definitions for Mozilla Calendar) - C:\Program Files (x86)\Celtx\extensions\calendar-timezones@mozilla.org [2015-12-16] [Legacy] [not signed]
FF Extension: (Default Shot Palette) - C:\Program Files (x86)\Celtx\extensions\default-palette@celtx.com [2015-12-16] [Legacy] [not signed]
FF Extension: (MSN-Smileys) - C:\Program Files (x86)\Celtx\extensions\emoticons-msn-smileys@m513901.de [2015-12-16] [Legacy] [not signed]
FF Extension: (DOM Inspector) - C:\Program Files (x86)\Celtx\extensions\inspector@mozilla.org [2015-12-16] [Legacy] [not signed]
FF Extension: (Blackened) - C:\Program Files (x86)\Celtx\extensions\messagestyle-blackened@addons.instantbird.org [2015-12-16] [Legacy] [not signed]
FF Extension: (Depth) - C:\Program Files (x86)\Celtx\extensions\messagestyle-depth@addons.instantbird.org [2015-12-16] [Legacy] [not signed]
FF Extension: (Minimal) - C:\Program Files (x86)\Celtx\extensions\messagestyle-minimal20@addons.instantbird.org [2015-12-16] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-01-14] [Legacy] [not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default [2018-05-07]
CHR Extension: (Prezentace) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Dokumenty) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Disk Google) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-06]
CHR Extension: (YouTube) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-06]
CHR Extension: (Adblock Plus) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-04-20]
CHR Extension: (Vyhledávání Google) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-06]
CHR Extension: (Adobe Acrobat) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Tabulky) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-06]
CHR Extension: (Komponenta pro aplikaci SERVIS 24) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\gincjcoomijeeoddomaaimknmflggfnb [2017-11-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (AdBlocker Ultimate) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2018-05-01]
CHR Extension: (Gmail) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\avasku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2011-01-12] (ESET)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-07-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-09-05] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269912 2017-11-09] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [153304 2014-04-23] (Broadcom Corporation.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [125296 2010-12-21] (ESET)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-06-10] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-06-10] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-11] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-10-18] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2014-08-18] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-08-18] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [31512 2014-08-26] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [267264 2016-08-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-07 14:04 - 2018-05-07 14:05 - 000000000 ____D C:\AdwCleaner
2018-05-07 14:02 - 2018-05-07 14:02 - 007271632 _____ (Malwarebytes) C:\Users\avasku\Desktop\adwcleaner_7.1.1.exe
2018-05-07 10:10 - 2018-05-07 10:10 - 000000000 ___HD C:\OneDriveTemp
2018-05-06 23:10 - 2018-05-07 19:09 - 000017555 _____ C:\Users\avasku\Desktop\FRST.txt
2018-05-06 23:09 - 2018-05-07 19:09 - 000000000 ____D C:\FRST
2018-05-06 23:02 - 2018-05-06 23:02 - 000112640 _____ (forum.viry.cz) C:\Users\avasku\Desktop\FRSTLauncher.exe
2018-05-06 23:00 - 2018-05-06 23:00 - 002406912 _____ (Farbar) C:\Users\avasku\Desktop\FRST64.exe
2018-05-03 19:36 - 2018-05-07 14:06 - 000000000 __RDO C:\Users\avasku\OneDrive
2018-05-02 18:24 - 2018-05-02 18:06 - 006482768 _____ C:\Users\avasku\Desktop\10-15_sochy.pdf
2018-04-23 11:18 - 2018-05-03 10:44 - 000000000 ____D C:\Users\avasku\AppData\Local\CrashDumps
2018-04-22 18:17 - 2018-05-02 10:48 - 000003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2018-04-20 07:21 - 2018-05-03 16:20 - 000000000 ____D C:\Users\avasku\Desktop\10_stoplus
2018-04-13 11:33 - 2018-03-16 20:51 - 000144000 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-13 11:33 - 2018-03-14 15:23 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-13 11:33 - 2018-03-14 15:23 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-13 11:33 - 2018-03-14 15:23 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-07 14:10 - 2014-10-18 12:37 - 000762978 _____ C:\Windows\system32\perfh005.dat
2018-05-07 14:10 - 2014-10-18 12:37 - 000163700 _____ C:\Windows\system32\perfc005.dat
2018-05-07 14:10 - 2014-03-18 11:53 - 001876148 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-07 14:10 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2018-05-07 14:06 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-07 14:05 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-05-07 10:21 - 2014-12-31 21:06 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-195235002-2657258268-4010509441-1001
2018-05-07 10:13 - 2014-12-31 21:02 - 000003994 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3D1174C0-4D37-4589-A203-F2C5FA8FBF32}
2018-05-06 23:48 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness
2018-05-06 23:20 - 2014-12-31 21:01 - 000000000 ____D C:\Users\avasku\AppData\Local\Packages
2018-05-06 22:55 - 2014-12-31 21:01 - 000000000 ____D C:\Users\avasku
2018-05-06 15:29 - 2015-12-08 12:13 - 000000000 ____D C:\Users\avasku\AppData\Roaming\Skype
2018-05-06 13:14 - 2016-05-10 12:36 - 000000364 _____ C:\Windows\Tasks\HPCeeScheduleForavasku.job
2018-05-03 19:22 - 2016-09-09 00:26 - 000003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForavasku
2018-05-03 16:24 - 2016-05-27 15:52 - 000000600 _____ C:\Users\avasku\AppData\Roaming\winscp.rnd
2018-05-03 11:45 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2018-05-03 08:54 - 2015-12-04 09:50 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-03 08:54 - 2015-12-04 09:50 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-02 11:19 - 2017-09-15 09:19 - 000000000 ___RD C:\Users\avasku\Desktop\Stažené soubory
2018-04-30 11:53 - 2018-03-13 17:11 - 000000000 ____D C:\Users\avasku\Desktop\aukro
2018-04-30 07:10 - 2018-03-28 15:30 - 000000000 ____D C:\Users\avasku\Desktop\WEBOVKY
2018-04-27 04:21 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\tracing
2018-04-22 12:23 - 2015-02-05 21:25 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-13 19:27 - 2015-01-14 15:45 - 000000000 ____D C:\Windows\system32\MRT
2018-04-13 19:20 - 2017-10-20 11:23 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-13 19:19 - 2015-01-14 15:45 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-13 13:25 - 2015-12-11 00:44 - 000000000 ____D C:\Users\avasku\AppData\Roaming\BSplayer

==================== Files in the root of some directories =======

2016-05-27 15:52 - 2018-05-03 16:24 - 000000600 _____ () C:\Users\avasku\AppData\Roaming\winscp.rnd

Some files in TEMP:
====================
2015-02-26 15:50 - 2013-06-04 11:30 - 000050432 ____R () C:\Users\avasku\AppData\Local\Temp\Extract.exe
2015-01-14 13:54 - 2012-11-10 20:20 - 000150600 ____R (Microsoft Corporation) C:\Users\avasku\AppData\Local\Temp\ose00000.exe
2015-01-14 14:21 - 2012-11-10 20:20 - 000150600 ____R (Microsoft Corporation) C:\Users\avasku\AppData\Local\Temp\ose00001.exe
2018-04-27 10:41 - 2018-04-27 10:42 - 058834376 _____ (Skype Technologies S.A.) C:\Users\avasku\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-06 23:40

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {0c95c4e2-9080-11e7-82c9-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {f25ebaaf-861c-11e6-82a9-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {f75f5317-2de7-11e7-82bb-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\avasku\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Postupoval jsem dle návodu, ale po skončení se PC automaticky restartoval, nový log se neobjevil a zmizel soubor fixlist.txt - je to v pořádku?

Děkuji,

Richard

Koukal jsem na jiné příspěvky a je to zřejmě ok Níže vkládám nový log, který se vytvořil

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by avasku (07-05-2018 22:16:10) Run:1
Running from C:\Users\avasku\Desktop
Loaded Profiles: avasku (Available Profiles: avasku)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {0c95c4e2-9080-11e7-82c9-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {f25ebaaf-861c-11e6-82a9-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\...\MountPoints2: {f75f5317-2de7-11e7-82bb-ecb1d7c1141e} - "D:\Lenovo_Suite.exe"
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\avasku\AppData\Local\Temp

EmptyTemp:
End

*****************

Processes closed successfully.
"HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
"HKU\S-1-5-21-195235002-2657258268-4010509441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c95c4e2-9080-11e7-82c9-ecb1d7c1141e}" => removed successfully
HKLM\Software\Classes\CLSID\{0c95c4e2-9080-11e7-82c9-ecb1d7c1141e} => not found
"HKU\S-1-5-21-195235002-2657258268-4010509441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f25ebaaf-861c-11e6-82a9-ecb1d7c1141e}" => removed successfully
HKLM\Software\Classes\CLSID\{f25ebaaf-861c-11e6-82a9-ecb1d7c1141e} => not found
"HKU\S-1-5-21-195235002-2657258268-4010509441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f75f5317-2de7-11e7-82bb-ecb1d7c1141e}" => removed successfully
HKLM\Software\Classes\CLSID\{f75f5317-2de7-11e7-82bb-ecb1d7c1141e} => not found
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL" => removed successfully
HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-195235002-2657258268-4010509441-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
C:\Users\avasku\AppData\Local\Temp => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10042469 B
Java, Flash, Steam htmlcache => 1521 B
Windows/system/drivers => 371616308 B
Edge => 0 B
Chrome => 206674565 B
Firefox => 9997671 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 216193 B
LocalService => 469254 B
NetworkService => 3342 B
avasku => 50017316 B

RecycleBin => 67201930 B
EmptyTemp: => 691.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:17:01 ====

Smazáno. Nastala nějaká změna?

Ano, cca 400mb se uvolnilo. Dekuju

To není zrovna mnoho. Bude třeba uvolnit disk tak, aby na něm zbylo cca 6 - 8GB volného místa. V opačném případě se vám bude PC zpomalovat, případně zatuhávat. Některé vaše data bude třeba přesunout na jiné úložiště. Jinak nemáte zač.

Musim to nejak udelat. Uz zase zmizelo bez aktualizaci a nejakeho stahovani cca 500MB mista, tak nevim proc to je - Win 8 zabiraji temer 20GB. Jedine me napada zkusit defragmentaci, pak uz snad jen reinstalace Win...

Diky jeste jednou a zdravim,

Richard

ospravedlnujem sa za vstup:
- vypni obnovu systemu - restart a zapni obnovu systemu