Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by Ekospol (administrator) on NOSKA (03-01-2017 08:39:39)
Running from C:\Users\Ekospol\Documents\b3
Loaded Profiles: Ekospol (Available Profiles: Ekospol & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

========================================================

C:\FRST\FRST64.exe => Win32/Suweezy? - moved successfully

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Zabbix SIA) C:\zabbix\zabbix_agentd.exe
(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
() C:\Windows\temp\gD52B.tmp.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7570136 2014-04-15] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-03-06] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2014-02-05] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-02] (AVAST Software)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM\...\RunOnce: [wd] => C:\windows\TEMP\gD52B.tmp.exe [249856 2017-01-03] () <===== ATTENTION
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-2861624394-871130569-1612233255-1001\...\Run: [HP Officejet 7500 E910 (NET)] => C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2861624394-871130569-1612233255-1001\...\Run: [Google Update] => C:\Users\Ekospol\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-19] (Google Inc.)
HKU\S-1-5-21-2861624394-871130569-1612233255-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-2861624394-871130569-1612233255-1001\...\RunOnce: [Uninstall C:\Users\Ekospol\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ekospol\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-2861624394-871130569-1612233255-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-02] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll No File 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.251
Tcpip\..\Interfaces\{46860AD7-E388-466F-BF98-AE642F1A7127}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{46860AD7-E388-466F-BF98-AE642F1A7127}: [DhcpNameServer] 192.168.1.251

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-10-11] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2014-02-05] (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-01-02] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: kcee1srb.default
FF ProfilePath: C:\Users\Ekospol\AppData\Roaming\Mozilla\Firefox\Profiles\kcee1srb.default [2017-01-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-03]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-08-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-02-11] (DigitalPersona, Inc.)
FF Plugin HKU\S-1-5-21-2861624394-871130569-1612233255-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ekospol\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2861624394-871130569-1612233255-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ekospol\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.kdb.cz/
CHR StartupUrls: Default -> "hxxp://dev.rezervacnik.cz/www/","hxxps://github.com/jakubhouzvicka/Rezervacnik-DEV/commits/master"
CHR DefaultSearchKeyword: Default -> google.cz_
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Default [2017-01-03]
CHR Extension: (Prezentace Google) - C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-25]
CHR Extension: (Dokumenty Google) - C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-25]
CHR Extension: (Disk Google) - C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-13]
CHR Extension: (YouTube) - C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-13]
CHR Extension: (Vyhledávání Google) - C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-25]
CHR Extension: (Avast SafePrice) - C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-02]
CHR Extension: (Tabulky Google) - C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-25]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2016-12-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-13]
CHR Extension: (Gmail) - C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-25]
CHR Extension: (Chrome Media Router) - C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-19]
CHR Profile: C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-12-30]
CHR Extension: (Avast Online Security) - C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-06]
CHR Extension: (HP Client Security Manager) - C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2016-12-06]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\Ekospol\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2014-02-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2015-09-15] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-02] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2017-01-02] (AVAST Software)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [76336 2016-11-28] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-11-01] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2014-02-11] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-11-20] (Hewlett-Packard Company)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-20] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-04] (Microsoft Corporation)
R2 Zabbix Agent; C:\zabbix\zabbix_agentd.exe [385024 2015-03-12] (Zabbix SIA) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2017-01-02] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [37144 2017-01-02] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2017-01-02] (AVAST Software)
R4 aswNetNd6; C:\windows\System32\DRIVERS\aswNetNd6.sys [28312 2016-05-19] (AVAST Software)
R1 aswNetSec; C:\windows\system32\drivers\aswNetSec.sys [453192 2017-01-02] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2017-01-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-02] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2017-01-02] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2017-01-02] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2017-01-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-02] (AVAST Software)
R1 CLVirtualDrive; C:\windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
R0 iaStorF; C:\windows\System32\drivers\iaStorF.sys [28008 2014-03-14] (Intel Corporation)
S3 MEIx64; C:\windows\system32\drivers\TeeDriverx64.sys [116736 2014-02-20] (Intel Corporation)
R0 PinFile; C:\windows\System32\DRIVERS\PinFile.sys [49856 2014-02-03] (WinMagic Inc.)
R0 SDDisk2K; C:\windows\System32\DRIVERS\SDDisk2K.sys [228544 2014-02-03] (WinMagic Inc.)
R0 SDDToki; C:\windows\System32\DRIVERS\SDDToki.sys [131264 2014-02-03] (WinMagic Inc.)
S3 wdm_usb; C:\windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-03 08:22 - 2017-01-03 08:22 - 00001930 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2017-01-03 08:18 - 2017-01-02 11:46 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\aswA405.tmp
2017-01-03 08:18 - 2017-01-02 11:46 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\aswA8BC.tmp
2017-01-03 08:18 - 2017-01-02 11:46 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\aswA987.tmp
2017-01-03 08:18 - 2017-01-02 11:45 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\aswAA63.tmp
2017-01-03 08:18 - 2017-01-02 11:45 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\aswA724.tmp
2017-01-03 08:18 - 2017-01-02 11:45 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswA5FA.tmp
2017-01-03 08:18 - 2017-01-02 11:45 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswA7A2.tmp
2017-01-03 08:18 - 2017-01-02 11:45 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswA687.tmp
2017-01-03 08:18 - 2017-01-02 11:44 - 00453192 _____ (AVAST Software) C:\windows\system32\Drivers\aswA184.tmp
2017-01-03 08:18 - 2017-01-02 11:44 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswA29E.tmp
2017-01-03 08:17 - 2017-01-02 11:45 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2017-01-02 13:13 - 2017-01-02 13:13 - 00000031 _____ C:\Users\Ekospol\Documents\b904.txt
2017-01-02 11:44 - 2017-01-02 11:44 - 00053208 _____ (AVAST Software) C:\windows\avastSS.scr
2017-01-02 11:01 - 2017-01-02 11:01 - 00003428 _____ C:\Users\Ekospol\Documents\php.txt
2017-01-02 10:06 - 2017-01-02 10:20 - 00000000 ____D C:\Users\Ekospol\Documents\zaloha
2017-01-02 10:01 - 2015-07-21 08:39 - 00001486 _____ C:\Users\Ekospol\Documents\PK-zoo.ppk
2016-12-30 16:13 - 2017-01-02 08:33 - 00014153 _____ C:\Users\Ekospol\Documents\PPC tab.xlsx
2016-12-30 15:42 - 2017-01-02 08:43 - 00014260 _____ C:\Users\Ekospol\Documents\PPC.docx
2016-12-30 14:15 - 2016-12-30 15:19 - 00000574 _____ C:\Users\Ekospol\Documents\hledanosti.txt
2016-12-30 11:30 - 2016-12-30 11:19 - 00000558 _____ C:\Users\Ekospol\Documents\indexfile.txt
2016-12-30 11:23 - 2017-01-02 20:00 - 01256271 ____H C:\Users\Ekospol\AppData\Local\IconCache.db
2016-12-30 11:19 - 2016-12-30 11:19 - 18169218 _____ C:\Users\Ekospol\Documents\Firefox 50.1.0 (x86 cs) - 2016-12-30.pcv
2016-12-30 11:18 - 2016-12-30 11:18 - 00782052 _____ C:\Users\Ekospol\Downloads\MozBackup-1.5.1-EN.zip
2016-12-30 11:12 - 2016-12-30 11:12 - 00000000 ____D C:\Users\Ekospol\Documents\!eko-profily
2016-12-30 11:05 - 2017-01-03 08:33 - 00000000 ____D C:\windows\temp
2016-12-30 11:03 - 2017-01-03 08:40 - 00016704 _____ C:\windows\System32\Tasks\2349r938o1m109
2016-12-30 11:03 - 2016-12-30 11:03 - 00000000 ___HD C:\ProgramData\2349r938o1m109
2016-12-30 11:01 - 2016-12-30 11:01 - 00009028 _____ C:\Users\Ekospol\Documents\maily.xlsx
2016-12-29 15:41 - 2017-01-02 09:21 - 00000000 ____D C:\Users\Ekospol\AppData\Roaming\Adobe
2016-12-29 15:41 - 2017-01-02 09:21 - 00000000 ____D C:\ProgramData\Adobe
2016-12-29 15:41 - 2016-12-30 08:53 - 00000000 ____D C:\Users\Ekospol\AppData\Local\Adobe
2016-12-29 07:53 - 2017-01-02 08:57 - 00000000 ____D C:\Users\Ekospol\AppData\Local\CrashDumps
2016-12-29 07:49 - 2016-12-29 07:51 - 00000000 ____D C:\AdwCleaner
2016-12-28 16:23 - 2017-01-03 08:39 - 00000000 ____D C:\FRST
2016-12-28 15:45 - 2016-12-28 15:45 - 00000000 ____D C:\Users\Ekospol\AppData\Local\CEF
2016-12-28 11:46 - 2016-12-28 12:48 - 00688352 _____ C:\windows\ntbtlog.txt
2016-12-28 11:11 - 2017-01-03 08:35 - 00524288 ___SH C:\windows\system32\config\components{98d44401-cce5-11e6-a2ea-a0d3c1441637}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 11:11 - 2017-01-03 08:35 - 00065536 ___SH C:\windows\system32\config\components{98d44401-cce5-11e6-a2ea-a0d3c1441637}.TM.blf
2016-12-28 11:11 - 2016-12-28 11:25 - 00524288 ___SH C:\windows\system32\config\components{98d44401-cce5-11e6-a2ea-a0d3c1441637}.TMContainer00000000000000000002.regtrans-ms
2016-12-28 09:34 - 2016-12-28 09:46 - 00000000 __SHD C:\Config.Msi
2016-12-23 16:01 - 2016-12-23 16:09 - 00000000 __SHD C:\Users\Public\DRM
2016-12-23 14:32 - 2016-12-23 14:36 - 00000577 _____ C:\Users\Ekospol\Documents\temp.txt
2016-12-23 10:57 - 2016-12-23 10:57 - 00006477 _____ C:\Users\Ekospol\Desktop\JRT.txt
2016-12-23 10:48 - 2016-12-23 10:54 - 00002124 _____ C:\Users\Ekospol\Desktop\Rkill.txt
2016-12-23 09:24 - 2016-12-23 09:55 - 00015627 _____ C:\Users\Ekospol\Documents\AdWords.docx
2016-12-23 08:35 - 2016-12-23 08:35 - 00092827 _____ C:\Users\Ekospol\Downloads\2016_12_7_barrandov-hruba-stavba (1).pdf
2016-12-23 08:34 - 2016-12-23 08:34 - 00092844 _____ C:\Users\Ekospol\Downloads\2016_12_19_ekospol-pf (1).pdf
2016-12-23 08:17 - 2016-12-23 08:17 - 00091876 _____ C:\Users\Ekospol\Downloads\nové přednášky_veterináři.pdf
2016-12-22 08:47 - 2016-12-22 08:47 - 00092850 _____ C:\Users\Ekospol\Downloads\2016_12_19_ekospol-pf.pdf
2016-12-22 08:10 - 2016-12-22 08:11 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-21 14:04 - 2016-12-21 14:04 - 00000000 ____D C:\Users\Ekospol\AppData\Roaming\VitySoft
2016-12-20 09:13 - 2016-12-20 09:13 - 00000990 _____ C:\windows\system32\.crusader
2016-12-20 08:53 - 2016-12-20 09:21 - 00000000 ____D C:\Program Files\HitmanPro
2016-12-20 08:52 - 2016-12-20 09:14 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-20 08:47 - 2016-12-20 08:47 - 03977168 _____ C:\Users\Ekospol\Downloads\adwcleaner_6.041.exe
2016-12-19 12:37 - 2017-01-03 08:12 - 00267366 _____ C:\windows\PFRO.log
2016-12-19 08:49 - 2016-12-19 08:49 - 00092833 _____ C:\Users\Ekospol\Downloads\2016_12_7_barrandov-hruba-stavba.pdf
2016-12-14 09:45 - 2017-01-03 08:12 - 00002726 _____ C:\windows\setupact.log
2016-12-14 09:45 - 2016-12-14 09:45 - 00000000 _____ C:\windows\setuperr.log
2016-12-13 10:13 - 2017-01-03 08:39 - 00743966 _____ C:\zabbix_agentd.log
2016-12-12 11:48 - 2016-12-12 11:48 - 00000000 _____ C:\autoexec.bat
2016-12-12 11:45 - 2016-12-12 11:45 - 00000000 ____D C:\Users\Ekospol\Start Menu
2016-12-12 10:42 - 2016-12-12 10:42 - 00091093 _____ C:\Users\Ekospol\Downloads\Kontakty(2).csv
2016-12-12 10:42 - 2016-12-12 10:42 - 00091093 _____ C:\Users\Ekospol\Downloads\Kontakty(1).csv
2016-12-09 08:29 - 2016-12-09 08:29 - 00092003 _____ C:\Users\Ekospol\Downloads\nové přednášky_pátá_vlna-na všechny (4).pdf
2016-12-08 08:48 - 2016-12-08 08:48 - 00092003 _____ C:\Users\Ekospol\Downloads\nové přednášky_pátá_vlna-na všechny (3).pdf
2016-12-07 14:52 - 2016-12-07 14:52 - 00092007 _____ C:\Users\Ekospol\Downloads\nové přednášky_pátá_vlna-na všechny (2).pdf
2016-12-06 15:38 - 2016-12-06 15:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-06 14:51 - 2016-12-06 14:51 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe
2016-12-06 14:28 - 2016-12-06 14:28 - 00006030 _____ C:\windows\System32\Tasks\Galerentannly Server
2016-12-06 14:27 - 2016-12-06 14:27 - 00000929 _____ C:\Users\Public\Desktop\Download setup.lnk
2016-12-06 14:21 - 2017-01-03 08:39 - 00000000 ____D C:\Users\Ekospol\Documents\b3
2016-12-06 10:25 - 2016-12-06 10:25 - 00091966 _____ C:\Users\Ekospol\Downloads\nové přednášky_pátá_vlna-na všechny.pdf
2016-12-06 10:25 - 2016-12-06 10:25 - 00091966 _____ C:\Users\Ekospol\Downloads\nové přednášky_pátá_vlna-na všechny (1).pdf
2016-12-05 15:01 - 2016-12-05 15:01 - 00091935 _____ C:\Users\Ekospol\Downloads\nové přednášky_čtvrtá_vlna.pdf
2016-12-05 15:00 - 2016-12-05 15:00 - 00091871 _____ C:\Users\Ekospol\Downloads\2x přednáška-třetí rozesílka-co neotevřeli.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-03 08:38 - 2016-05-16 09:38 - 00000911 _____ C:\windows\Tasks\EPSON L1300 Series Update {DE41C75C-65A8-4BA4-BA9F-9234500E0AC8}.job
2017-01-03 08:38 - 2016-05-16 09:38 - 00000725 _____ C:\windows\Tasks\EPSON L1300 Series Invitation {DE41C75C-65A8-4BA4-BA9F-9234500E0AC8}.job
2017-01-03 08:38 - 2009-07-14 06:32 - 00000000 ____D C:\windows\system32\FxsTmp
2017-01-03 08:36 - 2016-11-18 16:45 - 00000000 ____D C:\Users\Ekospol\AppData\LocalLow\Mozilla
2017-01-03 08:36 - 2014-11-03 10:06 - 00000000 ____D C:\Users\Ekospol\Documents\Soubory aplikace Outlook
2017-01-03 08:35 - 2015-09-16 09:16 - 00000600 _____ C:\Users\Ekospol\AppData\Roaming\winscp.rnd
2017-01-03 08:35 - 2014-12-31 14:30 - 00000000 ____D C:\Users\Ekospol\AppData\Roaming\KeePass
2017-01-03 08:32 - 2009-07-14 05:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-03 08:32 - 2009-07-14 05:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-03 08:22 - 2015-12-18 08:11 - 00003884 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1450422716
2017-01-03 08:20 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf
2017-01-03 08:18 - 2014-10-08 13:52 - 00003922 _____ C:\windows\System32\Tasks\avast! Emergency Update
2017-01-03 08:17 - 2015-08-31 07:34 - 00000000 ____D C:\Users\Ekospol\AppData\Roaming\Skype
2017-01-03 08:13 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-01-02 14:02 - 2014-11-07 14:03 - 00000000 ____D C:\Users\Ekospol\AppData\Roaming\Google
2017-01-02 11:46 - 2014-10-08 13:52 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2017-01-02 11:46 - 2014-10-08 13:52 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2017-01-02 11:46 - 2014-10-08 13:52 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2017-01-02 11:45 - 2014-10-08 13:52 - 00513496 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys.148335399425610
2017-01-02 11:45 - 2014-10-08 13:52 - 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys.148335399676912
2017-01-02 11:45 - 2014-10-08 13:52 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2017-01-02 11:45 - 2014-10-08 13:52 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2017-01-02 11:45 - 2014-10-08 13:52 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2017-01-02 11:45 - 2014-10-08 13:52 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2017-01-02 11:45 - 2014-10-08 13:52 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2017-01-02 11:44 - 2016-05-19 11:37 - 00453192 _____ (AVAST Software) C:\windows\system32\Drivers\aswNetSec.sys
2017-01-02 11:44 - 2014-10-08 13:52 - 00969560 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys.148335399130707
2017-01-02 11:44 - 2014-10-08 13:52 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2017-01-02 10:59 - 2016-09-22 09:22 - 00000000 ____D C:\Users\Ekospol\AppData\Roaming\jEdit
2017-01-02 10:52 - 2016-10-06 07:58 - 00000000 ____D C:\Users\Ekospol\Documents\zaloha souboru
2017-01-02 10:08 - 2015-09-16 09:13 - 00000000 ____D C:\Program Files (x86)\WinSCP
2016-12-30 11:14 - 2009-07-14 04:20 - 00000000 ____D C:\windows\Tasks
2016-12-30 11:03 - 2016-07-22 14:53 - 00000000 ____D C:\Users\Ekospol\AppData\LocalLow\Temp
2016-12-30 11:03 - 2009-07-14 04:20 - 00000000 ___HD C:\ProgramData
2016-12-30 11:01 - 2009-07-14 04:20 - 00000000 ___RD C:\Program Files (x86)
2016-12-29 15:47 - 2014-08-08 06:06 - 00684158 _____ C:\windows\system32\perfh005.dat
2016-12-29 15:47 - 2014-08-08 06:06 - 00146664 _____ C:\windows\system32\perfc005.dat
2016-12-29 15:47 - 2009-07-14 06:13 - 01617264 _____ C:\windows\system32\PerfStringBackup.INI
2016-12-29 15:47 - 2009-07-14 03:36 - 00661124 _____ C:\windows\system32\perfh009.dat
2016-12-29 15:47 - 2009-07-14 03:36 - 00126744 _____ C:\windows\system32\perfc009.dat
2016-12-29 15:46 - 2014-10-08 02:56 - 00000000 ____D C:\Users\Ekospol\AppData\Roaming
2016-12-29 15:46 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)\Common Files
2016-12-29 11:24 - 2016-04-29 14:55 - 00000000 ____D C:\Users\Ekospol\Documents\bann
2016-12-29 08:05 - 2009-07-14 06:08 - 00032638 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-12-28 20:08 - 2009-07-14 03:34 - 00189440 ____H C:\Users\Default\NTUSER.DAT.LOG1
2016-12-28 20:06 - 2016-10-31 10:18 - 00000000 ____D C:\Users\Ekospol\AppData\Roaming\Wise Auto Shutdown
2016-12-28 20:06 - 2016-06-07 07:12 - 00000000 ____D C:\Users\Ekospol\AppData\Local\Intel_Corporation
2016-12-28 20:06 - 2015-12-04 08:21 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-12-28 20:06 - 2015-04-07 16:26 - 00000000 ____D C:\Users\Guest
2016-12-28 20:06 - 2015-02-24 16:27 - 00000000 ____D C:\Users\Ekospol\AppData\Local\BusyNeed
2016-12-28 20:06 - 2015-01-26 16:33 - 00000000 ____D C:\Users\Ekospol\AppData\Local\Avant_Prime
2016-12-28 20:06 - 2015-01-26 16:21 - 00000000 ____D C:\Users\Ekospol\AppData\Local\Softomotive
2016-12-28 20:06 - 2015-01-26 16:20 - 00000000 ____D C:\Users\Ekospol\AppData\Local\IIIQ
2016-12-28 20:06 - 2015-01-26 09:24 - 00000000 ____D C:\Users\Ekospol\AppData\Local\CloverETL Designer Community
2016-12-28 20:06 - 2014-12-22 17:28 - 00000000 ____D C:\Users\Ekospol\AppData\Local\Microsoft_Corporation
2016-12-28 20:06 - 2014-12-18 13:42 - 00000000 ____D C:\Users\Ekospol\AppData\Local\Doist_Ltd
2016-12-28 20:06 - 2014-11-21 15:47 - 00000000 ____D C:\Users\Ekospol\AppData\Local\gtk-2.0
2016-12-28 20:06 - 2014-11-03 15:36 - 00000000 ____D C:\Users\Ekospol\AppData\Roaming\GHISLER
2016-12-28 20:06 - 2014-10-08 02:57 - 00000000 ____D C:\Users\Ekospol\AppData\Local\RemEngine
2016-12-28 20:06 - 2014-10-08 02:57 - 00000000 ____D C:\Users\Ekospol\AppData\Local\Hewlett-Packard_Company
2016-12-28 20:06 - 2014-10-08 02:56 - 00000000 ____D C:\Users\Ekospol
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\SysWOW64\sk-SK
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\SysWOW64\en-US
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\SysWOW64\cs-CZ
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\SysWOW64
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\wfp
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\wbem
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\System32\Tasks\Microsoft
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\sk-SK
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\en-US
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\cs-CZ
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\config\systemprofile
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\CodeIntegrity
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\catroot2
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\Boot
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\servicing
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\registration
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\windows\AppPatch
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-12-28 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-28 20:04 - 2013-12-03 21:22 - 00000000 __SHD C:\windows\Installer
2016-12-28 20:04 - 2009-07-14 04:20 - 00000000 __RSD C:\windows\assembly
2016-12-28 20:04 - 2009-07-14 04:20 - 00000000 ____D C:\windows\Microsoft.NET
2016-12-28 19:49 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\LogFiles
2016-12-28 14:53 - 2015-04-07 16:26 - 00786432 ___SH C:\Users\Guest\ntuser.dat
2016-12-28 14:21 - 2016-11-22 13:14 - 00000000 ____D C:\Users\Ekospol\Documents\!adwords
2016-12-28 11:42 - 2014-05-06 01:51 - 00000000 ____D C:\SWSETUP
2016-12-28 11:08 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\config\TxR
2016-12-28 10:14 - 2016-10-05 08:45 - 00524288 ___SH C:\windows\system32\config\COMPONENTS{6690baef-8acf-11e6-a583-a0d3c1441637}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 10:14 - 2016-10-05 08:45 - 00065536 ___SH C:\windows\system32\config\COMPONENTS{6690baef-8acf-11e6-a583-a0d3c1441637}.TM.blf
2016-12-28 09:55 - 2014-10-08 16:09 - 00000000 ____D C:\windows\system32\MRT
2016-12-28 09:52 - 2013-12-03 21:18 - 00000000 ____D C:\windows\Prefetch
2016-12-28 09:38 - 2009-07-14 05:45 - 00000000 ____D C:\windows\debug
2016-12-25 03:25 - 2016-02-23 16:23 - 00000000 ____D C:\windows\System32\Tasks\Games
2016-12-23 16:01 - 2009-07-14 04:20 - 00000000 ___RD C:\Users\Public
2016-12-23 11:51 - 2015-04-07 16:26 - 00000000 ____D C:\Users\Guest\AppData\Local\Temp
2016-12-23 10:57 - 2014-10-08 02:56 - 00000000 ___RD C:\Users\Ekospol\Desktop
2016-12-22 08:06 - 2014-10-09 09:16 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-12-20 09:21 - 2009-07-14 04:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs
2016-12-20 08:53 - 2009-07-14 04:20 - 00000000 ___RD C:\Program Files
2016-12-19 12:37 - 2016-10-24 07:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-19 09:07 - 2016-03-07 15:38 - 00003564 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2861624394-871130569-1612233255-1001UA
2016-12-19 09:07 - 2016-03-07 15:38 - 00003292 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2861624394-871130569-1612233255-1001Core
2016-12-19 08:31 - 2014-10-08 13:41 - 00003384 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-19 08:31 - 2014-10-08 13:41 - 00003256 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-19 08:30 - 2016-11-18 09:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-16 14:44 - 2016-12-02 10:48 - 00000000 ____D C:\Users\Ekospol\Documents\!!!analýza weby listopad 16
2016-12-16 14:13 - 2016-09-22 09:21 - 00000886 _____ C:\Users\Ekospol\Desktop\jEdit.lnk
2016-12-16 14:13 - 2016-08-23 07:54 - 00001780 _____ C:\Users\Ekospol\Desktop\CyberGhost 6.lnk
2016-12-16 14:13 - 2015-12-18 08:11 - 00001173 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-12-15 10:32 - 2014-10-08 13:42 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-13 10:11 - 2016-09-05 07:31 - 00000000 ____D C:\Users\Ekospol\AppData\Roaming\TeamViewer
2016-12-13 10:11 - 2016-09-05 07:30 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-13 10:10 - 2014-10-09 09:11 - 00000000 ____D C:\windows\Minidump
2016-12-13 10:10 - 2013-12-03 21:17 - 00000000 ____D C:\windows\Panther
2016-12-13 10:10 - 2009-07-14 04:20 - 00000000 ____D C:\windows\Logs
2016-12-12 11:45 - 2014-08-08 06:43 - 00000000 ____D C:\ProgramData\Temp
2016-12-12 09:42 - 2016-08-05 12:27 - 01048649 _____ C:\zabbix_agentd.log.old
2016-12-08 11:23 - 2016-11-09 12:17 - 00000000 ____D C:\Users\Ekospol\Documents\b2
2016-12-08 08:51 - 2016-08-09 07:41 - 00000000 ____D C:\Program Files\totalcmd
2016-12-08 08:08 - 2013-12-03 21:26 - 01608938 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-12-08 08:07 - 2009-07-14 06:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2016-12-06 16:15 - 2016-10-24 07:01 - 00000000 ____D C:\Users\Ekospol\Desktop\Původní data aplikace Firefox
2016-12-06 16:02 - 2009-07-14 04:20 - 00000000 ____D C:\windows\Vss
2016-12-06 16:00 - 2014-10-09 09:22 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2016-12-06 16:00 - 2009-07-14 03:34 - 00000826 ____N C:\windows\system32\Drivers\etc\hosts
2016-12-06 14:30 - 2016-11-15 08:52 - 00000000 ____D C:\952fa6cff9835b748175898e2946
2016-12-06 14:30 - 2015-11-11 20:28 - 00000000 ____D C:\7148f83c28e724c90e93
2016-12-06 14:30 - 2015-08-06 14:07 - 00000000 ____D C:\Marketing
2016-12-06 14:30 - 2015-03-16 15:37 - 00000000 ____D C:\Program Files (x86)\Adobe Illustrator
2016-12-06 14:30 - 2014-12-31 14:21 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2016-12-06 14:30 - 2014-08-08 06:44 - 00000000 ___RD C:\Program Files (x86)\Online Services
2016-12-06 14:30 - 2014-08-08 06:43 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-12-06 14:29 - 2016-11-08 08:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-06 14:29 - 2016-10-31 10:18 - 00000000 ____D C:\Program Files (x86)\Wise
2016-12-06 14:29 - 2016-07-15 15:37 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-12-06 14:29 - 2015-11-19 10:13 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-06 14:29 - 2015-05-22 09:21 - 00000000 ____D C:\Program Files (x86)\MySQL
2016-12-06 14:29 - 2015-02-24 15:24 - 00000000 ____D C:\Program Files (x86)\WebSundew 4 SE
2016-12-06 14:29 - 2015-01-26 11:30 - 00000000 ____D C:\Program Files (x86)\Web Content Extractor
2016-12-06 14:29 - 2014-11-11 11:12 - 00000000 ____D C:\Program Files (x86)\HP
2016-12-06 14:29 - 2014-11-03 15:47 - 00000000 ____D C:\Program Files (x86)\NetBeans 8.0.1
2016-12-06 14:29 - 2014-11-03 13:15 - 00000000 ____D C:\Program Files (x86)\Java
2016-12-06 14:29 - 2014-10-08 13:49 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-12-06 14:29 - 2014-10-08 13:41 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-06 14:29 - 2014-08-08 06:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-06 14:29 - 2014-08-08 06:39 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-12-06 14:29 - 2014-08-08 06:39 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-12-06 14:29 - 2014-08-08 06:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-06 14:29 - 2014-08-08 06:36 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-12-06 14:29 - 2014-08-08 06:31 - 00000000 ____D C:\Program Files (x86)\Intel
2016-12-06 14:29 - 2013-12-03 21:25 - 00000000 ____D C:\Program Files (x86)\Microsoft.NET
2016-12-06 14:29 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-12-06 14:29 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-12-06 14:29 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-12-06 14:29 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Media Player
2016-12-06 14:29 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-12-06 14:29 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-12-06 14:29 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-12-06 14:29 - 2009-07-14 05:57 - 00000000 ___HD C:\Program Files (x86)\Uninstall Information
2016-12-06 14:29 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-12-06 14:29 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)\Windows Mail
2016-12-05 10:19 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\config\RegBack
2016-12-05 08:59 - 2016-12-02 09:37 - 00000000 ____D C:\Users\Ekospol\Documents\seznam 2017

==================== Files in the root of some directories =======

2015-09-16 09:16 - 2017-01-03 08:35 - 0000600 _____ () C:\Users\Ekospol\AppData\Roaming\winscp.rnd
2015-01-26 14:40 - 2015-01-26 14:40 - 0000308 _____ () C:\Users\Ekospol\AppData\Local\gl.tmp
2014-11-21 15:53 - 2014-11-21 15:53 - 0002103 _____ () C:\Users\Ekospol\AppData\Local\recently-used.xbel
2015-01-26 15:01 - 2015-01-26 15:08 - 0000048 ____H () C:\Users\Ekospol\AppData\Local\vwr_lic.dat
2014-11-21 13:08 - 2014-11-21 13:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-08-08 06:38 - 2014-08-08 06:39 - 8864708 _____ () C:\ProgramData\hpcsmmsilogs.log
2014-08-08 06:46 - 2014-08-08 06:46 - 1278752 _____ () C:\ProgramData\hpdam_install_log.txt
2014-08-08 06:46 - 2014-08-08 06:46 - 0544474 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt

Files to move or delete:
====================
C:\windows\TEMP\gD52B.tmp.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-05 10:18

==================== End of FRST.txt ============================